Shiro
Shiro Session共享配置以及实现
Shiro我们通过重写AbstractSessionDAO ,来实现Session共享。再重写Session的时候(其实也不算重写),因为和HttpSession 没有任何实现或者继承关系。
Session的每个回话的ID 生成器,我们用JavaUuidSessionIdGenerator (UUID 规则)。
Session的创建、获取、删除。
Session的监听生命周期
Session定时管理器(有效期)
Session的创建、删除、查询 ,ShiroSessionRepository 接口定义。
public interface ShiroSessionRepository {
/**
* 存储Session
* @param session
*/
void saveSession(Session session);
/**
* 删除session
* @param sessionId
*/
void deleteSession(Serializable sessionId);
/**
* 获取session
* @param sessionId
* @return
*/
Session getSession(Serializable sessionId);
/**
* 获取所有sessoin
* @return
*/
Collection getAllSessions();
}
Session的创建、删除、查询实现。com.sojson.core.shiro.cache.JedisShiroSessionRepository 实现的方法。
@SuppressWarnings("unchecked")
public class JedisShiroSessionRepository implements ShiroSessionRepository {
public static final String REDIS_SHIRO_SESSION = "sojson-shiro-demo-session:";
//这里有个小BUG,因为Redis使用序列化后,Key反序列化回来发现前面有一段乱码,解决的办法是存储缓存不序列化
public static final String REDIS_SHIRO_ALL = "*sojson-shiro-demo-session:*";
private static final int SESSION_VAL_TIME_SPAN = 18000;
private static final int DB_INDEX = 1;
private JedisManager jedisManager;
@Override
public void saveSession(Session session) {
if (session == null || session.getId() == null)
throw new NullPointerException("session is empty");
try {
byte[] key = SerializeUtil.serialize(buildRedisSessionKey(session.getId()));
//不存在才添加。
if(null == session.getAttribute(CustomSessionManager.SESSION_STATUS)){
//Session 踢出自存存储。
SessionStatus sessionStatus = new SessionStatus();
session.setAttribute(CustomSessionManager.SESSION_STATUS, sessionStatus);
}
byte[] value = SerializeUtil.serialize(session);
long sessionTimeOut = session.getTimeout() / 1000;
Long expireTime = sessionTimeOut + SESSION_VAL_TIME_SPAN + (5 * 60);
getJedisManager().saveValueByKey(DB_INDEX, key, value, expireTime.intValue());
} catch (Exception e) {
LoggerUtils.fmtError(getClass(), e, "save session error,id:[%s]",session.getId());
}
}
@Override
public void deleteSession(Serializable id) {
if (id == null) {
throw new NullPointerException("session id is empty");
}
try {
getJedisManager().deleteByKey(DB_INDEX,
SerializeUtil.serialize(buildRedisSessionKey(id)));
} catch (Exception e) {
LoggerUtils.fmtError(getClass(), e, "删除session出现异常,id:[%s]",id);
}
}
@Override
public Session getSession(Serializable id) {
if (id == null)
throw new NullPointerException("session id is empty");
Session session = null;
try {
byte[] value = getJedisManager().getValueByKey(DB_INDEX, SerializeUtil
.serialize(buildRedisSessionKey(id)));
session = SerializeUtil.deserialize(value, Session.class);
} catch (Exception e) {
LoggerUtils.fmtError(getClass(), e, "获取session异常,id:[%s]",id);
}
return session;
}
@Override
public Collection getAllSessions() {
Collection sessions = null;
try {
sessions = getJedisManager().AllSession(DB_INDEX,REDIS_SHIRO_SESSION);
} catch (Exception e) {
LoggerUtils.fmtError(getClass(), e, "获取全部session异常");
}
return sessions;
}
private String buildRedisSessionKey(Serializable sessionId) {
return REDIS_SHIRO_SESSION + sessionId;
}
public JedisManager getJedisManager() {
return jedisManager;
}
public void setJedisManager(JedisManager jedisManager) {
this.jedisManager = jedisManager;
}
}
CustomShiroSessionDAO的继承实现
public class CustomShiroSessionDAO extends AbstractSessionDAO{
private ShiroSessionRepository shiroSessionRepository;
public ShiroSessionRepository getShiroSessionRepository() {
return shiroSessionRepository;
}
public void setShiroSessionRepository(
ShiroSessionRepository shiroSessionRepository) {
this.shiroSessionRepository = shiroSessionRepository;
}
@Override
public void update(Session session) throws UnknownSessionException {
getShiroSessionRepository().saveSession(session);
}
@Override
public void delete(Session session) {
if (session == null) {
LoggerUtils.error(getClass(), "Session 不能为null");
return;
}
Serializable id = session.getId();
if (id != null)
getShiroSessionRepository().deleteSession(id);
}
@Override
public Collection getActiveSessions() {
return getShiroSessionRepository().getAllSessions();
}
@Override
protected Serializable doCreate(Session session) {
Serializable sessionId = this.generateSessionId(session);
this.assignSessionId(session, sessionId);
getShiroSessionRepository().saveSession(session);
return sessionId;
}
@Override
protected Session doReadSession(Serializable sessionId) {
return getShiroSessionRepository().getSession(sessionId);
}
}
今天学到的知识:session的配置,还有缓存机制,今天的知识总结感觉还没有这么消化,节奏放慢点,慢慢消化一下,明天计划,优化登陆和注册界面,还整合email验证码在登陆注册界面
今天遇到的困难:还是shiro不是很熟悉,继续学习和消化一下
明天的计划:先消化一下shiro,在优化一下界面整合登陆注册界面