简单分析完jetty的请求处理过程:http://my.oschina.net/u/782865/blog/505533
来看看shiro是怎么接管session的;我们知道web容器都实现有session管理;要把这个容器默认实现屏蔽掉,就需要改变request的getSession方法的默认实现;
shiro是这样实现的:封装普通的request成一个wrap,即是ShiroHttpServletRequest;
通过拦截器拦截request并封装为ShiroHttpServletRequest;具体如下
shiro的AbstractShiroFilter
protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)
throws ServletException, IOException {
Throwable t = null;
try {
final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);//执行封装
final ServletResponse response = prepareServletResponse(request, servletResponse, chain);
final Subject subject = createSubject(request, response);
//noinspection unchecked
subject.execute(new Callable() {
public Object call() throws Exception {
updateSessionLastAccessTime(request, response);
executeChain(request, response, chain);
return null;
}
});...
@SuppressWarnings({"UnusedDeclaration"})
protected ServletRequest prepareServletRequest(ServletRequest request, ServletResponse response, FilterChain chain) {
ServletRequest toUse = request;
if (request instanceof HttpServletRequest) {
HttpServletRequest http = (HttpServletRequest) request;
toUse = wrapServletRequest(http);
}
return toUse;
}
protected ServletRequest wrapServletRequest(HttpServletRequest orig) {
return new ShiroHttpServletRequest(orig, getServletContext(), isHttpSessions());
}
默认不用容器的session实现;
再来看看ShiroHttpServletRequest的getSession方法;
public HttpSession getSession() {
return getSession(true);
}
public HttpSession getSession(boolean create) {
HttpSession httpSession;
if (isHttpSessions()) {//默认是flase;
httpSession = super.getSession(false);
if (httpSession == null && create) {
//Shiro 1.2: assert that creation is enabled (SHIRO-266):
if (WebUtils._isSessionCreationEnabled(this)) {
httpSession = super.getSession(create);
} else {
throw newNoSessionCreationException();
}
}
} else {//这里是shiro实现的session
if (this.session == null) {
boolean existing = getSubject().getSession(false) != null;
Session shiroSession = getSubject().getSession(create);
if (shiroSession != null) {
this.session = new ShiroHttpSession(shiroSession, this, this.servletContext);
if (!existing) {
setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
}
}
}
httpSession = this.session;
}
return httpSession;
}
那么实现shiro的sessionDao接口就可以想存哪就存哪了;