spring boot shiro redis续

最新推荐文章于 2024-06-05 18:02:56 发布
最新推荐文章于 2024-06-05 18:02:56 发布
阅读量3.5k 收藏 14
点赞数 2
分类专栏: spring-boot 文章标签: springboot shiro redis
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zhaoyachao123/article/details/79425065
版权

本篇文章是基于前几篇spring boot shiro redis的基础上,如果未看前几篇建议先看前几篇

1:springboot redis整合

2:springboot shiro整合

3:springboot shiro redis整合

4:spring boot shiro redis整合遇到的问题

spring boot shiro 使用redis对session进行管理请看 第3篇文章

shiro的认证,授权信息 也可以交给redis管理
本篇文章会和之前的使用redis管理session的那篇文章有些区别,对session的管理进行了重新实现
shiro的认证,授权信息 有redis管理的思想是:
shiro的认证,授权信息本身支持存放到缓存中,只需把之前shiro默认的ehcache缓存更换成redis缓存即可。

shiro 配置文件如下:重点的会使用红色标注:

package com.zyc.springboot.config;

import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.SessionListener;
import org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.filter.DelegatingFilterProxy;

import com.zyc.springboot.shiro.MyFormAuthenticationFilter;
import com.zyc.springboot.shiro.MyRealm;
import com.zyc.springboot.shiro.MyShiroSessionListener;
import com.zyc.springboot.shiro.RedisUtil;
import com.zyc.springboot.shiro.SessionDao;
import com.zyc.springboot.shiro.ShiroRedisCacheManager;

@Configuration
public class ShiroConfig {
	
	/*@Bean(name = "shiroEhcacheManager")
	public EhCacheManager getEhCacheManager() {
		EhCacheManager em = new EhCacheManager();
		em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");
		return em;
	}*/
	
	@Bean(name="shiroRedisCacheManager")
	public ShiroRedisCacheManager shiroRedisCacheManager(RedisTemplate redisTemplate){
		ShiroRedisCacheManager shiroRedisCacheManager=new ShiroRedisCacheManager();
		shiroRedisCacheManager.setRedisTemplate(redisTemplate);
		return shiroRedisCacheManager;
	}
	
	@Bean(name = "lifecycleBeanPostProcessor")
	public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
		LifecycleBeanPostProcessor lifecycleBeanPostProcessor = new LifecycleBeanPostProcessor();
		return lifecycleBeanPostProcessor;
	}
	
	@Bean(name = "sessionValidationScheduler")
	public ExecutorServiceSessionValidationScheduler getExecutorServiceSessionValidationScheduler(DefaultWebSessionManager defaultWebSessionManager) {
		ExecutorServiceSessionValidationScheduler scheduler = new ExecutorServiceSessionValidationScheduler();
		scheduler.setInterval(50*1000);
		scheduler.setSessionManager(defaultWebSessionManager);
		return scheduler;
	}
	
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
		hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法;
		hashedCredentialsMatcher.setHashIterations(1);// 散列的次数,比如散列两次,相当于md5(md5(""));
		hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
		return hashedCredentialsMatcher;
	}
	
	@Bean(name = "defaultWebSecurityManager")
	public DefaultWebSecurityManager defaultWebSecurityManager(MyRealm myRealm,DefaultWebSessionManager defaultWebSessionManager,ShiroRedisCacheManager shiroRedisCacheManager) {
		DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
		defaultWebSecurityManager.setRealm(myRealm);
		//defaultWebSecurityManager.setCacheManager(getEhCacheManager());
		defaultWebSecurityManager.setCacheManager(shiroRedisCacheManager);
		defaultWebSecurityManager.setSessionManager(defaultWebSessionManager);
		defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
		return defaultWebSecurityManager;
	}
	
	@Bean(name = "rememberMeCookie")
	public SimpleCookie rememberMeCookie() {
		// 这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
		SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
		// <!-- 记住我cookie生效时间30天 ,单位秒;-->
		simpleCookie.setMaxAge(60*60*24*30);
		return simpleCookie;
	}
	
	/**
	 * cookie管理对象;
	 * 
	 * @return
	 */
	@Bean(name = "rememberMeManager")
	public CookieRememberMeManager rememberMeManager() {
		CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
		cookieRememberMeManager.setCookie(rememberMeCookie());
		 byte[] cipherKey = Base64.decode("wGiHplamyXlVB11UXWol8g==");
		cookieRememberMeManager.setCipherKey(cipherKey);
		return cookieRememberMeManager;
	}
	

