引入shiro的jar包
1.2.3
org.apache.shiro
shiro-core
${shiroVersion}
org.apache.shiro
shiro-web
${shiroVersion}
org.apache.shiro
shiro-ehcache
${shiroVersion}
org.apache.shiro
shiro-spring
${shiroVersion}
配置shiro(web.xml)
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
shiroFilter
*.html
配置shiro(spring)
具体类用法
package com.whereta.model;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.apache.shiro.session.Session;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* 该类是缓存工具类,提供session的存储和获取等方法
* @author Vincent
* @time 2015/7/27 15:00
*/
public class DemoCache implements Cache {
//模拟缓存存储session对象
private static final Map map = new HashMap();
public Session get(Serializable key) throws CacheException {
//根据key获取缓存中的session
return map.get(key);
}
public Session put(Serializable key, Session value) throws CacheException {
//将session对象存入缓存
map.put(key, value);
return value;
}
public Session remove(Serializable key) throws CacheException {
//移除session中为key的对象
Session session = get(key);
if (session != null) {
session.setAttribute(key, null);
return session;
}
return null;
}
public void clear() throws CacheException {
//清除所有的session
map.clear();
}
public int size() {
//返回session的数量
return map.size();
}
public Set keys() {
//返回所有session的key
return map.keySet();
}
public Collection values() {
//返回所有session
return map.values();
}
}
package com.whereta.model;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import java.io.Serializable;
/**
* sessionId生成工具类
* @author Vincent
* @time 2015/7/27 11:45
*/
public class DemoSessionIdGenerator implements SessionIdGenerator {
public Serializable generateId(Session session) {
//自定义规则生成sessionid
return System.currentTimeMillis();
}
}
package com.whereta.model;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
/**
* 集成websession管理器,重写两个方法实现自己的需求
* @author Vincent
* @time 2015/7/27 15:35
*/
public class DemoSessionManager extends DefaultWebSessionManager {
//自定义缓存,存储 客户端-sessionid
public static final Map MAP=new HashMap();
private static Log log = LogFactory.getLog(DemoSessionManager.class);
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
HttpServletRequest req= (HttpServletRequest) request;
//假设以请求地址为key标注唯一一个客户端
String remoteHost = req.getRemoteHost();
//存入缓存
Serializable id = MAP.get(remoteHost);
return id;
}
@Override
protected void onStart(Session session, SessionContext context) {
//判断是否是http请求
if (!WebUtils.isHttp(context)) {
log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
"pair. No session ID cookie will be set.");
return;
}
HttpServletRequest request = WebUtils.getHttpRequest(context);
request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
String remoteHost = request.getRemoteHost();
Serializable id = session.getId();
MAP.put(remoteHost,id);
}
}
通过以上配置,可以再次运行查看session,已经变为shiro的自定义session了
org.apache.shiro.web.servlet.ShiroHttpSession