关于shiro刷新最后一次请求时间来控制session超时

最新推荐文章于 2023-06-02 11:33:29 发布
最新推荐文章于 2023-06-02 11:33:29 发布
阅读量6k 收藏 9
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_32157851/article/details/84989795
版权

现在我的心情是激动的,昨天还以为必须要改源码才能解决自己的这个需求,没想到今天来了又继续疏理shiro关于session的刷新和shiro框架的实现,总感觉继承shiro中的类可以实现这个问题,但是具体怎么实现还是一头雾水,但是最终还是解决了,来,现在再疏理一下关于session的刷新。

1、session的创建在用户登录的时候查创建成功,然后可以通过 SessionDao 这个类获取到关于session的一些信息,比如:session的  session.getLastAccessTime()最后一次刷新时间,session的 超时时间session.getTimeout()(这里的这个超时时间是静默多长时间session自动失效),还有sessionId  session.getId(),

2、session的失效时间是通过  session.getLastAccessTime()这个去判断的,也就是通过session的最后一次刷新时间去判断,而session最后一次操作时间是由shiro框架自动去刷新,调用的是touch()方法,而具体的实现是通过这个AbstractShiroFilter类实现的,而这类实现是继承自OncePerRequestFilter 这个类,实现了其中的  doFilterInternal  这个方法实现的,而AbstractShiroFilter 类是通过ShiroFilterFactoryBean  中的一个内部类SpringShiroFilter 这个类的构造方法来调用。  而ShiroFilterFactoryBean这各类又是通过DelegatingFilterProxy  代理来调用,这个DelegatingFilterProxy 代理最后注册到FilterRegistrationBean  这个类中,实现了shiro的功能。

3、解决思路,由于之前项目中已经有了代理类代理咱的shiroFilter  过滤器。代码如下:

​

@Bean
	public FilterRegistrationBean delegatingFilterProxy(){
	    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
	    DelegatingFilterProxy proxy = new DelegatingFilterProxy();
	    proxy.setTargetFilterLifecycle(true);
	    proxy.setTargetBeanName("shiroFilter");//这里代理了shiroFilter
	    filterRegistrationBean.setFilter(proxy);
	    return filterRegistrationBean;
	}

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
      ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();//这里还是原来的类ShiroFilterFactoryBean,后面将会改写
 
        
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 拦截器
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/**", "anon");
        //filterChainDefinitionMap.put("/system/submitLogin", "anon");
        //filterChainDefinitionMap.put("/**", "authc");
        //配置退出过滤器,其中的具体代码Shiro已经替我们实现了
        //filterChainDefinitionMap.put("/logout", "logout");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        /*
         * 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
         * shiroFilterFactoryBean.setLoginUrl("/login");
         * shiroFilterFactoryBean.setSuccessUrl("/index");
         * shiroFilterFactoryBean.setUnauthorizedUrl("/403");
         */

        //Map<String, Filter> filters = new LinkedHashMap<>();
        //filters.put("authc" , new CustomAuthenticationFilter());
        //shiroFilterFactoryBean.setFilters(filters);
        return shiroFilterFactoryBean;

    }

[点击并拖拽以移动]
​

4、现在新建两个类来是实现之前shiro框架中 相当于 ShiroFilterFactoryBean 和  AbstractShiroFilter 这个类的功能,

package com.qzt.config.shiro.filter;

import java.util.LinkedHashMap;
import java.util.Map;

import javax.servlet.Filter;

import org.apache.shiro.config.Ini;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.Nameable;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.config.IniFilterChainResolverFactory;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;
import org.apache.shiro.web.filter.mgt.FilterChainManager;
import org.apache.shiro.web.filter.mgt.FilterChainResolver;
import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.servlet.AbstractShiroFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.config.BeanPostProcessor;

public class ExtendShiroFilterFactoryBean implements FactoryBean, BeanPostProcessor {

    private static transient final Logger log = LoggerFactory.getLogger(ShiroFilterFactoryBean.class);

    private SecurityManager securityManager;

    private Map<String, Filter> filters;

    private Map<String, String> filterChainDefinitionMap; //urlPathExpression_to_comma-delimited-filter-chain-definition