	@Bean
	@DependsOn(value = "lifecycleBeanPostProcessor")
	public MyRealm myRealm(ShiroRedisCacheManager shiroRedisCacheManager) {
		MyRealm myRealm = new MyRealm();
		//启用缓存
		myRealm.setCachingEnabled(true);
		//启用授权缓存
		myRealm.setAuthorizationCachingEnabled(true);
		myRealm.setAuthorizationCacheName("shiro-AutorizationCache");
		//启用认证信息缓存
		myRealm.setAuthenticationCachingEnabled(true);
		myRealm.setAuthenticationCacheName("shiro-AuthenticationCache");
		myRealm.setCacheManager(shiroRedisCacheManager);
		myRealm.setCredentialsMatcher(hashedCredentialsMatcher());
		return myRealm;
	}

	@Bean
	@DependsOn("lifecycleBeanPostProcessor")
	public DefaultAdvisorAutoProxyCreator getAutoProxyCreator(){
		DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
		creator.setProxyTargetClass(true);
		return creator;
	}
	
	@Bean
	public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager) {
		AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
		aasa.setSecurityManager(defaultWebSecurityManager);
		return aasa;
	}
	

	@Bean(name = "sessionManager")
	public DefaultWebSessionManager defaultWebSessionManager(SessionDao sessionDao) {
		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
		sessionManager.setGlobalSessionTimeout(1000*60*60*24*60);
//		//url中是否显示session Id
		sessionManager.setSessionIdUrlRewritingEnabled(false);
//		// 删除失效的session
		sessionManager.setDeleteInvalidSessions(true);
		sessionManager.setSessionValidationSchedulerEnabled(true);
		sessionManager.setSessionValidationInterval(18000000);
		sessionManager.setSessionValidationScheduler(getExecutorServiceSessionValidationScheduler(sessionManager));
		//sessionManager.setSessionValidationScheduler(quartzSessionValidationScheduler2(sessionManager));
		//设置SessionIdCookie 导致认证不成功,不从新设置新的cookie,从sessionManager获取sessionIdCookie
		//sessionManager.setSessionIdCookie(simpleIdCookie());
		sessionManager.getSessionIdCookie().setName("session-z-id");
		sessionManager.getSessionIdCookie().setPath("/");
		sessionManager.getSessionIdCookie().setMaxAge(60*60*24*7);
		
		sessionManager.setSessionDAO(sessionDao);
		Collection<SessionListener> c=new ArrayList<>();
		c.add(new MyShiroSessionListener());
		sessionManager.setSessionListeners(c);
		
		return sessionManager;
	}
	
//	@Bean
//	public QuartzSessionValidationScheduler2 quartzSessionValidationScheduler2(DefaultWebSessionManager sessionManager){
//		QuartzSessionValidationScheduler2 quartzSessionValidationScheduler2=new QuartzSessionValidationScheduler2();
//		quartzSessionValidationScheduler2.setSessionManager(sessionManager);
//		quartzSessionValidationScheduler2.setSessionValidationInterval(1000*5);
//		return quartzSessionValidationScheduler2;
//	}
	 @Bean
	 public SessionDao sessionDao(RedisUtil redisUtil,ShiroRedisCacheManager shiroRedisCacheManager) {
	 SessionDao sessionDao = new SessionDao();
	 //设置缓存器的名称
	 sessionDao.setActiveSessionsCacheName("shiro-activeSessionCache1");
	 //注入缓存管理器默认的是ehcache缓存
	 sessionDao.setCacheManager(shiroRedisCacheManager);
	 //注入缓存管理器2(实现session由redis控制有多种方法,上一步是一种,下面这样写也行)
	 sessionDao.setRedisUtil(redisUtil);
	 return sessionDao;
	 }
	
	 @Bean
	 public RedisUtil redisUtil(RedisTemplate<String,Object> redisTemplate) {
	 RedisUtil redisUtil = new RedisUtil();
	 redisUtil.setRedisTemplate(redisTemplate);
	 return redisUtil;
	 }

	

	@Bean(name = "filterRegistrationBean1")
	public FilterRegistrationBean filterRegistrationBean() {
		FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
		filterRegistrationBean.setFilter(new DelegatingFilterProxy(
				"shiroFilter"));
		filterRegistrationBean
				.addInitParameter("targetFilterLifecycle", "true");
		filterRegistrationBean.setEnabled(true);
		filterRegistrationBean.addUrlPatterns("/");
//		filterRegistrationBean.setDispatcherTypes(DispatcherType.REQUEST,
//				DispatcherType.FORWARD, DispatcherType.INCLUDE,
//				DispatcherType.ERROR);
		return filterRegistrationBean;
	}

