考研期间,再次抽点时间来搞点开发(其实上的课不想听又放不下之前弄了一半的东西,所以有点开小差了.....),哈哈。用一个小dmeo来学习shiro的权限分配管理,在学习其中的在线会话管理,要用到sesssion管理,结果跟着张凯涛的shiro教程学到这里后使用了自定义实现的缓存管理和session管理,碰到了这么个错误。
测试的时候一直是拿后台的登录页面进行测试。在最初请求该页面时,shirofilter会拦截到请求,将拦截到的request交给securityManager中的sessionManager来出来,为请求添加session会话,当然在sessionManager中所有有管session的增删改查都是交由sessionDao来处理的,所以首先怀疑到了sessionDao有问题。
使用自定义的sessionDao报错如下:
2018-05-14 18:39:45 -25802 [http-bio-8080-exec-142] DEBUG - Found 'JSESSIONID' cookie value [C2CCB39E36A18CB160E715E0EB2B81B6]
2018-05-14 18:39:45 -25825 [http-bio-8080-exec-142] DEBUG - doReadSession >>>>>> SessionId=C2CCB39E36A18CB160E715E0EB2B81B6
所以改为用shiro自带的EnterpriseCacheSessionManager结果,错误就比较明显了:
2018-05-14 18:38:42 -17883 [http-bio-8080-exec-140] DEBUG - Found 'JSESSIONID' cookie value [C2CCB39E36A18CB160E715E0EB2B81B6]
com.lu.upms.shiro.session.EnterpriseCacheSessionDAO.doReadSession()
2018-05-14 18:38:42 -17906 [http-bio-8080-exec-140] DEBUG - Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [C2CCB39E36A18CB160E715E0EB2B81B6]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:148)
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:140)
at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:156)
at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2018-05-14 18:38:42 -17923 [http-bio-8080-exec-140] DEBUG - DispatcherServlet with name 'springMVC' processing GET request for [/lucms/manager/login]
2018-05-14 18:38:42 -17924 [http-bio-8080-exec-140] DEBUG - Looking up handler method for path /manager/login
2018-05-14 18:38:42 -17927 [http-bio-8080-exec-140] DEBUG - Returning handler method [public java.lang.String com.lu.cms.controller.LoginController.login()]
2018-05-14 18:38:42 -17927 [http-bio-8080-exec-140] DEBUG - Returning cached instance of singleton bean 'loginController'
2018-05-14 18:38:42 -17928 [http-bio-8080-exec-140] DEBUG - Last-Modified value for [/lucms/manager/login] is: -1
2018-05-14 18:38:42 -17946 [http-bio-8080-exec-140] DEBUG - Invoking afterPropertiesSet() on bean with name '/manager/login'
2018-05-14 18:38:42 -17946 [http-bio-8080-exec-140] DEBUG - Rendering view [org.springframework.web.servlet.view.JstlView: name '/manager/login'; URL [/views//manager/login.jsp]] in DispatcherServlet with name 'springMVC'
2018-05-14 18:38:42 -17951 [http-bio-8080-exec-140] DEBUG - Forwarding to resource [/views//manager/login.jsp] in InternalResourceView '/manager/login'
2018-05-14 18:38:43 -18090 [http-bio-8080-exec-140] DEBUG - Creating new EIS record for new session instance [com.lu.upms.shiro.session.UpmsSession,id=null]
com.lu.upms.shiro.session.EnterpriseCacheSessionDAO.doCreate()
2018-05-14 18:38:43 -18091 [http-bio-8080-exec-140] ERROR - set cache shiro-demo-cache:b1be7c3c-d2ff-4d57-ac7b-a285d75ace61 error!
com.lu.upms.shiro.session.EnterpriseCacheSessionDAO.doUpdate()
2018-05-14 18:38:43 -18091 [http-bio-8080-exec-140] ERROR - set cache shiro-demo-cache:b1be7c3c-d2ff-4d57-ac7b-a285d75ace61 error!
2018-05-14 18:38:43 -18092 [http-bio-8080-exec-140] DEBUG - Added HttpServletResponse Cookie [JSESSIONID=b1be7c3c-d2ff-4d57-ac7b-a285d75ace61; Path=/lucms; HttpOnly]
2018-05-14 18:38:43 -18092 [http-bio-8080-exec-140] DEBUG - 会话创建:b1be7c3c-d2ff-4d57-ac7b-a285d75ace61
com.lu.upms.shiro.session.EnterpriseCacheSessionDAO.doReadSession()
2018-05-14 18:38:43 -18299 [http-bio-8080-exec-140] DEBUG - Successfully completed request
com.lu.upms.shiro.session.EnterpriseCacheSessionDAO.doReadSession()
看第二条报错信息就明白了,创建的session无效,根本就没有写入到redis里面,所以之后的对于sesisonId的查询也就是空的了。
解决:就是自定义一个不与容器冲突的SEESIONID
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="sessionDAO"/>
<property name="sessionIdCookieEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
<!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg name="name" value="ycyintang.session.id"/>
</bean>
...