Shiro + SSM(框架) + Freemarker(jsp)讲解的权限控制Demo,还不赶快去下载?

Shiro + SSM(框架) + Freemarker(jsp)讲解的权限控制Demo,还不赶快去下载?

【转】http://www.sojson.com/blog/137.html

Shiro  我们通过重写AbstractSessionDAO ,来实现 Session  共享。再重写 Session  的时候(其实也不算重写),因为和HttpSession 没有任何实现或者继承关系。

首先 Shiro   Session  配置讲解。

Session  的每个回话的ID 生成器,我们用JavaUuidSessionIdGenerator (UUID 规则)。

 
  1. <!-- 会话Session ID生成器 -->
  2. <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>

Session  的创建、获取、删除

 
  1. <!-- session 创建、删除、查询 -->
  2. <bean id="jedisShiroSessionRepository" class="com.sojson.core.shiro.cache.JedisShiroSessionRepository" >
  3. <property name="jedisManager" ref="jedisManager"/>
  4. </bean>

Session  的监听生命周期

 
  1. <!-- custom shiro session listener -->
  2. <bean id="customShiroSessionDAO" class="com.sojson.core.shiro.CustomShiroSessionDAO">
  3. <property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
  4. <property name="sessionIdGenerator" ref="sessionIdGenerator"/>
  5. </bean>

Session  定时管理器(有效期)

 
  1. <!-- 会话验证调度器 -->
  2. <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
  3. <property name="interval" value="${session.validate.timespan}"/><!--检测时间间距,默认是60分钟-->
  4. <property name="sessionManager" ref="sessionManager"/>
  5. </bean>

Session   cookie  模版配置

 
  1. <!-- 会话Cookie模板 -->
  2. <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
  3. <!--cookie的name,我故意取名叫xxxxbaidu -->
  4. <constructor-arg value="v_v-s-baidu"/>
  5. <property name="httpOnly" value="true"/>
  6. <!--cookie的有效时间 -->
  7. <property name="maxAge" value="-1"/>
  8. <!-- 配置存储Session Cookie的domain为 一级域名 -->
  9. <property name="domain" value=".itboy.net"/>
  10. </bean>

Session  Manager 配置

 
  1. <!-- Session Manager -->
  2. <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
  3. <!-- 相隔多久检查一次session的有效性 -->
  4. <property name="sessionValidationInterval" value="1800000"/>
  5. <!-- session 有效时间为半小时 (毫秒单位)-->
  6. <property name="globalSessionTimeout" value="1800000"/>
  7. <property name="sessionDAO" ref="customShiroSessionDAO"/>
  8. <!-- session 监听,可以多个。 -->
  9. <property name="sessionListeners">
  10. <list>
  11. <ref bean="customSessionListener"/>
  12. </list>
  13. </property>
  14. <!-- 间隔多少时间检查,不配置是60分钟 -->
  15. <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
  16. <!-- 是否开启 检测,默认开启 -->
  17. <property name="sessionValidationSchedulerEnabled" value="true"/>
  18. <!-- 是否删除无效的,默认也是开启 -->
  19. <property name="deleteInvalidSessions" value="true"/>
  20. <!-- 会话Cookie模板 -->
  21. <property name="sessionIdCookie" ref="sessionIdCookie"/>
  22. </bean>

Session  的创建、删除、查询 ,ShiroSessionRepository 接口定义。

 
  1. package com.sojson.core.shiro.session;
  3. import org.apache.shiro.session.Session;
  5. import java.io.Serializable;
  6. import java.util.Collection;
  8. /**
  9. * custom shiro session manager interface
  10. *
  11. * @author zhoubaicheng
  12. */
  13. public interface ShiroSessionRepository {
  15. /**
  16. * 存储Session
  17. * @param session
  18. */
  19. void saveSession(Session session);
  20. /**
  21. * 删除session
  22. * @param sessionId
  23. */
  24. void deleteSession(Serializable sessionId);
  25. /**
  26. * 获取session
  27. * @param sessionId
  28. * @return
  29. */
  30. Session getSession(Serializable sessionId);
  31. /**
  32. * 获取所有sessoin
  33. * @return
  34. */
  35. Collection<Session> getAllSessions();
  36. }