	@Bean(name = "shiroFilter")
	public ShiroFilterFactoryBean shiroFilterFactoryBean(
			@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
		// SecurityUtils.setSecurityManager(defaultWebSecurityManager);
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		shiroFilterFactoryBean.setLoginUrl("/login");
		shiroFilterFactoryBean.setSuccessUrl("/getIndex");
		shiroFilterFactoryBean.setUnauthorizedUrl("/login");
		shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
		Map<String, Filter> filterMap1 = shiroFilterFactoryBean.getFilters();
		filterMap1.put("authc", new MyFormAuthenticationFilter());
		shiroFilterFactoryBean.setFilters(filterMap1);
		Map<String, String> filterMap = new LinkedHashMap<String, String>();
		filterMap.put("/static/**", "anon");
		filterMap.put("/api/**", "anon");
		filterMap.put("/logout", "anon");
		filterMap.put("/login", "authc");
		filterMap.put("/**", "authc");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
		return shiroFilterFactoryBean;
	}

}
@Bean(name="shiroRedisCacheManager")
	public ShiroRedisCacheManager shiroRedisCacheManager(RedisTemplate redisTemplate){
		ShiroRedisCacheManager shiroRedisCacheManager=new ShiroRedisCacheManager();
		shiroRedisCacheManager.setRedisTemplate(redisTemplate);
		return shiroRedisCacheManager;
	}
	
	@Bean(name = "lifecycleBeanPostProcessor")
	public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
		LifecycleBeanPostProcessor lifecycleBeanPostProcessor = new LifecycleBeanPostProcessor();
		return lifecycleBeanPostProcessor;
	}
	
	@Bean(name = "sessionValidationScheduler")
	public ExecutorServiceSessionValidationScheduler getExecutorServiceSessionValidationScheduler(DefaultWebSessionManager defaultWebSessionManager) {
		ExecutorServiceSessionValidationScheduler scheduler = new ExecutorServiceSessionValidationScheduler();
		scheduler.setInterval(50*1000);
		scheduler.setSessionManager(defaultWebSessionManager);
		return scheduler;
	}
	
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
		hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法;
		hashedCredentialsMatcher.setHashIterations(1);// 散列的次数,比如散列两次,相当于md5(md5(""));
		hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
		return hashedCredentialsMatcher;
	}
	
	@Bean(name = "defaultWebSecurityManager")
	public DefaultWebSecurityManager defaultWebSecurityManager(MyRealm myRealm,DefaultWebSessionManager defaultWebSessionManager,ShiroRedisCacheManager shiroRedisCacheManager) {
		DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
		defaultWebSecurityManager.setRealm(myRealm);
		//defaultWebSecurityManager.setCacheManager(getEhCacheManager());
		defaultWebSecurityManager.setCacheManager(shiroRedisCacheManager);
		defaultWebSecurityManager.setSessionManager(defaultWebSessionManager);
		defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
		return defaultWebSecurityManager;
	}
	
	@Bean(name = "rememberMeCookie")
	public SimpleCookie rememberMeCookie() {
		// 这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
		SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
		// <!-- 记住我cookie生效时间30天 ,单位秒;-->
		simpleCookie.setMaxAge(60*60*24*30);
		return simpleCookie;
	}
	
	/**
	 * cookie管理对象;
	 * 
	 * @return
	 */
	@Bean(name = "rememberMeManager")
	public CookieRememberMeManager rememberMeManager() {
		CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
		cookieRememberMeManager.setCookie(rememberMeCookie());
		 byte[] cipherKey = Base64.decode("wGiHplamyXlVB11UXWol8g==");
		cookieRememberMeManager.setCipherKey(cipherKey);
		return cookieRememberMeManager;
	}
	

	@Bean
	@DependsOn(value = "lifecycleBeanPostProcessor")
	public MyRealm myRealm(ShiroRedisCacheManager shiroRedisCacheManager) {
		MyRealm myRealm = new MyRealm();
		//启用缓存
		myRealm.setCachingEnabled(true);
		//启用授权缓存
		myRealm.setAuthorizationCachingEnabled(true);
		myRealm.setAuthorizationCacheName("shiro-AutorizationCache");
		//启用认证信息缓存
		myRealm.setAuthenticationCachingEnabled(true);
		myRealm.setAuthenticationCacheName("shiro-AuthenticationCache");
		myRealm.setCacheManager(shiroRedisCacheManager);
		myRealm.setCredentialsMatcher(hashedCredentialsMatcher());
		return myRealm;
	}

	@Bean
	@DependsOn("lifecycleBeanPostProcessor")
	public DefaultAdvisorAutoProxyCreator getAutoProxyCreator(){
		DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
		creator.setProxyTargetClass(true);
		return creator;
	}
	
	@Bean
	public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager) {
		AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
		aasa.setSecurityManager(defaultWebSecurityManager);
		return aasa;
	}
	

