springboot使用shiro配置多个过滤器和session同步案例
生活随笔
收集整理的這篇文章主要介紹了
springboot使用shiro配置多个过滤器和session同步案例
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
文章目錄
- 知識點介紹
- 驗證碼過濾器
- 登錄賬號控制過濾器
- 自定義訪問控制過濾器
- 同步Sesion到數據庫
- 退出過濾器
- 定期session驗證任務調度器
- shiro配置類
- 自定義Session類(繼承 SimpleSession)
- 自定義SessionFactory會話(繼承SessionFactory)
- 自定義的ShiroSessionDao(繼承EnterpriseCacheSessionDAO)
案例代碼來自ruoyi管理系統的shiro部分
知識點介紹
AccessControlFilter
AccessControlFilter提供了訪問控制的基礎功能;比如是否允許訪問/當訪問拒絕時如何處理等:
isAccessAllowed:表示是否允許訪問;mappedValue就是[urls]配置中攔截器參數部分,如果允許訪問返回true,否則false;
onAccessDenied:表示當訪問拒絕時是否已經處理了;如果返回true表示需要繼續處理;如果返回false表示該攔截器實例已經處理了,將直接返回即可。
onPreHandle會自動調用這兩個方法決定是否繼續處理:
boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue);
}
配置過濾器的步驟:
1.繼承AccessControlFilter
2.重寫isAccessAllowed onAccessDenied(有時也需要重寫onPreHandle等其他方法)
3.在shiroconfig中配置自己寫的過濾器類,并加上@Bean注解,并配置過濾器鏈:
(定時任務調度的使用):
4.配置會話管理器加入自定義的任務調度器
驗證碼過濾器
public class CaptchaValidateFilter extends AccessControlFilter {/*** 是否開啟驗證碼*/private boolean captchaEnabled = true;/*** 驗證碼類型*/private String captchaType = "math";public void setCaptchaEnabled(boolean captchaEnabled){this.captchaEnabled = captchaEnabled;}public void setCaptchaType(String captchaType){this.captchaType = captchaType;}@Overridepublic boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception{request.setAttribute(ShiroConstants.CURRENT_ENABLED, captchaEnabled);request.setAttribute(ShiroConstants.CURRENT_TYPE, captchaType);return super.onPreHandle(request, response, mappedValue);}@Overrideprotected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)throws Exception{HttpServletRequest httpServletRequest = (HttpServletRequest) request;// 驗證碼禁用 或不是表單提交 允許訪問if (captchaEnabled == false || !"post".equals(httpServletRequest.getMethod().toLowerCase())){return true;}return validateResponse(httpServletRequest, httpServletRequest.getParameter(ShiroConstants.CURRENT_VALIDATECODE));}public boolean validateResponse(HttpServletRequest request, String validateCode){Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);String code = String.valueOf(obj != null ? obj : "");// 驗證碼清除,防止多次使用。request.getSession().removeAttribute(Constants.KAPTCHA_SESSION_KEY);if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code)){return false;}return true;}@Overrideprotected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{request.setAttribute(ShiroConstants.CURRENT_CAPTCHA, ShiroConstants.CAPTCHA_ERROR);return true;} }登錄賬號控制過濾器
public class KickoutSessionFilter extends AccessControlFilter {private final static ObjectMapper objectMapper = new ObjectMapper();/*** 同一個用戶最大會話數**/private int maxSession = -1;/*** 踢出之前登錄的/之后登錄的用戶 默認false踢出之前登錄的用戶**/private Boolean kickoutAfter = false;/*** 踢出后到的地址**/private String kickoutUrl;private SessionManager sessionManager;private Cache<String, Deque<Serializable>> cache;@Overrideprotected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o)throws Exception{return false;}@Overrideprotected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{Subject subject = getSubject(request, response);if (!subject.isAuthenticated() && !subject.isRemembered() || maxSession == -1){// 如果沒有登錄或用戶最大會話數為-1,直接進行之后的流程return true;}try{Session session = subject.getSession();// 當前登錄用戶SysUser user = ShiroUtils.getSysUser();String loginName = user.getLoginName();Serializable sessionId = session.getId();// 讀取緩存用戶 沒有就存入Deque<Serializable> deque = cache.get(loginName);if (deque == null){// 初始化隊列deque = new ArrayDeque<Serializable>();}// 如果隊列里沒有此sessionId,且用戶沒有被踢出;放入隊列if (!deque.contains(sessionId) && session.getAttribute("kickout") == null){// 將sessionId存入隊列deque.push(sessionId);// 將用戶的sessionId隊列緩存cache.put(loginName, deque);}// 如果隊列里的sessionId數超出最大會話數,開始踢人while (deque.size() > maxSession){// 是否踢出后來登錄的,默認是false;即后者登錄的用戶踢出前者登錄的用戶;Serializable kickoutSessionId = kickoutAfter ? deque.removeFirst() : deque.removeLast();// 踢出后再更新下緩存隊列cache.put(loginName, deque);try{// 獲取被踢出的sessionId的session對象Session kickoutSession = sessionManager.getSession(new DefaultSessionKey(kickoutSessionId));if (null != kickoutSession){// 設置會話的kickout屬性表示踢出了kickoutSession.setAttribute("kickout", true);}}catch (Exception e){// 面對異常,我們選擇忽略}}// 如果被踢出了,(前者或后者)直接退出,重定向到踢出后的地址if (session.getAttribute("kickout") != null && (Boolean) session.getAttribute("kickout") == true){// 退出登錄subject.logout();saveRequest(request);return isAjaxResponse(request, response);}return true;}catch (Exception e){return isAjaxResponse(request, response);}}private boolean isAjaxResponse(ServletRequest request, ServletResponse response) throws IOException{HttpServletRequest req = (HttpServletRequest) request;HttpServletResponse res = (HttpServletResponse) response;if (ServletUtils.isAjaxRequest(req)){AjaxResult ajaxResult = AjaxResult.error("您已在別處登錄,請您修改密碼或重新登錄");ServletUtils.renderString(res, objectMapper.writeValueAsString(ajaxResult));}else{WebUtils.issueRedirect(request, response, kickoutUrl);}return false;}public void setMaxSession(int maxSession){this.maxSession = maxSession;}public void setKickoutAfter(boolean kickoutAfter){this.kickoutAfter = kickoutAfter;}public void setKickoutUrl(String kickoutUrl){this.kickoutUrl = kickoutUrl;}public void setSessionManager(SessionManager sessionManager){this.sessionManager = sessionManager;}// 設置Cache的key的前綴public void setCacheManager(CacheManager cacheManager){// 必須和ehcache緩存配置中的緩存name一致this.cache = cacheManager.getCache(ShiroConstants.SYS_USERCACHE);}自定義訪問控制過濾器
public class OnlineSessionFilter extends AccessControlFilter {/*** 強制退出后重定向的地址*/@Value("${shiro.user.loginUrl}")private String loginUrl;private OnlineSessionDAO onlineSessionDAO;/*** 表示是否允許訪問;mappedValue就是[urls]配置中攔截器參數部分,如果允許訪問返回true,否則false;*/@Overrideprotected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)throws Exception{Subject subject = getSubject(request, response);if (subject == null || subject.getSession() == null){return true;}Session session = onlineSessionDAO.readSession(subject.getSession().getId());if (session != null && session instanceof OnlineSession){OnlineSession onlineSession = (OnlineSession) session;request.setAttribute(ShiroConstants.ONLINE_SESSION, onlineSession);// 把user對象設置進去boolean isGuest = onlineSession.getUserId() == null || onlineSession.getUserId() == 0L;if (isGuest == true){SysUser user = ShiroUtils.getSysUser();if (user != null){onlineSession.setUserId(user.getUserId());onlineSession.setLoginName(user.getLoginName());onlineSession.setAvatar(user.getAvatar());onlineSession.setDeptName(user.getDept().getDeptName());onlineSession.markAttributeChanged();}}if (onlineSession.getStatus() == OnlineStatus.off_line){return false;}}return true;}/*** 表示當訪問拒絕時是否已經處理了;如果返回true表示需要繼續處理;如果返回false表示該攔截器實例已經處理了,將直接返回即可。*/@Overrideprotected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{Subject subject = getSubject(request, response);if (subject != null){subject.logout();}saveRequestAndRedirectToLogin(request, response);return false;}// 跳轉到登錄頁@Overrideprotected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException{WebUtils.issueRedirect(request, response, loginUrl);}public void setOnlineSessionDAO(OnlineSessionDAO onlineSessionDAO){this.onlineSessionDAO = onlineSessionDAO;} }同步Sesion到數據庫