    private String loginUrl;
    private String successUrl;
    private String unauthorizedUrl;

    private ExtendAbstractShiroFilter instance;

    public ExtendShiroFilterFactoryBean() {
        this.filters = new LinkedHashMap<String, Filter>();
        this.filterChainDefinitionMap = new LinkedHashMap<String, String>(); //order matters!
    }

    public SecurityManager getSecurityManager() {
        return securityManager;
    }

    public void setSecurityManager(SecurityManager securityManager) {
        this.securityManager = securityManager;
    }

    public String getLoginUrl() {
        return loginUrl;
    }

    public void setLoginUrl(String loginUrl) {
        this.loginUrl = loginUrl;
    }

    public String getSuccessUrl() {
        return successUrl;
    }

    public void setSuccessUrl(String successUrl) {
        this.successUrl = successUrl;
    }

    public String getUnauthorizedUrl() {
        return unauthorizedUrl;
    }

    public void setUnauthorizedUrl(String unauthorizedUrl) {
        this.unauthorizedUrl = unauthorizedUrl;
    }

    public Map<String, Filter> getFilters() {
        return filters;
    }

    public void setFilters(Map<String, Filter> filters) {
        this.filters = filters;
    }
    public Map<String, String> getFilterChainDefinitionMap() {
        return filterChainDefinitionMap;
    }

    public void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) {
        this.filterChainDefinitionMap = filterChainDefinitionMap;
    }

    public void setFilterChainDefinitions(String definitions) {
        Ini ini = new Ini();
        ini.load(definitions);
        Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS);
        if (CollectionUtils.isEmpty(section)) {
            section = ini.getSection(Ini.DEFAULT_SECTION_NAME);
        }
        setFilterChainDefinitionMap(section);
    }

    public Object getObject() throws Exception {
        if (instance == null) {
            instance = createInstance();
        }
        return instance;
    }

    public Class getObjectType() {
        return SpringShiroFilter.class;
    }
    public boolean isSingleton() {
        return true;
    }

    protected FilterChainManager createFilterChainManager() {

        DefaultFilterChainManager manager = new DefaultFilterChainManager();
        Map<String, Filter> defaultFilters = manager.getFilters();
        for (Filter filter : defaultFilters.values()) {
            applyGlobalPropertiesIfNecessary(filter);
        }

        Map<String, Filter> filters = getFilters();
        if (!CollectionUtils.isEmpty(filters)) {
            for (Map.Entry<String, Filter> entry : filters.entrySet()) {
                String name = entry.getKey();
                Filter filter = entry.getValue();
                applyGlobalPropertiesIfNecessary(filter);
                if (filter instanceof Nameable) {
                    ((Nameable) filter).setName(name);
                }
                manager.addFilter(name, filter, false);
            }
        }

        //build up the chains:
        Map<String, String> chains = getFilterChainDefinitionMap();
        if (!CollectionUtils.isEmpty(chains)) {
            for (Map.Entry<String, String> entry : chains.entrySet()) {
                String url = entry.getKey();
                String chainDefinition = entry.getValue();
                manager.createChain(url, chainDefinition);
            }
        }

        return manager;
    }
    protected ExtendAbstractShiroFilter createInstance() throws Exception {

        log.debug("Creating Shiro Filter instance.");

        SecurityManager securityManager = getSecurityManager();
        if (securityManager == null) {
            String msg = "SecurityManager property must be set.";
            throw new BeanInitializationException(msg);
        }

        if (!(securityManager instanceof WebSecurityManager)) {
            String msg = "The security manager does not implement the WebSecurityManager interface.";
            throw new BeanInitializationException(msg);
        }

        FilterChainManager manager = createFilterChainManager();

        PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
        chainResolver.setFilterChainManager(manager);

        return new SpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
    }

    private void applyLoginUrlIfNecessary(Filter filter) {
        String loginUrl = getLoginUrl();
        if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) {
            AccessControlFilter acFilter = (AccessControlFilter) filter;
            //only apply the login url if they haven't explicitly configured one already:
            String existingLoginUrl = acFilter.getLoginUrl();
            if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) {
                acFilter.setLoginUrl(loginUrl);
            }
        }
    }

    private void applySuccessUrlIfNecessary(Filter filter) {
        String successUrl = getSuccessUrl();
        if (StringUtils.hasText(successUrl) && (filter instanceof AuthenticationFilter)) {
            AuthenticationFilter authcFilter = (AuthenticationFilter) filter;
            //only apply the successUrl if they haven't explicitly configured one already:
            String existingSuccessUrl = authcFilter.getSuccessUrl();
            if (AuthenticationFilter.DEFAULT_SUCCESS_URL.equals(existingSuccessUrl)) {
                authcFilter.setSuccessUrl(successUrl);
            }
        }
    }

    private void applyUnauthorizedUrlIfNecessary(Filter filter) {
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) {
            AuthorizationFilter authzFilter = (AuthorizationFilter) filter;
            //only apply the unauthorizedUrl if they haven't explicitly configured one already:
            String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl();
            if (existingUnauthorizedUrl == null) {
                authzFilter.setUnauthorizedUrl(unauthorizedUrl);
            }
        }
    }

    private void applyGlobalPropertiesIfNecessary(Filter filter) {
        applyLoginUrlIfNecessary(filter);
        applySuccessUrlIfNecessary(filter);
        applyUnauthorizedUrlIfNecessary(filter);
    }

    public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
        if (bean instanceof Filter) {
            log.debug("Found filter chain candidate filter '{}'", beanName);
            Filter filter = (Filter) bean;
            applyGlobalPropertiesIfNecessary(filter);
            getFilters().put(beanName, filter);
        } else {
            log.trace("Ignoring non-Filter bean '{}'", beanName);
        }
        return bean;
    }
    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
        return bean;
    }

    private static final class SpringShiroFilter extends ExtendAbstractShiroFilter {

        protected SpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
            super();
            if (webSecurityManager == null) {
                throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
            }
            setSecurityManager(webSecurityManager);
            if (resolver != null) {
                setFilterChainResolver(resolver);
            }
        }
    }
}

 

package com.qzt.config.shiro.filter;

import java.io.IOException;
import java.util.concurrent.Callable;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.ExecutionException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.mgt.FilterChainResolver;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.servlet.AbstractShiroFilter;
import org.apache.shiro.web.servlet.OncePerRequestFilter;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.servlet.ShiroHttpServletResponse;
import org.apache.shiro.web.subject.WebSubject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class ExtendAbstractShiroFilter extends OncePerRequestFilter {

    private static final Logger log = LoggerFactory.getLogger(AbstractShiroFilter.class);

    private static final String STATIC_INIT_PARAM_NAME = "staticSecurityManagerEnabled";

    private WebSecurityManager securityManager;

    private FilterChainResolver filterChainResolver;
    private boolean staticSecurityManagerEnabled;

    protected ExtendAbstractShiroFilter() {
        this.staticSecurityManagerEnabled = false;
    }

    public WebSecurityManager getSecurityManager() {
        return securityManager;
    }

    public void setSecurityManager(WebSecurityManager sm) {
        this.securityManager = sm;
    }

    public FilterChainResolver getFilterChainResolver() {
        return filterChainResolver;
    }

    public void setFilterChainResolver(FilterChainResolver filterChainResolver) {
        this.filterChainResolver = filterChainResolver;
    }

   
    public boolean isStaticSecurityManagerEnabled() {
        return staticSecurityManagerEnabled;
    }

   
    public void setStaticSecurityManagerEnabled(boolean staticSecurityManagerEnabled) {
        this.staticSecurityManagerEnabled = staticSecurityManagerEnabled;
    }

    protected final void onFilterConfigSet() throws Exception {
        applyStaticSecurityManagerEnabledConfig();
        init();
        ensureSecurityManager();
        if (isStaticSecurityManagerEnabled()) {
            SecurityUtils.setSecurityManager(getSecurityManager());
        }
    }

   
    private void applyStaticSecurityManagerEnabledConfig() {
        String value = getInitParam(STATIC_INIT_PARAM_NAME);
        if (value != null) {
            Boolean b = Boolean.valueOf(value);
            if (b != null) {
                setStaticSecurityManagerEnabled(b);
            }
        }
    }