	@Bean(name = "sessionManager")
	public DefaultWebSessionManager defaultWebSessionManager(SessionDao sessionDao) {
		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
		sessionManager.setGlobalSessionTimeout(1000*60*60*24*60);
//		//url中是否显示session Id
		sessionManager.setSessionIdUrlRewritingEnabled(false);
//		// 删除失效的session
		sessionManager.setDeleteInvalidSessions(true);
		sessionManager.setSessionValidationSchedulerEnabled(true);
		sessionManager.setSessionValidationInterval(18000000);
		sessionManager.setSessionValidationScheduler(getExecutorServiceSessionValidationScheduler(sessionManager));
		//sessionManager.setSessionValidationScheduler(quartzSessionValidationScheduler2(sessionManager));
		//设置SessionIdCookie 导致认证不成功,不从新设置新的cookie,从sessionManager获取sessionIdCookie
		//sessionManager.setSessionIdCookie(simpleIdCookie());
		sessionManager.getSessionIdCookie().setName("session-z-id");
		sessionManager.getSessionIdCookie().setPath("/");
		sessionManager.getSessionIdCookie().setMaxAge(60*60*24*7);
		
		sessionManager.setSessionDAO(sessionDao);
		Collection<SessionListener> c=new ArrayList<>();
		c.add(new MyShiroSessionListener());
		sessionManager.setSessionListeners(c);
		
		return sessionManager;
	}
	
//	@Bean
//	public QuartzSessionValidationScheduler2 quartzSessionValidationScheduler2(DefaultWebSessionManager sessionManager){
//		QuartzSessionValidationScheduler2 quartzSessionValidationScheduler2=new QuartzSessionValidationScheduler2();
//		quartzSessionValidationScheduler2.setSessionManager(sessionManager);
//		quartzSessionValidationScheduler2.setSessionValidationInterval(1000*5);
//		return quartzSessionValidationScheduler2;
//	}
	 @Bean
	 public SessionDao sessionDao(RedisUtil redisUtil,ShiroRedisCacheManager shiroRedisCacheManager) {
	 SessionDao sessionDao = new SessionDao();
	 //设置缓存器的名称
	 sessionDao.setActiveSessionsCacheName("shiro-activeSessionCache1");
	 //注入缓存管理器默认的是ehcache缓存
	 sessionDao.setCacheManager(shiroRedisCacheManager);
	 //注入缓存管理器2(实现session由redis控制有多种方法,上一步是一种,下面这样写也行)
	 sessionDao.setRedisUtil(redisUtil);
	 return sessionDao;
	 }
	
	 @Bean
	 public RedisUtil redisUtil(RedisTemplate<String,Object> redisTemplate) {
	 RedisUtil redisUtil = new RedisUtil();
	 redisUtil.setRedisTemplate(redisTemplate);
	 return redisUtil;
	 }

	

	@Bean(name = "filterRegistrationBean1")
	public FilterRegistrationBean filterRegistrationBean() {
		FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
		filterRegistrationBean.setFilter(new DelegatingFilterProxy(
				"shiroFilter"));
		filterRegistrationBean
				.addInitParameter("targetFilterLifecycle", "true");
		filterRegistrationBean.setEnabled(true);
		filterRegistrationBean.addUrlPatterns("/");
//		filterRegistrationBean.setDispatcherTypes(DispatcherType.REQUEST,
//				DispatcherType.FORWARD, DispatcherType.INCLUDE,
//				DispatcherType.ERROR);
		return filterRegistrationBean;
	}

	@Bean(name = "shiroFilter")
	public ShiroFilterFactoryBean shiroFilterFactoryBean(
			@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
		// SecurityUtils.setSecurityManager(defaultWebSecurityManager);
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		shiroFilterFactoryBean.setLoginUrl("/login");
		shiroFilterFactoryBean.setSuccessUrl("/getIndex");
		shiroFilterFactoryBean.setUnauthorizedUrl("/login");
		shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
		Map<String, Filter> filterMap1 = shiroFilterFactoryBean.getFilters();
		filterMap1.put("authc", new MyFormAuthenticationFilter());
		shiroFilterFactoryBean.setFilters(filterMap1);
		Map<String, String> filterMap = new LinkedHashMap<String, String>();
		filterMap.put("/static/**", "anon");
		filterMap.put("/api/**", "anon");
		filterMap.put("/logout", "anon");
		filterMap.put("/login", "authc");
		filterMap.put("/**", "authc");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
		return shiroFilterFactoryBean;
	}

}

ShiroRedisCacheManager实现如下:

package com.zyc.springboot.shiro;

import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.apache.shiro.cache.CacheManager;
import org.springframework.data.redis.core.RedisTemplate;

/**
 * ClassName: ShiroRedisCacheManager   
 * @author zyc-admin
 * @date 2018年3月1日  
 * @Description: TODO  
 */
public class ShiroRedisCacheManager implements CacheManager {

    private RedisTemplate<String, Object> redisTemplate;
	
	public RedisTemplate<String, Object> getRedisTemplate() {
		return redisTemplate;
	}

	public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
		this.redisTemplate = redisTemplate;
	}