public class SyncOnlineSessionFilter extends PathMatchingFilter {//PathMatchingFilter提供了基于Ant風格的請求路徑匹配功能及攔截器參數解析的功能,// 如“roles[admin,user]”自動根據“,”分割解析到一個路徑參數配置并綁定到相應的路徑:private OnlineSessionDAO onlineSessionDAO;/*** 同步會話數據到DB 一次請求最多同步一次 防止過多處理 需要放到Shiro過濾器之前*///onPreHandle:在preHandle中,當pathsMatch匹配一個路徑后,// 會調用opPreHandler方法并將路徑綁定參數配置傳給mappedValue;// 然后可以在這個方法中進行一些驗證(如角色授權),如果驗證失敗可以返回false中斷流程;默認返回true;// 也就是說子類可以只實現onPreHandle即可,無須實現preHandle。如果沒有path與請求路徑匹配,默認是通過的(即preHandle返回true)。//@Overrideprotected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception{OnlineSession session = (OnlineSession) request.getAttribute(ShiroConstants.ONLINE_SESSION);// 如果session stop了 也不同步// session停止時間,如果stopTimestamp不為null,則代表已停止if (session != null && session.getUserId() != null && session.getStopTimestamp() == null){onlineSessionDAO.syncToDb(session);}return true;}public void setOnlineSessionDAO(OnlineSessionDAO onlineSessionDAO){this.onlineSessionDAO = onlineSessionDAO;} }退出過濾器
public class LogoutFilter extends org.apache.shiro.web.filter.authc.LogoutFilter {private static final Logger log = LoggerFactory.getLogger(LogoutFilter.class);/*** 退出后重定向的地址*/private String loginUrl;public String getLoginUrl(){return loginUrl;}public void setLoginUrl(String loginUrl){this.loginUrl = loginUrl;}@Overrideprotected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception{try{Subject subject = getSubject(request, response);String redirectUrl = getRedirectUrl(request, response, subject);try{SysUser user = ShiroUtils.getSysUser();if (StringUtils.isNotNull(user)){String loginName = user.getLoginName();// 記錄用戶退出日志AsyncManager.me().execute(AsyncFactory.recordLogininfor(loginName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));// 清理緩存SpringUtils.getBean(ISysUserOnlineService.class).removeUserCache(loginName, ShiroUtils.getSessionId());}// 退出登錄subject.logout();}catch (SessionException ise){log.error("logout fail.", ise);}issueRedirect(request, response, redirectUrl);}catch (Exception e){log.error("Encountered session exception during logout. This can generally safely be ignored.", e);}return false;}/*** 退出跳轉URL*/@Overrideprotected String getRedirectUrl(ServletRequest request, ServletResponse response, Subject subject){String url = getLoginUrl();if (StringUtils.isNotEmpty(url)){return url;}return super.getRedirectUrl(request, response, subject);} }定期session驗證任務調度器
@Component public class SpringSessionValidationScheduler implements SessionValidationScheduler {private static final Logger log = LoggerFactory.getLogger(SpringSessionValidationScheduler.class);public static final long DEFAULT_SESSION_VALIDATION_INTERVAL = DefaultSessionManager.DEFAULT_SESSION_VALIDATION_INTERVAL;/*** 定時器,用于處理超時的掛起請求,也用于連接斷開時的重連。