• Shiro + SSM(框架) + Freemarker(jsp)讲解的权限控制Demo,还不赶快去下载?

    Shiro + SSM(框架) + Freemarker(jsp)讲解的权限控制Demo,还不赶快去下载?

    【转】http://www.sojson.com/blog/137.html

    Shiro  我们通过重写AbstractSessionDAO ,来实现 Session  共享。再重写 Session  的时候(其实也不算重写),因为和HttpSession 没有任何实现或者继承关系。

    首先 Shiro   Session  配置讲解。

    Session  的每个回话的ID 生成器,我们用JavaUuidSessionIdGenerator (UUID 规则)。

     
    1. <!-- 会话Session ID生成器 -->
    2. <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>

    Session  的创建、获取、删除

     
    1. <!-- session 创建、删除、查询 -->
    2. <bean id="jedisShiroSessionRepository" class="com.sojson.core.shiro.cache.JedisShiroSessionRepository" >
    3. <property name="jedisManager" ref="jedisManager"/>
    4. </bean>

    Session  的监听生命周期

     
    1. <!-- custom shiro session listener -->
    2. <bean id="customShiroSessionDAO" class="com.sojson.core.shiro.CustomShiroSessionDAO">
    3. <property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
    4. <property name="sessionIdGenerator" ref="sessionIdGenerator"/>
    5. </bean>

    Session  定时管理器(有效期)

     
    1. <!-- 会话验证调度器 -->
    2. <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
    3. <property name="interval" value="${session.validate.timespan}"/><!--检测时间间距,默认是60分钟-->
    4. <property name="sessionManager" ref="sessionManager"/>
    5. </bean>

    Session   cookie  模版配置

     
    1. <!-- 会话Cookie模板 -->
    2. <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
    3. <!--cookie的name,我故意取名叫xxxxbaidu -->
    4. <constructor-arg value="v_v-s-baidu"/>
    5. <property name="httpOnly" value="true"/>
    6. <!--cookie的有效时间 -->
    7. <property name="maxAge" value="-1"/>
    8. <!-- 配置存储Session Cookie的domain为 一级域名 -->
    9. <property name="domain" value=".itboy.net"/>
    10. </bean>

    Session  Manager 配置

     
    1. <!-- Session Manager -->
    2. <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    3. <!-- 相隔多久检查一次session的有效性 -->
    4. <property name="sessionValidationInterval" value="1800000"/>
    5. <!-- session 有效时间为半小时 (毫秒单位)-->
    6. <property name="globalSessionTimeout" value="1800000"/>
    7. <property name="sessionDAO" ref="customShiroSessionDAO"/>
    8. <!-- session 监听,可以多个。 -->
    9. <property name="sessionListeners">
    10. <list>
    11. <ref bean="customSessionListener"/>
    12. </list>
    13. </property>
    14. <!-- 间隔多少时间检查,不配置是60分钟 -->
    15. <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
    16. <!-- 是否开启 检测,默认开启 -->
    17. <property name="sessionValidationSchedulerEnabled" value="true"/>
    18. <!-- 是否删除无效的,默认也是开启 -->
    19. <property name="deleteInvalidSessions" value="true"/>
    20. <!-- 会话Cookie模板 -->
    21. <property name="sessionIdCookie" ref="sessionIdCookie"/>
    22. </bean>

    Session  的创建、删除、查询 ,ShiroSessionRepository 接口定义。

     
    1. package com.sojson.core.shiro.session;
    3. import org.apache.shiro.session.Session;
    5. import java.io.Serializable;
    6. import java.util.Collection;
    8. /**
    9. * custom shiro session manager interface
    10. *
    11. * @author zhoubaicheng
    12. */
    13. public interface ShiroSessionRepository {
    15. /**
    16. * 存储Session
    17. * @param session
    18. */
    19. void saveSession(Session session);
    20. /**
    21. * 删除session
    22. * @param sessionId
    23. */
    24. void deleteSession(Serializable sessionId);
    25. /**
    26. * 获取session
    27. * @param sessionId
    28. * @return
    29. */
    30. Session getSession(Serializable sessionId);
    31. /**
    32. * 获取所有sessoin
    33. * @return
    34. */
    35. Collection<Session> getAllSessions();
    36. }