	@Override
	public <K, V> Cache<K, V> getCache(String arg0) throws CacheException {
		// TODO Auto-generated method stub
		return new ShiroRedisCache<>(arg0,redisTemplate);
	}

}

ShiroRedisCache实现如下:

package com.zyc.springboot.shiro;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.springframework.data.redis.core.RedisTemplate;

/**
 * ClassName: ShiroRedisCache
 * 
 * @author zyc-admin
 * @date 2018年3月1日
 * @Description: TODO
 */
@SuppressWarnings("unchecked")
public class ShiroRedisCache<K, V> implements Cache<K, V> {

	private String cacheKey;

	
	private RedisTemplate redisTemplate;

	public ShiroRedisCache(String name, RedisTemplate redisTemplate) {
		this.cacheKey="shiro:cache:" + name + ":";
		this.redisTemplate=redisTemplate;
	}

	
	@Override
	public void clear() throws CacheException {
		// TODO Auto-generated method stub
		redisTemplate.delete(keys());
	}

	@Override
	public V get(K arg0) throws CacheException {

		return (V) redisTemplate.opsForValue().get(getCacheKey(arg0));
	}

	@Override
	public Set<K> keys() {

		return redisTemplate.keys(getCacheKey("*"));
	}

	@Override
	public V put(K arg0, V arg1) throws CacheException {
		
		V old = get(arg0);
		redisTemplate.boundValueOps(getCacheKey(arg0)).set(arg1);
		redisTemplate.expire(getCacheKey(arg0), 1, TimeUnit.HOURS);
		return old;
	}

	@Override
	public V remove(K arg0) throws CacheException {
		V old = get(arg0);
		redisTemplate.delete(getCacheKey(arg0));
		return old;
	}

	@Override
	public int size() {
		return keys().size();
	}

	@Override
	public Collection<V> values() {
		Set<K> keys = keys();
		List<V> list = new ArrayList<>();
		for (K s : keys) {
			list.add(get(s));
		}
		return list;
	}

	public String getCacheKey() {
		return cacheKey;
	}

	public K getCacheKey(Object arg0) {
		return (K) (cacheKey + arg0);
	}

	public void setCacheKey(String cacheKey) {
		this.cacheKey = cacheKey;
	}

	public RedisTemplate getRedisTemplate() {
		return redisTemplate;
	}

	public void setRedisTemplate(RedisTemplate redisTemplate) {
		this.redisTemplate = redisTemplate;
	}

}

对shiro的认证,授权信息 缓存 还需要对MyRealm进行部分重写如下:在退出的时候清除缓存(你也可不清除,看自己项目需求)

package com.zyc.springboot.shiro;

import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.zyc.springboot.entity.User;
import com.zyc.springboot.service.AccountService;
import com.zyc.springboot.util.SpringContext;

public class MyRealm extends AuthorizingRealm {

	@Override
	public CacheManager getCacheManager() {
		// TODO Auto-generated method stub
		return super.getCacheManager();
	}

	/**
	 * 权限认证
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		System.out.println("授权=====");
		// 获取登录用户的信息,在认证时存储的是ShiroUser 所以得到的就是ShiroUser
		// 在其他地方也可通过SecurityUtils.getSubject().getPrincipals()获取用户信息
		String userName = principals.getPrimaryPrincipal().toString();
		// 权限字符串
		List<String> permissions = new ArrayList<>();
		// 从数据库中获取对应权限字符串并存储permissions
		permissions.add("111");
		// 角色字符串
		List<String> roles = new ArrayList<>();
		// 从数据库中获取对应角色字符串并存储roles

		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
		simpleAuthorizationInfo.addStringPermissions(permissions);
		simpleAuthorizationInfo.addRoles(roles);// 角色类型

		return simpleAuthorizationInfo;
	}

	/**
	 * 登录验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken arg0) throws AuthenticationException {
		System.out.println("认证=====");
		String userName = ((MyAuthenticationToken) arg0).getUsername();
		char[] password = ((MyAuthenticationToken) arg0).getPassword();
		User user = new User();// 根据用户名密码获取user
		Object obj = new SimpleHash("md5", new String(password), null, 1);
		user.setPassword(obj.toString());
		user.setUserName(userName);
		user = ((AccountService) SpringContext.getBean("accountService"))
				.findByPw(user);
		if (user == null) {
			throw new AuthenticationException("用户名密码错误");
		}

		SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
				userName, user.getPassword(), this.getName());
		return simpleAuthenticationInfo;
	}

	@Override
	protected void doClearCache(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		super.doClearCache(principals);
		clearCachedAuthenticationInfo(principals);
		clearCachedAuthorizationInfo(principals);
	}

	@Override
	protected void clearCachedAuthenticationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		super.clearCachedAuthenticationInfo(principals);
		Object key = principals.getPrimaryPrincipal();
		// ShiroUser shiroUser=new ShiroUser();
		// try {
		// BeanUtils.copyProperties(shiroUser, key);
		// } catch (Exception e) {
		// // TODO Auto-generated catch block
		// }
		getAuthenticationCache().remove(key);
	}