*/@Autowired@Qualifier("scheduledExecutorService")private ScheduledExecutorService executorService;private volatile boolean enabled = false;/*** 會話驗證管理器*/@Autowired@Qualifier("sessionManager")@Lazyprivate ValidatingSessionManager sessionManager;// 相隔多久檢查一次session的有效性,單位毫秒,默認就是10分鐘@Value("${shiro.session.validationInterval}")private long sessionValidationInterval;@Overridepublic boolean isEnabled(){return this.enabled;}//設置定期驗證session是否過期的時間間隔public void setSessionValidationInterval(long sessionValidationInterval){this.sessionValidationInterval = sessionValidationInterval;}/*** Starts session validation by creating a spring PeriodicTrigger.*/@Overridepublic void enableSessionValidation(){enabled = true;if (log.isDebugEnabled()){log.debug("Scheduling session validation job using Spring Scheduler with "+ "session validation interval of [" + sessionValidationInterval + "]ms...");}try{executorService.scheduleAtFixedRate(new Runnable(){@Overridepublic void run(){if (enabled){sessionManager.validateSessions();//org.apache.shiro.session.mgt包下的方法validateSessions();//對系統中所有打開/活動會話(那些尚未停止或過期的會話)進行會話驗證,并驗證每個會話。// 如果發現一個會話無效(例如它已經過期),它會被更新并保存到 EIS。}}}, 1000, sessionValidationInterval * 60 * 1000, TimeUnit.MILLISECONDS);this.enabled = true;if (log.isDebugEnabled()){log.debug("Session validation job successfully scheduled with Spring Scheduler.");}}catch (Exception e){if (log.isErrorEnabled()){log.error("Error starting the Spring Scheduler session validation job. Session validation may not occur.", e);}}}@Overridepublic void disableSessionValidation(){if (log.isDebugEnabled()){log.debug("Stopping Spring Scheduler session validation job...");}if (this.enabled){Threads.shutdownAndAwaitTermination(executorService);}this.enabled = false;} }shiro配置類
創建一個ShiroConfig,然后創建一個shiroFilter方法。在Shiro使用認證和授權時,其實都是通過ShiroFilterFactoryBean設置一些Shiro的攔截器進行的,攔截器會以LinkedHashMap的形式存儲需要攔截的資源及鏈接,并且會按照順序執行,其中鍵為攔截的資源或鏈接,值為攔截的形式(比如authc:所有URL都必須認證通過才可以訪問,anon:所有URL都可以匿名訪問),在攔截的過程中可以使用通配符,比如/**為攔截所有,所以一般/**放在最下面。同時,可以通過ShiroFilterFactoryBean設置登錄鏈接、未授權鏈接、登錄成功跳轉頁等,這里設置的shiroFilter方法內容如代碼清單7-7所示。
@Configuration public class ShiroConfig {/*** Session超時時間,單位為毫秒(默認30分鐘)*/@Value("${shiro.session.expireTime}")private int expireTime;/*** 相隔多久檢查一次session的有效性,單位毫秒,默認就是10分鐘*/@Value("${shiro.session.validationInterval}")private int validationInterval;/*** 同一個用戶最大會話數*/@Value("${shiro.session.maxSession}")private int maxSession;/*** 踢出之前登錄的/之后登錄的用戶,默認踢出之前登錄的用戶*/@Value("${shiro.session.kickoutAfter}")private boolean kickoutAfter;/*** 驗證碼開關*/@Value("${shiro.user.captchaEnabled}")private boolean captchaEnabled;/*** 驗證碼類型*/@Value("${shiro.user.captchaType}")private String captchaType;/*** 設置Cookie的域名*/@Value("${shiro.cookie.domain}")private String domain;/*** 設置cookie的有效訪問路徑*/@Value("${shiro.cookie.path}")private String path;/*** 設置HttpOnly屬性*/@Value("${shiro.cookie.httpOnly}")private boolean httpOnly;/*** 設置Cookie的過期時間,秒為單位*/@Value("${shiro.cookie.maxAge}")private int maxAge;/*** 設置cipherKey密鑰*/@Value("${shiro.cookie.cipherKey}")private String cipherKey;/*** 登錄地址*/@Value("${shiro.user.loginUrl}")private String loginUrl;/*** 權限認證失敗地址*/@Value("${shiro.user.unauthorizedUrl}")private String unauthorizedUrl;/*** 是否開啟記住我功能*/@Value("${shiro.rememberMe.enabled: false}")private boolean rememberMe;/*** 緩存管理器 使用Ehcache實現*/@Beanpublic EhCacheManager getEhCacheManager(){net.sf.ehcache.CacheManager cacheManager = net.sf.ehcache.CacheManager.getCacheManager("ruoyi");EhCacheManager em = new EhCacheManager();if (StringUtils.isNull(cacheManager)){em.setCacheManager(new net.sf.ehcache.CacheManager(getCacheManagerConfigFileInputStream()));return em;}else{em.setCacheManager(cacheManager);return em;}}/*** 