    public void init() throws Exception {
    }

    
    private void ensureSecurityManager() {
        WebSecurityManager securityManager = getSecurityManager();
        if (securityManager == null) {
            log.info("No SecurityManager configured.  Creating default.");
            securityManager = createDefaultSecurityManager();
            setSecurityManager(securityManager);
        }
    }

    protected WebSecurityManager createDefaultSecurityManager() {
        return new DefaultWebSecurityManager();
    }

    protected boolean isHttpSessions() {
        return getSecurityManager().isHttpSessionMode();
    }

    
    protected ServletRequest wrapServletRequest(HttpServletRequest orig) {
        return new ShiroHttpServletRequest(orig, getServletContext(), isHttpSessions());
    }

   
    @SuppressWarnings({"UnusedDeclaration"})
    protected ServletRequest prepareServletRequest(ServletRequest request, ServletResponse response, FilterChain chain) {
        ServletRequest toUse = request;
        if (request instanceof HttpServletRequest) {
            HttpServletRequest http = (HttpServletRequest) request;
            toUse = wrapServletRequest(http);
        }
        return toUse;
    }

    
    protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) {
        return new ShiroHttpServletResponse(orig, getServletContext(), request);
    }

   
    @SuppressWarnings({"UnusedDeclaration"})
    protected ServletResponse prepareServletResponse(ServletRequest request, ServletResponse response, FilterChain chain) {
        ServletResponse toUse = response;
        if (!isHttpSessions() && (request instanceof ShiroHttpServletRequest) &&
                (response instanceof HttpServletResponse)) {
            //the ShiroHttpServletResponse exists to support URL rewriting for session ids.  This is only needed if
            //using Shiro sessions (i.e. not simple HttpSession based sessions):
            toUse = wrapServletResponse((HttpServletResponse) response, (ShiroHttpServletRequest) request);
        }
        return toUse;
    }

   
    protected WebSubject createSubject(ServletRequest request, ServletResponse response) {
        return new WebSubject.Builder(getSecurityManager(), request, response).buildWebSubject();
    }

   
    @SuppressWarnings({"UnusedDeclaration"})
    protected void updateSessionLastAccessTime(ServletRequest request, ServletResponse response) {
    	 HttpServletRequest req = (HttpServletRequest) request;
//    	log.info("-------------------------------------uri------"+req.getRequestURI());
    	String requestURI = req.getRequestURI();
    	try {
			
    	if (requestURI.startsWith("/uri/uri")) {//  /uri/uri 这个就是前端定时请求的接口
			//当是这个接口的时候就不进行对session的最后操作时间进行刷新了
		}else{
        if (!isHttpSessions()) { //'native' sessions
            Subject subject = SecurityUtils.getSubject();
            if (subject != null) {
                Session session = subject.getSession(false);
                if (session != null) {
                    try {
                        session.touch();
                    } catch (Throwable t) {
                        log.error("session.touch() method invocation has failed.  Unable to update" +
                                "the corresponding session's last access time based on the incoming request.", t);
                    }
                }
            }
        }
		}
    	} catch (Exception e) {
			log.error("error", e);
		}
    }

  
    @SuppressWarnings({ "unchecked", "rawtypes" })
	protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)
            throws ServletException, IOException {

        Throwable t = null;

        try {
            final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
            final ServletResponse response = prepareServletResponse(request, servletResponse, chain);

            final Subject subject = createSubject(request, response);

            subject.execute(new Callable() {
                public Object call() throws Exception {
                    updateSessionLastAccessTime(request, response);
                    executeChain(request, response, chain);
                    return null;
                }
            });
        } catch (ExecutionException ex) {
            t = ex.getCause();
        } catch (Throwable throwable) {
            t = throwable;
        }

        if (t != null) {
            if (t instanceof ServletException) {
                throw (ServletException) t;
            }
            if (t instanceof IOException) {
                throw (IOException) t;
            }
            //otherwise it's not one of the two exceptions expected by the filter method signature - wrap it in one:
            String msg = "Filtered request failed.";
            throw new ServletException(msg, t);
        }
    }

   
    protected FilterChain getExecutionChain(ServletRequest request, ServletResponse response, FilterChain origChain) {
        FilterChain chain = origChain;