	@Override
	protected void clearCachedAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		super.clearCachedAuthorizationInfo(principals);
		Object key = getAuthorizationCacheKey(principals);
		getAuthorizationCache().remove(key);
	}

	protected Object getAuthorizationCacheKey(PrincipalCollection principals) {
		return principals.getPrimaryPrincipal();
	}
}
@Override
	protected void doClearCache(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		super.doClearCache(principals);
		clearCachedAuthenticationInfo(principals);
		clearCachedAuthorizationInfo(principals);
	}

	@Override
	protected void clearCachedAuthenticationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		super.clearCachedAuthenticationInfo(principals);
		Object key = principals.getPrimaryPrincipal();
		// ShiroUser shiroUser=new ShiroUser();
		// try {
		// BeanUtils.copyProperties(shiroUser, key);
		// } catch (Exception e) {
		// // TODO Auto-generated catch block
		// }
		getAuthenticationCache().remove(key);
	}

	@Override
	protected void clearCachedAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		super.clearCachedAuthorizationInfo(principals);
		Object key = getAuthorizationCacheKey(principals);
		getAuthorizationCache().remove(key);
	}

	protected Object getAuthorizationCacheKey(PrincipalCollection principals) {
		return principals.getPrimaryPrincipal();
	}
}

本篇redis缓存sessio的代码改动了如下:主要是sessiondao本身也支持缓存,之前没发现,现在使用自带的功能加以修正,简单方便

package com.zyc.springboot.shiro;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.io.Serializable;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;


public class SessionDao extends EnterpriseCacheSessionDAO {
	private String cacheKey="shiro:cache:shiro-activeSessionCache1:";
	private RedisUtil redisUtil;
	public RedisUtil getRedisUtil() {
		return redisUtil;
	}

	public void setRedisUtil(RedisUtil redisUtil) {
		this.redisUtil = redisUtil;
	}

	// 创建session,保存到数据库
    @Override
    protected Serializable doCreate(Session session) {
        @SuppressWarnings("unused")
		Serializable sessionId = super.doCreate(session);
        //redisUtil.set(cacheKey+session.getId().toString(), sessionToByte(session),1*60L);
        getCacheManager().getCache("shiro-activeSessionCache1").put(session.getId().toString(), session);
        return session.getId();
    }

    // 获取session
    @Override
    protected Session doReadSession(Serializable sessionId) {
        // 先从缓存中获取session,如果没有再去数据库中获取
        //Session session = super.doReadSession(sessionId); 
//        if(session == null){
//            byte[] bytes = (byte[]) redisUtil.get(sessionId.toString());
//            if(bytes != null && bytes.length > 0){
//                session = byteToSession(bytes);    
//            }
//        }
    	Session session = getActiveSessionsCache().get(sessionId);
        return session;
    }

    // 更新session的最后一次访问时间
    @Override
    protected void doUpdate(Session session) {
        super.doUpdate(session);
        //redisUtil.set(session.getId().toString(), sessionToByte(session),1*60L);
        getActiveSessionsCache().put(session.getId().toString(), session);
    }

    // 删除session
    @Override
    protected void doDelete(Session session) {
    	System.out.println("doDelete......");
//        super.doDelete(session);
//        redisUtil.remove(session.getId().toString());
    	getActiveSessionsCache().remove(session.getId().toString());
    }

    // 把session对象转化为byte保存到redis中
    public byte[] sessionToByte(Session session){
        ByteArrayOutputStream bo = new ByteArrayOutputStream();
        byte[] bytes = null;
        try {
            ObjectOutput oo = new ObjectOutputStream(bo);
            oo.writeObject(session);
            bytes = bo.toByteArray();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return bytes;
    }
    
    // 把byte还原为session
    public Session byteToSession(byte[] bytes){
        ByteArrayInputStream bi = new ByteArrayInputStream(bytes);
        ObjectInputStream in;
        SimpleSession session = null;
        try {
            in = new ObjectInputStream(bi);
            session = (SimpleSession) in.readObject();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    
        return session;
    }
}  getCacheManager().getCache("shiro-activeSessionCache1").put(session.getId().toString(), session);
        return session.getId();
    }

    // 获取session
    @Override
    protected Session doReadSession(Serializable sessionId) {
        // 先从缓存中获取session,如果没有再去数据库中获取
        //Session session = super.doReadSession(sessionId); 
//        if(session == null){
//            byte[] bytes = (byte[]) redisUtil.get(sessionId.toString());
//            if(bytes != null && bytes.length > 0){
//                session = byteToSession(bytes);    
//            }
//        }
    	Session session = getActiveSessionsCache().get(sessionId);
        return session;
    }