返回配置文件流 避免ehcache配置文件一直被占用,無法完全銷毀項目重新部署*/protected InputStream getCacheManagerConfigFileInputStream(){String configFile = "classpath:ehcache/ehcache-shiro.xml";InputStream inputStream = null;try{inputStream = ResourceUtils.getInputStreamForPath(configFile);byte[] b = IOUtils.toByteArray(inputStream);InputStream in = new ByteArrayInputStream(b);return in;}catch (IOException e){throw new ConfigurationException("Unable to obtain input stream for cacheManagerConfigFile [" + configFile + "]", e);}finally{IOUtils.closeQuietly(inputStream);}}/*** 自定義Realm*/@Beanpublic UserRealm userRealm(EhCacheManager cacheManager){UserRealm userRealm = new UserRealm();userRealm.setAuthorizationCacheName(Constants.SYS_AUTH_CACHE);userRealm.setCacheManager(cacheManager);return userRealm;}/*** 自定義sessionDAO會話*/@Beanpublic OnlineSessionDAO sessionDAO(){OnlineSessionDAO sessionDAO = new OnlineSessionDAO();return sessionDAO;}/*** 自定義sessionFactory會話*/@Beanpublic OnlineSessionFactory sessionFactory(){OnlineSessionFactory sessionFactory = new OnlineSessionFactory();return sessionFactory;}/*** 會話管理器*/@Beanpublic OnlineWebSessionManager sessionManager(){OnlineWebSessionManager manager = new OnlineWebSessionManager();// 加入緩存管理器manager.setCacheManager(getEhCacheManager());// 刪除過期的sessionmanager.setDeleteInvalidSessions(true);// 設置全局session超時時間manager.setGlobalSessionTimeout(expireTime * 60 * 1000);// 去掉 JSESSIONIDmanager.setSessionIdUrlRewritingEnabled(false);// 定義要使用的無效的Session定時調度器manager.setSessionValidationScheduler(SpringUtils.getBean(SpringSessionValidationScheduler.class));// 是否定時檢查sessionmanager.setSessionValidationSchedulerEnabled(true);// 自定義SessionDaomanager.setSessionDAO(sessionDAO());// 自定義sessionFactorymanager.setSessionFactory(sessionFactory());return manager;}/*** 安全管理器*/@Beanpublic SecurityManager securityManager(UserRealm userRealm){DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();// 設置realm.securityManager.setRealm(userRealm);// 記住我securityManager.setRememberMeManager(rememberMe ? rememberMeManager() : null);// 注入緩存管理器;securityManager.setCacheManager(getEhCacheManager());// session管理器securityManager.setSessionManager(sessionManager());return securityManager;}/*** 退出過濾器*/public LogoutFilter logoutFilter(){LogoutFilter logoutFilter = new LogoutFilter();logoutFilter.setLoginUrl(loginUrl);return logoutFilter;}/*** Shiro過濾器配置*/@Beanpublic ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();// Shiro的核心安全接口,這個屬性是必須的shiroFilterFactoryBean.setSecurityManager(securityManager);// 身份認證失敗,則跳轉到登錄頁面的配置shiroFilterFactoryBean.setLoginUrl(loginUrl);// 權限認證失敗,則跳轉到指定頁面shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);// Shiro連接約束配置,即過濾鏈的定義LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();// 對靜態資源設置匿名訪問filterChainDefinitionMap.put("/favicon.ico**", "anon");filterChainDefinitionMap.put("/ruoyi.png**", "anon");filterChainDefinitionMap.put("/html/**", "anon");filterChainDefinitionMap.put("/css/**", "anon");filterChainDefinitionMap.put("/docs/**", "anon");filterChainDefinitionMap.put("/fonts/**", "anon");filterChainDefinitionMap.put("/img/**", "anon");filterChainDefinitionMap.put("/ajax/**", "anon");filterChainDefinitionMap.put("/js/**", "anon");filterChainDefinitionMap.put("/ruoyi/**", "anon");filterChainDefinitionMap.put("/captcha/captchaImage**", "anon");// 退出 logout地址,shiro去清除sessionfilterChainDefinitionMap.put("/logout", "logout");// 