        FilterChainResolver resolver = getFilterChainResolver();
        if (resolver == null) {
            log.debug("No FilterChainResolver configured.  Returning original FilterChain.");
            return origChain;
        }

        FilterChain resolved = resolver.getChain(request, response, origChain);
        if (resolved != null) {
            log.trace("Resolved a configured FilterChain for the current request.");
            chain = resolved;
        } else {
            log.trace("No FilterChain configured for the current request.  Using the default.");
        }

        return chain;
    }

   
    protected void executeChain(ServletRequest request, ServletResponse response, FilterChain origChain)
            throws IOException, ServletException {
        FilterChain chain = getExecutionChain(request, response, origChain);
        chain.doFilter(request, response);
    }
}

 

5、上面的步骤完事以后需要将原来的shiroFilter进行改写,让使用我自己重新写的类,如下:

	@Bean
	public FilterRegistrationBean delegatingFilterProxy(){
	    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
	    DelegatingFilterProxy proxy = new DelegatingFilterProxy();
	    proxy.setTargetFilterLifecycle(true);
	    proxy.setTargetBeanName("shiroFilter");
	    filterRegistrationBean.setFilter(proxy);
	    return filterRegistrationBean;
	}

    @Bean("shiroFilter")
    public ExtendShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
//        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    	ExtendShiroFilterFactoryBean shiroFilterFactoryBean= new ExtendShiroFilterFactoryBean();
        
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 拦截器
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/**", "anon");
        //filterChainDefinitionMap.put("/system/submitLogin", "anon");
        //filterChainDefinitionMap.put("/**", "authc");
        //配置退出过滤器,其中的具体代码Shiro已经替我们实现了
        //filterChainDefinitionMap.put("/logout", "logout");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        /*
         * 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
         * shiroFilterFactoryBean.setLoginUrl("/login");
         * shiroFilterFactoryBean.setSuccessUrl("/index");
         * shiroFilterFactoryBean.setUnauthorizedUrl("/403");
         */

        //Map<String, Filter> filters = new LinkedHashMap<>();
        //filters.put("authc" , new CustomAuthenticationFilter());
        //shiroFilterFactoryBean.setFilters(filters);
        return shiroFilterFactoryBean;

    }

6、我的项目中要修改的时候下面这个类中的超时时间要注释掉

public class TokenManager {

	@Autowired
	private static SampleRealm realm;

	/**
	 * 获取当前登录的用户User对象
	 * @return
	 */
	public static User getToken(){
		User token = (User) SecurityUtils.getSubject().getPrincipal();
//		SecurityUtils.getSubject().getSession().setTimeout(300000);//这个一定要注释掉,不然影响超时其他地方超时时间的设置
		return token ;
	}

 

7、超时时间要修改sessionManager.setGlobalSessionTimeout(1200000);这个位置的,配置文件中的不管用

8、大功告成

 

注:自己做完的每个都要进行测试,完整测试,不然其实内部还存在好多的问题的,

要实现某一个类的功能,不是要继承这个类来实现,而是通过继承这个类所继承的类或者实现这个类所实现的接口来实现。

 

 

 

 

 

