使用shiro的时候,当我们使用remember me功能登录系统的时候,我们在用户登录自定义的session已经失效,这样就会影响系统正常运行;对于这种情况,我的解决方案是在shiro中自定义一个filter检测自定义的session是否失效,如果失效就读取数据加入到session中
shiro 配置文件:
<!-- 自定义加入filter,起在remember me session失效情况下刷新session作用 -->
<bean id="userSettingFilter" class="org.guess.security.filter.UserSetting" />
在shiroFilter中加入该filter:
<property name="filters">
<util:map>
<entry key="userSetting" value-ref="userSettingFilter"/>
</util:map>
</property>
filter类代码:
public class UserSetting extends AccessControlFilter {
@Autowired
private UserService userService;
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
Subject subject = getSubject(request, response);
if (subject == null) {
return false;
}
HttpSession session = ((HttpServletRequest)request).getSession();
User current_user = (User) session.getAttribute(Constants.CURRENT_USER);
Object recs = session.getAttribute(Constants.USER_MENUS);
//判断session是否失效,若失效刷新之
if(current_user == null || recs == null){
String username = (String) subject.getPrincipal();
User user = userService.findByLoginId(username);
session.setAttribute(Constants.CURRENT_USER, user);
session.setAttribute(Constants.USER_MENUS, user.getMenus());
}
return true;
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
return true;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
return true;
}
}