不需要攔截的訪問filterChainDefinitionMap.put("/login", "anon,captchaValidate");// 注冊相關filterChainDefinitionMap.put("/register", "anon,captchaValidate");// 系統權限列表// filterChainDefinitionMap.putAll(SpringUtils.getBean(IMenuService.class).selectPermsAll());Map<String, Filter> filters = new LinkedHashMap<String, Filter>();filters.put("onlineSession", onlineSessionFilter());filters.put("syncOnlineSession", syncOnlineSessionFilter());filters.put("captchaValidate", captchaValidateFilter());filters.put("kickout", kickoutSessionFilter());// 注銷成功,則跳轉到指定頁面filters.put("logout", logoutFilter());shiroFilterFactoryBean.setFilters(filters);// 所有請求需要認證filterChainDefinitionMap.put("/**", "user,kickout,onlineSession,syncOnlineSession");shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);return shiroFilterFactoryBean;}/*** 自定義在線用戶處理過濾器*/public OnlineSessionFilter onlineSessionFilter(){OnlineSessionFilter onlineSessionFilter = new OnlineSessionFilter();onlineSessionFilter.setLoginUrl(loginUrl);onlineSessionFilter.setOnlineSessionDAO(sessionDAO());return onlineSessionFilter;}/*** 自定義在線用戶同步過濾器*/public SyncOnlineSessionFilter syncOnlineSessionFilter(){SyncOnlineSessionFilter syncOnlineSessionFilter = new SyncOnlineSessionFilter();syncOnlineSessionFilter.setOnlineSessionDAO(sessionDAO());return syncOnlineSessionFilter;}/*** 自定義驗證碼過濾器*/public CaptchaValidateFilter captchaValidateFilter(){CaptchaValidateFilter captchaValidateFilter = new CaptchaValidateFilter();captchaValidateFilter.setCaptchaEnabled(captchaEnabled);captchaValidateFilter.setCaptchaType(captchaType);return captchaValidateFilter;}/*** cookie 屬性設置*/public SimpleCookie rememberMeCookie(){SimpleCookie cookie = new SimpleCookie("rememberMe");cookie.setDomain(domain);cookie.setPath(path);cookie.setHttpOnly(httpOnly);cookie.setMaxAge(maxAge * 24 * 60 * 60);return cookie;}/*** 記住我*/public CookieRememberMeManager rememberMeManager(){CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();cookieRememberMeManager.setCookie(rememberMeCookie());if (StringUtils.isNotEmpty(cipherKey)){cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey));}else{cookieRememberMeManager.setCipherKey(CipherUtils.generateNewKey(128, "AES").getEncoded());}return cookieRememberMeManager;}/*** 同一個用戶多設備登錄限制*/public KickoutSessionFilter kickoutSessionFilter(){KickoutSessionFilter kickoutSessionFilter = new KickoutSessionFilter();kickoutSessionFilter.setCacheManager(getEhCacheManager());kickoutSessionFilter.setSessionManager(sessionManager());// 同一個用戶最大的會話數,默認-1無限制;比如2的意思是同一個用戶允許最多同時兩個人登錄kickoutSessionFilter.setMaxSession(maxSession);// 是否踢出后來登錄的,默認是false;即后者登錄的用戶踢出前者登錄的用戶;踢出順序kickoutSessionFilter.setKickoutAfter(kickoutAfter);// 被踢出后重定向到的地址;kickoutSessionFilter.setKickoutUrl("/login?kickout=1");return kickoutSessionFilter;}/*** thymeleaf模板引擎和shiro框架的整合*/@Beanpublic ShiroDialect shiroDialect(){return new ShiroDialect();}/*** 開啟Shiro注解通知器*/@Beanpublic AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager){AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);return authorizationAttributeSourceAdvisor;} }自定義Session類(繼承 SimpleSession)
public class OnlineSession extends SimpleSession {private static final long serialVersionUID = 1L;/** 用戶ID */private Long userId;/** 用戶名稱 */private String loginName;/** 部門名稱 */private String deptName;/** 用戶頭像 */private String avatar;/** 登錄IP地址 */private String host;/** 瀏覽器類型 */private String browser;/** 操作系統 */private String os;/** 在線狀態 */private OnlineStatus status = OnlineStatus.on_line;/** 屬性是否改變 優化session數據同步 */private transient boolean attributeChanged = false;@Overridepublic String getHost(){return host;}@Overridepublic void setHost(String host){this.host = host;}自定義SessionFactory會話(繼承SessionFactory)