非衣鲲化
关注
  • 0
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
ehcache报错:session.touch() method invocation has failed.
pea378的博客
04-24 2962
背景:    项目采用了ehcache做session的缓存,后来更新过几次后,发现toamcat启动后就会报错,登录界面都无法展示。办法:    删掉tomcat/temp下的ehcache文件夹。...
1-Spring Boot使用Shiro
诗人不写诗
06-14 667
1、Shiro能做什么 shiro能做认证、授权、加密、会话管理、web集成、其他框架集成。 shiro不仅能用在web应用中,非web应用一样能使用。 shiro的认证、授权都是通过检验每个接口实现的,所以通过Filter来控制是最合理的,实际上Shiro也是通过建立Filter来实现的。 附录 a、Authentication Authentication is the process of identity verification– you are trying to ...
Shiro源码研究之ShiroFilterFactoryBean
热门推荐
夫礼者的专栏
12-12 1万+
公司终于决心搞一套完备的权限校验系统,借此机会本人举荐了Shiro,关于使用手册,开涛大神的文章已经足够详细了,所以我就不再班门弄斧。故转而研究下Shiro的内部实现;事业单位需求复杂,现在了解得深入一些,以后的应对也能相对从容很多。
Spring Boot整合shiro后导致@Cacheable、@Transactional等注解失效的问题
Fire_Sky_Ho的博客
02-11 377
一、问题描述 Springboot整合shiro前,service里的@Cacheable、@Transactional等注解都正常使用。 整合shiro之后,UserServiceImpl类里Cacheable、@Transactional等使用spring aop切入代理的注解失效 UserRealm代码如下: public class UserRealm extends Autho...
【Bug】session.touch() method invocation has failed. Unable to updatethe corresponding session's last
Abby_lxf的博客
07-30 3398
错误日志:2017-10-11 09:12:58,095 [http-bio-80-exec-11] ERROR [org.apache.shiro.web.servlet.AbstractShiroFilter] - session.touch() method invocation has failed. Unable to updatethe corresponding session's ...
spring boot整合redis实现shiro的分布式session共享的方法
08-28
// Session 超时时间,单位为毫秒 private long expireTime = 120000; @Autowired private RedisTemplate redisTemplate; public RedisSessionDao() { super(); } public RedisSessionDao(long ...
SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录
最新发布
06-19
SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录 SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录 SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录 ...
ssm+shiro+redis 登录控制及重试次数超过5次账号锁定一分钟
03-16
shiro+redis 实现登录控制及密码重试次数超过5次后账号锁定一分钟不能登录
关于Apache shiro实现一个账户同一时刻只有一个人登录(shiro 单点登录)
01-11
今天遇到一个项目问题,shiro如何实现一个账户同一时刻只有一session存在的问题,找了几篇文章,在这里就把核心的代码理了理,具体情况如下。 1.假设你使用了Apache shrio ,项目要求一个账户同一时刻只能有一个用户...
shiro基于redis实现分布式权限管理,在加入shiro的缓存管理后,项目报错
老照片
05-25 1241
shiro基于redis实现分布式权限管理,在加入shiro的缓存管理后,项目报错:session.touch() method invocation has failed. Unable to updatethe corresponding session's last access time based on the incoming request.
springboot整合shiro @Transactional事务注解不起作用问题解决
蹲在电饭煲上的猫
03-05 934
系统spring集成了shiro,配置shiroFilter: <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> </b...
Shiro关于session时间刷新规则重写,变更调用touch()逻辑,shiro可不刷新session
z362249834的博客
12-30 2336
Shiro关于session时间刷新规则重写 为了迎合代码需求,前端需要对后台做轮训请求,于是遇到一个问题:由于每次请求shiro会对session做LastAccessTime时间更新,则导致用户只要浏览器保持页面,session将永远无法失效,那关于30分钟失效时间在这种场景下就不再有意义,所以我们需要做是的指定接口请求时不再刷新session时间,保证用户静默时能在理论失效时间后自动登出系统。 实际需求 指定请求路径,依旧会过shiro鉴权、有效判断,但不会刷新当前session时间。 源码分析 首先
Shiro 中的 SessionDAO
易梦南蝶的博客
06-13 3611
SessionDAO是用于session持久化的,SessionManager只是负责session的管理,持久化的工作是由SessionDAO完成的。 SessionDAO的继承结构 SessionDAO 接口 SessionDAO接口是Shiro中所有SessionDAO的顶级接口,给出了从持久层(一般而言是关系型数据库)操作session的标准。方法如下: Serializabl...
shiro 拦截未登录的ajax_Shiro是如何拦截未登录请求的(一)