    // 更新session的最后一次访问时间
    @Override
    protected void doUpdate(Session session) {
        super.doUpdate(session);
        //redisUtil.set(session.getId().toString(), sessionToByte(session),1*60L);
        getActiveSessionsCache().put(session.getId().toString(), session);
    }

    // 删除session
    @Override
    protected void doDelete(Session session) {
    	System.out.println("doDelete......");
//        super.doDelete(session);
//        redisUtil.remove(session.getId().toString());
    	getActiveSessionsCache().remove(session.getId().toString());
    }

    // 把session对象转化为byte保存到redis中
    public byte[] sessionToByte(Session session){
        ByteArrayOutputStream bo = new ByteArrayOutputStream();
        byte[] bytes = null;
        try {
            ObjectOutput oo = new ObjectOutputStream(bo);
            oo.writeObject(session);
            bytes = bo.toByteArray();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return bytes;
    }
    
    // 把byte还原为session
    public Session byteToSession(byte[] bytes){
        ByteArrayInputStream bi = new ByteArrayInputStream(bytes);
        ObjectInputStream in;
        SimpleSession session = null;
        try {
            in = new ObjectInputStream(bi);
            session = (SimpleSession) in.readObject();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    
        return session;
    }
}
package com.zyc.zspringboot.shiro;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionListener;

import com.zyc.zspringboot.util.SpringContext;

public class MyShiroSessionListener implements SessionListener {

	@Override
	public void onStart(Session session) {

	}

	@Override
	public void onStop(Session session) {
		// TODO 退出登录时,先调用此方法,然后会继续调用SessionDao中的doDelete方法
		System.out.println("onStop===" + session.getId());
		RedisUtil redisUtil = (RedisUtil) SpringContext.getBean("redisUtil");
		// 清除session
		redisUtil.remove(session.getId().toString());
		// 清除缓存
		redisUtil.remove("shiro:cache:shiro-activeSessionCache1:"
				+ session.getId().toString());
	}

	@Override
	public void onExpiration(Session session) {
		System.out.println("onExpiration===" + session.getId());
		RedisUtil redisUtil = (RedisUtil) SpringContext.getBean("redisUtil");
		// 清除session
		redisUtil.remove(session.getId().toString());
		// 清除缓存
		redisUtil.remove("shiro:cache:shiro-activeSessionCache1:"
				+ session.getId().toString());
	}

