• shiro 退出 清除缓存


    shiro是一个被广泛使用的安全层框架,通过xml配置方式与spring无缝对接,用户的登陆/退出/权限控制/Cookie等管理系统基础功能交给shiro来管理。

      一般,在JavaWEB管理平台系统时,用户退出系统之前没需要清除用户数据和关闭连接,防止垃圾数据堆积,shiro提供了LogoutFilter过滤器,我们可以通过LogoutFilter的preHandle方法,实现清除缓存功能。

    页面代码:

    <div class="item" style="float:right;cursor:pointer;">
         <@shiro.guest>
              <a href="${base}/u/zhuti/ztzx"><span style="font-weight:bold">登录</span>&nbsp;&nbsp;&nbsp;&nbsp;|</a>
         </@shiro.guest>
         <@shiro.user>
              <a href="${base}/b/logout">退出</a>
         </@shiro.user>
    </div>

    shiro配置文件:applicationContext-shiro.xml

    先贴出整个配置文件:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jee="http://www.springframework.org/schema/jee"
        xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="http://www.springframework.org/schema/beans 
                                http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
                                http://www.springframework.org/schema/jee 
                                http://www.springframework.org/schema/jee/spring-jee-4.0.xsd 
                                http://www.springframework.org/schema/context 
                                http://www.springframework.org/schema/context/spring-context-4.0.xsd
                                http://www.springframework.org/schema/aop
                                http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
                                http://www.springframework.org/schema/tx
                                http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">
    
    
        <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
            <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />
        </bean>
    
        <!-- <bean id="myRealm" class="cn.com.zhulong.app.security.shiro.MyRealm" /> -->
        
        <!-- <bean id="casRealm" class="org.apache.shiro.cas.CasRealm">  -->
        <bean id="casRealm" class="cn.com.zhulong.app.security.shiro.MyCasRealm">   
        </bean>
    
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <!-- <property name="sessionMode" value="native"/> -->
            <property name="realm" ref="casRealm" />
            <property name="cacheManager" ref="shiroCacheManager" />
            <property name="sessionManager" ref="sessionManager"/>
            <property name="subjectFactory" ref="casSubjectFactory" />
        </bean>
        
        <!-- 如果要实现cas的remember me的功能,需要用到下面这个bean,并设置到securityManager的subjectFactory中 -->  
        <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>
        
        <!-- 单点登录配置 -->
        <!-- <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> -->
        <bean id="casFilter" class="cn.com.zhulong.app.security.shiro.CasFilter">
            <!--配置验证错误时的失败页面(Ticket 校验不通过时展示的错误页面) -->
            <property name="failureUrl" value="/error" />
        </bean>
    
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <!-- <bean id="shiroFilter" class="cn.com.zhulong.app.security.shiro.MyShiroFilterFactoryBean"> -->
            <property name="securityManager" ref="securityManager" />
            
            <!--没有单点登录下的配置:没有权限或者失败后跳转的页面 -->
            <property name="loginUrl" value="/login" />
            <!--有单点登录的配置:登录 CAS 服务端地址,参数 service 为服务端的返回地址 --> 
            <!-- <property name="loginUrl" value="${cas.shiro.loginUrl}" /> -->
            
            <property name="successUrl" value="/" />
            
            <property name="unauthorizedUrl" value="/unauthorized" />
            <property name="filters">
                <map>
                    <entry key="casFilter" value-ref="casFilter"></entry>
                    <entry key="myperms">
                        <bean class="cn.com.zhulong.common.web.shiro.MyPermissionsAuthorizationFilter">
                        </bean>
                    </entry>
                    <entry key="touSuAuthc">
                        <bean class="cn.com.zhulong.app.security.shiro.TouSuFormAuthenticationFilter">
                        </bean>
                    </entry>
                    <!--退出过滤器-->
                    <entry key="logout" value-ref="logoutFilter" />
                </map>
            </property>
            <!-- 先注释掉,先不要权限判断,只要登陆验证就可以访问,测试方便 <property name="filterChainDefinitions">
                <value>
                    /logout=logoutFilter
                    /enum_js=anon
                    /admin/**=authc,myperms
                    /admin/**=authc
                    /admin/** = authc
                    
