Spring+shiro session与线程池的坑

在java web编程中，经常使用shiro来管理session，也确实好用

1. shiro来获取session的方式

SecurityUtils.getSubject().getSession()

其中SecurityUtils的getSubject代码如下

/**
     * Returns the currently accessible {@code Subject} available to the calling code depending on
     * runtime environment.
     * <p/>
     * This method is provided as a way of obtaining a {@code Subject} without having to resort to
     * implementation-specific methods.  It also allows the Shiro team to change the underlying implementation of
     * this method in the future depending on requirements/updates without affecting your code that uses it.
     *
     * @return the currently accessible {@code Subject} accessible to the calling code.
     * @throws IllegalStateException if no {@link Subject Subject} instance or
     *                               {@link SecurityManager SecurityManager} instance is available with which to obtain
     *                               a {@code Subject}, which which is considered an invalid application configuration
     *                               - a Subject should <em>always</em> be available to the caller.
     */
    public static Subject getSubject() {
        Subject subject = ThreadContext.getSubject();
        if (subject == null) {
            subject = (new Subject.Builder()).buildSubject();
            ThreadContext.bind(subject);
        }
        return subject;
    }

　　

 

Subject subject = ThreadContext.getSubject();

获取进程上下文，这个存在了问题，如果在使用线程池，获取的就是线程池里面的session，如果线程池为配置过期时间，那么线程池里面的线程一直不变，就会出现在线程池里面getsession就会是上一次的session，导致获取session失败

 

线程池原理可参考

https://www.cnblogs.com/ytxiao/articles/11081136.html

转载于:https://www.cnblogs.com/ytxiao/p/11082523.html