    Session  的创建、删除、查询实现。com.sojson.core.shiro.cache.JedisShiroSessionRepository 

     
    1. package com.sojson.core.shiro.cache;
    3. import java.io.Serializable;
    4. import java.util.Collection;
    6. import org.apache.log4j.Logger;
    7. import org.apache.shiro.session.Session;
    9. import com.sojson.common.utils.SerializeUtil;
    10. import com.sojson.core.shiro.session.ShiroSessionRepository;
    11. /**
    12. * Session 管理
    13. * @author sojson.com
    14. *
    15. */
    16. @SuppressWarnings("unchecked")
    17. public class JedisShiroSessionRepository implements ShiroSessionRepository {
    18. private static Logger logger = Logger.getLogger(JedisShiroSessionRepository.class);
    19. public static final String REDIS_SHIRO_SESSION = "sojson-shiro-session:";
    20. //这里有个小BUG,因为Redis使用序列化后,Key反序列化回来发现前面有一段乱码,解决的办法是存储缓存不序列化
    21. public static final String REDIS_SHIRO_ALL = "*sojson-shiro-session:*";
    22. private static final int SESSION_VAL_TIME_SPAN = 18000;
    23. private static final int DB_INDEX = 1;
    25. private JedisManager jedisManager;
    27. @Override
    28. public void saveSession(Session session) {
    29. if (session == null || session.getId() == null)
    30. throw new NullPointerException("session is empty");
    31. try {
    32. byte[] key = SerializeUtil.serialize(buildRedisSessionKey(session.getId()));
    33. byte[] value = SerializeUtil.serialize(session);
    34. long sessionTimeOut = session.getTimeout() / 1000;
    35. Long expireTime = sessionTimeOut + SESSION_VAL_TIME_SPAN + (5 * 60);
    36. getJedisManager().saveValueByKey(DB_INDEX, key, value, expireTime.intValue());
    37. } catch (Exception e) {
    38. e.printStackTrace();
    39. System.out.println("save session error");
    40. }
    41. }
    43. @Override
    44. public void deleteSession(Serializable id) {
    45. if (id == null) {
    46. throw new NullPointerException("session id is empty");
    47. }
    48. try {
    49. getJedisManager().deleteByKey(DB_INDEX,
    50. SerializeUtil.serialize(buildRedisSessionKey(id)));
    51. } catch (Exception e) {
    52. e.printStackTrace();
    53. System.out.println("delete session error");
    54. }
    55. }
    58. @Override
    59. public Session getSession(Serializable id) {
    60. if (id == null)
    61. throw new NullPointerException("session id is empty");
    62. Session session = null;
    63. try {
    64. byte[] value = getJedisManager().getValueByKey(DB_INDEX, SerializeUtil
    65. .serialize(buildRedisSessionKey(id)));
    66. session = SerializeUtil.deserialize(value, Session.class);
    67. } catch (Exception e) {
    68. e.printStackTrace();
    69. System.out.println("get session error");
    70. }
    71. return session;
    72. }
    74. @Override
    75. public Collection<Session> getAllSessions() {
    76. Collection<Session> sessions = null;
    77. try {
    78. sessions = getJedisManager().AllSession(DB_INDEX,REDIS_SHIRO_SESSION);
    79. } catch (Exception e) {
    80. logger.error("获取全部session异常");
    81. e.printStackTrace();
    82. }
    84. return sessions;
    85. }
    87. private String buildRedisSessionKey(Serializable sessionId) {
    88. return REDIS_SHIRO_SESSION + sessionId;
    89. }
    91. public JedisManager getJedisManager() {
    92. return jedisManager;
    93. }
    95. public void setJedisManager(JedisManager jedisManager) {
    96. this.jedisManager = jedisManager;
    97. }
    98. }

    CustomShiroSessionDAO的继承实现

     
    1. package com.sojson.core.shiro;
    3. import java.io.Serializable;
    4. import java.util.Collection;
    6. import org.apache.log4j.Logger;
    7. import org.apache.shiro.session.Session;
    8. import org.apache.shiro.session.UnknownSessionException;
    9. import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
    11. import com.sojson.core.shiro.session.ShiroSessionRepository;
    13. public class CustomShiroSessionDAO extends AbstractSessionDAO{
    15. private static Logger logger = Logger.getLogger(CustomShiroSessionDAO.class);
    17. private ShiroSessionRepository shiroSessionRepository;
    19. public ShiroSessionRepository getShiroSessionRepository() {
    20. return shiroSessionRepository;
    21. }
    23. public void setShiroSessionRepository(
    24. ShiroSessionRepository shiroSessionRepository) {
    25. this.shiroSessionRepository = shiroSessionRepository;
    26. }
    28. @Override
    29. public void update(Session session) throws UnknownSessionException {
    30. getShiroSessionRepository().saveSession(session);
    31. }
    33. @Override
    34. public void delete(Session session) {
    35. if (session == null) {
    36. logger.error(
    37. "session can not be null,delete failed");
    38. return;
    39. }
    40. Serializable id = session.getId();
    41. if (id != null)
    42. getShiroSessionRepository().deleteSession(id);
    43. }
    45. @Override
    46. public Collection<Session> getActiveSessions() {
    47. return getShiroSessionRepository().getAllSessions();
    48. }
    50. @Override
    51. protected Serializable doCreate(Session session) {
    52. Serializable sessionId = this.generateSessionId(session);
    53. this.assignSessionId(session, sessionId);
    54. getShiroSessionRepository().saveSession(session);
    55. return sessionId;
    56. }
    58. @Override
    59. protected Session doReadSession(Serializable sessionId) {
    60. return getShiroSessionRepository().getSession(sessionId);
    61. } }

    这样基本就OK了, Redis  配置请看前面的博客。因为我们是使用同一个 Redis  ,所以 Session  是共享的。
  • 相关阅读:
    mySQL教程 第1章 数据库设计
    数学符号大全
    C# 正则表达式 判断各种字符串(如手机号)
    C# 面向对象编程
    博客园 网址
    优化正则表达式的诀窍
    hdu 1596 floyd
    poj3259,简单判断有无负环,spfa
    hdu 1496 hash
    hdu 1429 bfs+二进制状态压缩
  • 原文地址:https://www.cnblogs.com/banye/p/7009574.html
Copyright © 2020-2023  润新知