@Data @Component public class OnlineSessionFactory implements SessionFactory {@Overridepublic Session createSession(SessionContext initData){OnlineSession session = new OnlineSession();if (initData != null && initData instanceof WebSessionContext){WebSessionContext sessionContext = (WebSessionContext) initData;HttpServletRequest request = (HttpServletRequest) sessionContext.getServletRequest();if (request != null){UserAgent userAgent = UserAgent.parseUserAgentString(ServletUtils.getRequest().getHeader("User-Agent"));// 獲取客戶端操作系統String os = userAgent.getOperatingSystem().getName();// 獲取客戶端瀏覽器String browser = userAgent.getBrowser().getName();session.setHost(IpUtils.getIpAddr(request));session.setBrowser(browser);session.setOs(os);}}return session;} }自定義的ShiroSessionDao(繼承EnterpriseCacheSessionDAO)
public class OnlineSessionDAO extends EnterpriseCacheSessionDAO {//extends AbstractSessionDAO/*** 同步session到數據庫的周期 單位為毫秒(默認1分鐘)*/@Value("${shiro.session.dbSyncPeriod}")private int dbSyncPeriod;/*** 上次同步數據庫的時間戳*/private static final String LAST_SYNC_DB_TIMESTAMP = OnlineSessionDAO.class.getName() + "LAST_SYNC_DB_TIMESTAMP";@Autowiredprivate SysShiroService sysShiroService;public OnlineSessionDAO(){super();}public OnlineSessionDAO(long expireTime){super();}/*** 根據會話ID獲取會話** @param sessionId 會話ID* @return ShiroSession*/@Overrideprotected Session doReadSession(Serializable sessionId){return sysShiroService.getSession(sessionId);}@Overridepublic void update(Session session) throws UnknownSessionException{super.update(session);} // EnterpriseCacheSessionDAO有一個方法: // protected Serializable doCreate(Session session) { // /*通過sessionId保存對應的session*/ // Serializable sessionId = this.generateSessionId(session); // /*將sessionId和session捆綁*/ // this.assignSessionId(session, sessionId); // return sessionId; // }/*** 更新會話;如更新會話最后訪問時間/停止會話/設置超時時間/設置移除屬性等會調用*/public void syncToDb(OnlineSession onlineSession){Date lastSyncTimestamp = (Date) onlineSession.getAttribute(LAST_SYNC_DB_TIMESTAMP);if (lastSyncTimestamp != null){boolean needSync = true;long deltaTime = onlineSession.getLastAccessTime().getTime() - lastSyncTimestamp.getTime();if (deltaTime < dbSyncPeriod * 60 * 1000){// 時間差不足 無需同步needSync = false;}// isGuest = true 訪客boolean isGuest = onlineSession.getUserId() == null || onlineSession.getUserId() == 0L;// session 數據變更了 同步if (!isGuest && onlineSession.isAttributeChanged()){needSync = true;}if (!needSync){return;}}// 更新上次同步數據庫時間onlineSession.setAttribute(LAST_SYNC_DB_TIMESTAMP, onlineSession.getLastAccessTime());// 更新完后 重置標識if (onlineSession.isAttributeChanged()){onlineSession.resetAttributeChanged();}AsyncManager.me().execute(AsyncFactory.syncSessionToDb(onlineSession));}/*** 當會話過期/停止(如用戶退出時)屬性等會調用*/@Overrideprotected void doDelete(Session session){OnlineSession onlineSession = (OnlineSession) session;if (null == onlineSession){return;}onlineSession.setStatus(OnlineStatus.off_line);sysShiroService.deleteSession(onlineSession);} }總結
以上是生活随笔為你收集整理的springboot使用shiro配置多个过滤器和session同步案例的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 【学习笔记】springboot的Aut
- 下一篇: springboot封装统一查询对象进行