                    /jyzk/toZycdAdd**  = authc
                    /jyzk/zycdAdd**  = authc
                </value>
            </property> -->
            <property name="filterChainDefinitions">
                <value>
                    /authentication* = casFilter
                    /res/** = anon
                    /enum_js = anon
                     /b/logout = logout
                    /admin/** = authc
                    /u/zbxmts/** = touSuAuthc
                    /u/** = authc
                    /open/**  = authc
                    /jyzk/toZycdAdd**  = authc
                    /jyzk/zycdAdd**  = authc
                </value>
            </property>
        </bean>
    
    
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
    
        <!-- 会话ID生成器 -->
        <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
        
        <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
            <property name="redirectUrl" value="/login" />
        </bean>
        
        <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
            <property name="staticMethod"
                value="org.apache.shiro.SecurityUtils.setSecurityManager" />
            <property name="arguments" ref="securityManager" />
        </bean>
        
        <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
            <property name="globalSessionTimeout" value="1800000" />
            <property name="deleteInvalidSessions" value="true" />
            <property name="sessionValidationSchedulerEnabled" value="true" />
            <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
            <property name="sessionDAO" ref="sessionDAO" />
            <property name="sessionIdCookieEnabled" value="true" />
            <!-- <property name="sessionIdCookie.path" value="/365-mfgg-adminweb/" /> -->
        </bean>
    
        <!-- 会话验证调度器 -->
        <bean id="sessionValidationScheduler"
            class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
            <!-- 30分钟 单位为毫秒 -->
            <property name="interval" value="1800000" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
    
    
        <bean id="sessionDAO" class="cn.com.zhulong.common.web.shiro.dao.CustomShiroSessionDAO">
            <property name="shiroSessionRepository" ref="memcachedShiroSessionRepository" />
        </bean>
    
        <bean id="memcachedShiroSessionRepository" class="cn.com.zhulong.common.web.shiro.dao.MemcachedShiroSessionRepository" />
        
    </beans>

    首先页面点击退出时:拦截/b/logout找到对应logout:

    <property name="filterChainDefinitions">
                <value>
                    /authentication* = casFilter
                    /res/** = anon
                    /enum_js = anon
                     /b/logout = logout
                    /admin/** = authc
                    /u/zbxmts/** = touSuAuthc
                    /u/** = authc
                    /open/**  = authc
                    /jyzk/toZycdAdd**  = authc
                    /jyzk/zycdAdd**  = authc
                </value>
            </property>

    再根据logout找到对应退出过滤器:

    <property name="filters">
                <map>
                    <entry key="casFilter" value-ref="casFilter"></entry>
                    <entry key="myperms">
                        <bean class="cn.com.zhulong.common.web.shiro.MyPermissionsAuthorizationFilter">
                        </bean>
                    </entry>
                    <entry key="touSuAuthc">
                        <bean class="cn.com.zhulong.app.security.shiro.TouSuFormAuthenticationFilter">
                        </bean>
                    </entry>
                    <!--退出过滤器-->
                    <entry key="logout" value-ref="logoutFilter" />
                </map>
            </property>

    再根据logoutFilter找到此配置

     <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
            <property name="redirectUrl" value="/login" />
        </bean>

    此处先执行LogoutFilter的退出清空缓存操作,然后重定向,value为重定向的地址

  • 相关阅读:
    Erlang/OTP:基于Behaviour的回调函数
    使用ACE创建进程
    linux查看硬件信息
    测试~~
    很好的:纠错函数linux
    转帖
    sss
    转帖
    普通函数、虚函数、纯虚函数、
    ACE_Event_Handle
  • 原文地址:https://www.cnblogs.com/flytogalaxy/p/7736134.html
Copyright © 2020-2023  润新知