weixin_39625429的博客
12-19 1146
问题描述之前在公司搭项目平台的时候权限框架采用的是shiro,由于系统主要面向的是APP端的用户,PC端仅仅是公司内部人员在使用,而且考虑到系统的可用性和扩展性,服务端首先基于shiro做了一些改造以支持多数据源认证和分布式会话(关于分布式session可查看{% post_link SpringBoot集成Shiro实现多数据源认证授权与分布式会话(一)%}).我们知道在web环境下http是一...
redis和shiro 登录session用户信息更新不成功解决方法和切面配置实例
qq_23490959的博客
06-08 983
redis和shiro session更新问题,和切面配置实例
Shiro学习(10)Session管理
m0_67403073的博客
08-24 2609
但是如在web环境中,如果用户不主动退出是不知道会话是否过期的,因此需要定期的检测会话是否过期,Shiro提供了会话验证调度器SessionValidationScheduler来做这件事情。Shiro提供了完整的企业级会话管理功能,不依赖于底层容器(如web容器tomcat),不管JavaSE还是JavaEE环境都可以使用,提供了会话管理、会话事件监听、会话存储/持久化、容器无关的集群、失效/过期支持、对Web的透明支持、SSO单点登录的支持等特性。更新会话最后访问时间及销毁会话;
shiroshiro整合JWT——4.JWT Token刷新/续签
kevin的博客
06-02 2843
之前在写shiro整合JWT的时候,在ShiroRealm中有写到token的刷新;但后来看了很多别人的项目demo和博客发现之前的写法不太合适。这里参考之前看过的各个项目与博客,延续这之前shiro整合JWT内容的做了一波缝合怪。主要对之前的ShiroRealm,JwtUtil,JwtFilter类进行修改。ps:本文主要以记录核心思路为主。
springmvc整合shiro报错
weixin_33898876的博客
04-05 85
Explicitly updates the {@link #getLastAccessTime() lastAccessTime} of this session to the current time when this method is invoked. This method can be used t...
Shiro源码剖析——Subject的创建与获取(一次完整的请求执行流程)
qq_25046827的博客
05-02 3152
文章目录一、AbstractShiroFilter二、createSubject(request, response)1、new Builder(this.getSecurityManager(), request, response)2、buildWebSubject()1)this.copy(SubjectContext subjectContext)2)this.ensureSecurityManager(context)3)this.resolveSession(context)4)this.res
springboot shiro框架session会话超时
05-12
在使用 Spring Boot 和 Shiro 框架的时候,如果用户长时间不进行操作,会话就会超时。可以通过以下方式来解决会话超时的问题: 1. 设置会话超时时间 可以通过在 shiro.ini 或者 shiro.yml 配置文件中设置超时时间,例如: ``` sessionManager.globalSessionTimeout = 1800000 ``` 这里设置了会话超时时间为 1800000 毫秒,即 30 分钟。 2. 使用 keep-alive 机制 可以在前端页面使用 keep-alive 机制,保持与后端的连接,防止会话超时。例如,在 Vue.js 中可以使用 keep-alive 组件: ``` <keep-alive> <router-view></router-view> </keep-alive> ``` 3. 在会话超时时进行跳转 可以在 Shiro 的配置文件中设置会话超时时的跳转页面,例如: ``` sessionManager.globalSessionTimeout = 1800000 securityManager.sessionManager = $sessionManager securityManager.sessionManager.sessionIdUrlRewritingEnabled = false securityManager.sessionManager.sessionValidationSchedulerEnabled = true securityManager.sessionManager.sessionValidationInterval = 1800000 securityManager.sessionManager.deleteInvalidSessions = true securityManager.sessionManager.sessionIdCookieEnabled = true securityManager.sessionManager.sessionIdCookie.name = JSESSIONID securityManager.sessionManager.sessionIdCookie.path = / securityManager.sessionManager.sessionIdCookie.httpOnly = true securityManager.sessionManager.sessionIdCookie.maxAge = -1 securityManager.sessionManager.sessionIdCookie.domain = securityManager.sessionManager.sessionIdCookie.sameSite = null securityManager.sessionManager.sessionValidationScheduler.interval = 1800000 shiro.filter.loginUrl = /login shiro.filter.successUrl = /index shiro.filter.unauthorizedUrl = /unauthorized securityManager.realms = $jdbcRealm ``` 在配置文件中设置 unauthorizedUrl 属性,用于在会话超时时进行跳转。 以上是解决 Spring Boot 和 Shiro 框架会话超时问题的几种方法,希望能够帮到你。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值