}

整合完毕,如果遇到部分问题,可以看之前写的几篇文章中是否已经提到并解决,也可留言提出问题,我及时更新改正

鲨鱼也是鱼
关注
  • 2
    点赞
  • 14
    收藏
    觉得还不错? 一键收藏
  • 4
    评论
专栏目录
spring-boot mybaits shiro redis整合
05-14
注解redis缓存数据,Spring-session和redis实现分布式session同步(建议按功能模块划分系统)。 6、日志 =========== logback打印日志,业务日志和调试日志分开打印。同时基于时间和文件大小分割日志文件。 9、...
Shiro+JWT+Redis做认证,关于token有效期内期方案
lucay1992的博客
02-09 1817
最近做的项目Springboot+vue前后端分离 还是选用了扩展功能很强大的shiro作为安全框架 并且弃用了shiro的session管理,使用JWT(JSON Web Token)取而代之 现在已经实现登录认证 有个问题是,用户在token有效时间内的正常操作(请求header中携带token的请求)如何刷新token最好? 在网上查了查,我总结出两个方案: 1.第一种方案,单token反复刷新 简单来说就是用户每次访问后台服务,验证老token通过时,会进行jwt期(重新颁发toke
shiro + redis session过期时间不符合预期,提前过期
浪丶荡
12-20 4686
shiro + redis session过期时间不符合预期,提前过期 redis的过期时间设置的是8小时,如下 /** * 配置shiro redisManager * 使用的是shiro-redis开源插件 * * @return */ public RedisManager redisManager() { Red...
分布式ShiroSpringBoot项目Shiro整合Redis
最新发布
shyの个人笔记
06-05 803
分布式ShiroSpringBoot项目Shiro整合Redis
shiro框架如何保持登录状态
weixin_40835745的博客
12-17 4002
提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档 文章目录前言一、shiro保持登录状态的方式?二、具体过程1.登录系统2.关闭浏览器3.登出系统4.RememberMe功能总结 前言 最近一段时间在研究shiro框架,发现网上很少有讲在登录之后,shiro是如何保持登陆状态的,或者换句话说就是后台服务能够在你登录之后,知道你是谁,知道你有哪些权限,知道你的角色是什么 一、shiro保持登录状态的方式? 现在大部分的web项目都是采用前后端分离的架构,而保持登录状态采用的最多的方式是请
Redis分布式锁如何自动
Java搜索工程技术栈
02-28 3197
1、Redis 实现分布式锁 指定一个 key 作为锁标记,存入 Redis 中,指定一个唯一的用户标识作为 value。 当 key 不存在时才能设置值,确保同一时间只有一个客户端进程获得锁,满足互斥性特性。 设置一个过期时间,防止因系统异常导致没能删除这个 key,满足防死锁特性。 当处理完业务之后需要清除这个 key 来释放锁,清除 key 时需要校验 value 值,需要满足只有加锁的人才能释放锁 。 2、问题 如果这个锁的过期时间是30秒,但是业务运行超过
Shiro功能应用(八)--Shiro集成RedisTemplate(SDR)
假人一个的博客
04-27 1302
文章目录代码实现:功能测试:      上一篇文章Shiro功能应用(七)–Shiro集成Redis缓存(shiro-redis3.1.0)中提到,继承shiro-redis,授权的User实体类要有AuthCacheKey或者Id属性,这有一定局限性,本文在上一篇文章代码基础上,修改成集成SDR(spring-boot-starter-data-redi...
spring-boot-shiro-redis整合源码
08-03
spring-boot-shiro-redis 整合源码
spring boot整合redis实现shiro的分布式session共享的方法
08-28
Spring Boot 整合 Redis 实现 Shiro 的分布式 Session 共享 Shiro 是一个优秀的 Java 安全框架,提供了强大的身份验证、授权和会话管理功能。然而,在分布式架构中,Shiro 的会话管理机制需要进行特殊处理,以便...
springboot +shiro+redis实现session共享(方案二)1
08-08
"Spring Boot + Shiro + Redis 实现 Session 共享方案二" 1. 概述 本文档旨在介绍如何使用 Spring BootShiroRedis 实现分布式 session 共享,以解决 Web 应用程序的登录 session 统一问题。 2. 相关依赖 ...
spring boot+redis+shiro+mybatis+thymeleaf整合框架
08-14
spring boot+redis+shiro+mybatis+thymeleaf整合框架,引入了缓存,可以使整个项目能快速访问资源,并且提供shiro安全框架保证了资源的安全性。spring boot,mybatis则是现在开发的最新框架技术。并且引入了...
SpringBoot集成shiro+jwt+swagger2,实现token令牌自动
qq_41319712的博客
12-03 2384
1.新建一个springboot项目 2.引入相关maven依赖 <!--mysql--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope>
shiro学习笔记:springboot整合shiro,并使用redis缓存
zifengye520的专栏
12-17 5248
springboot单体应用,整合shiro,用来做权限管理,并加上redis缓存机制
shiro中的session 获取过期时间设置过期时间
澎湖Java架构师的博客
04-22 512
shiro中session设置的有效时间 long timeout = SecurityUtils.getSubject().getSession().getTimeout(); System.out.println(timeout+"毫秒"); 设置shiro中session的过期时间 SecurityUtils.getSubject().getSession().setTimeout(1800000);
shiro使用reids缓存session 踩坑 (已解决)
reol44的博客
03-19 640
shiro使用redis存储session
Shiro + redis + 登录 + 记住我 + 验证码 + 登出(mysiteforme)
weixin_30832143的博客
05-07 388
从访问开始 http://localhost:8080 @GetMapping(value = "") public String index() { LOGGER.info("这事空地址在请求路径"); Subject s = SecurityUtils.getSubject(); re...
SpringBoot+Redis】实现多端登录+token自动期和定期刷新+自定义注解和拦截器实现鉴权(角色和权限校验)
weixin_43165220的博客
12-22 5759
SpringBoot+Redis】实现多端登录、防止重复登录+token自动期和定期刷新+自定义注解和拦截器实现鉴权。将登录相关、退出、token相关的这些操作,全部抽出来,放到一个自定义的@Component组件中,在这里实现具体过程,其他地方我们不用关心实现步骤,只需要直接调用这里面的相关方法就行。鉴权相关将角色和角色对应的权限放到缓存中,每次请求时在拦截器里从缓存中拿到角色和权限进行校验。
Spring boot + shiro + redis 实现session共享(伪单点登录)
学习编程的shou的博客
06-06 5873
    为实现Web应用的分布式集群部署,要解决登录session的统一。本文利用shiro做权限控制,redis做session存储,结合spring boot快速配置实现session共享。注意本文未解决跨域的问题。不过对于一般的情况能够很好的起到作用,具体已经在不同端口上进行了测试。    我们先从配置说起:1.引入相关依赖引入shiro相关的依赖还有Redis的依赖 ...
李子柒文化输出争议:Spring Boot整合Redis实现Shiro分布式Session共享
在“地域分布-spring boot整合redis实现shiro的分布式session共享的方法”这一主题中,我们主要聚焦于如何在Spring Boot应用中利用Redis来实现Shiro框架的分布式session共享。Spring Boot是Java开发中的一个微服务...
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值