Session  的创建、删除、查询实现。com.sojson.core.shiro.cache.JedisShiroSessionRepository 

 
  1. package com.sojson.core.shiro.cache;
  3. import java.io.Serializable;
  4. import java.util.Collection;
  6. import org.apache.log4j.Logger;
  7. import org.apache.shiro.session.Session;
  9. import com.sojson.common.utils.SerializeUtil;
  10. import com.sojson.core.shiro.session.ShiroSessionRepository;
  11. /**
  12. * Session 管理
  13. * @author sojson.com
  14. *
  15. */
  16. @SuppressWarnings("unchecked")
  17. public class JedisShiroSessionRepository implements ShiroSessionRepository {
  18. private static Logger logger = Logger.getLogger(JedisShiroSessionRepository.class);
  19. public static final String REDIS_SHIRO_SESSION = "sojson-shiro-session:";
  20. //这里有个小BUG,因为Redis使用序列化后,Key反序列化回来发现前面有一段乱码,解决的办法是存储缓存不序列化
  21. public static final String REDIS_SHIRO_ALL = "*sojson-shiro-session:*";
  22. private static final int SESSION_VAL_TIME_SPAN = 18000;
  23. private static final int DB_INDEX = 1;
  25. private JedisManager jedisManager;
  27. @Override
  28. public void saveSession(Session session) {
  29. if (session == null || session.getId() == null)
  30. throw new NullPointerException("session is empty");
  31. try {
  32. byte[] key = SerializeUtil.serialize(buildRedisSessionKey(session.getId()));
  33. byte[] value = SerializeUtil.serialize(session);
  34. long sessionTimeOut = session.getTimeout() / 1000;
  35. Long expireTime = sessionTimeOut + SESSION_VAL_TIME_SPAN + (5 * 60);
  36. getJedisManager().saveValueByKey(DB_INDEX, key, value, expireTime.intValue());
  37. } catch (Exception e) {
  38. e.printStackTrace();
  39. System.out.println("save session error");
  40. }
  41. }
  43. @Override
  44. public void deleteSession(Serializable id) {
  45. if (id == null) {
  46. throw new NullPointerException("session id is empty");
  47. }
  48. try {
  49. getJedisManager().deleteByKey(DB_INDEX,
  50. SerializeUtil.serialize(buildRedisSessionKey(id)));
  51. } catch (Exception e) {
  52. e.printStackTrace();
  53. System.out.println("delete session error");
  54. }
  55. }
  58. @Override
  59. public Session getSession(Serializable id) {
  60. if (id == null)
  61. throw new NullPointerException("session id is empty");
  62. Session session = null;
  63. try {
  64. byte[] value = getJedisManager().getValueByKey(DB_INDEX, SerializeUtil
  65. .serialize(buildRedisSessionKey(id)));
  66. session = SerializeUtil.deserialize(value, Session.class);
  67. } catch (Exception e) {
  68. e.printStackTrace();
  69. System.out.println("get session error");
  70. }
  71. return session;
  72. }
  74. @Override
  75. public Collection<Session> getAllSessions() {
  76. Collection<Session> sessions = null;
  77. try {
  78. sessions = getJedisManager().AllSession(DB_INDEX,REDIS_SHIRO_SESSION);
  79. } catch (Exception e) {
  80. logger.error("获取全部session异常");
  81. e.printStackTrace();
  82. }
  84. return sessions;
  85. }
  87. private String buildRedisSessionKey(Serializable sessionId) {
  88. return REDIS_SHIRO_SESSION + sessionId;
  89. }
  91. public JedisManager getJedisManager() {
  92. return jedisManager;
  93. }
  95. public void setJedisManager(JedisManager jedisManager) {
  96. this.jedisManager = jedisManager;
  97. }
  98. }

CustomShiroSessionDAO的继承实现

 
  1. package com.sojson.core.shiro;
  3. import java.io.Serializable;
  4. import java.util.Collection;
  6. import org.apache.log4j.Logger;
  7. import org.apache.shiro.session.Session;
  8. import org.apache.shiro.session.UnknownSessionException;
  9. import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
  11. import com.sojson.core.shiro.session.ShiroSessionRepository;
  13. public class CustomShiroSessionDAO extends AbstractSessionDAO{
  15. private static Logger logger = Logger.getLogger(CustomShiroSessionDAO.class);
  17. private ShiroSessionRepository shiroSessionRepository;
  19. public ShiroSessionRepository getShiroSessionRepository() {
  20. return shiroSessionRepository;
  21. }
  23. public void setShiroSessionRepository(
  24. ShiroSessionRepository shiroSessionRepository) {
  25. this.shiroSessionRepository = shiroSessionRepository;
  26. }
  28. @Override
  29. public void update(Session session) throws UnknownSessionException {
  30. getShiroSessionRepository().saveSession(session);
  31. }
  33. @Override
  34. public void delete(Session session) {
  35. if (session == null) {
  36. logger.error(
  37. "session can not be null,delete failed");
  38. return;
  39. }
  40. Serializable id = session.getId();
  41. if (id != null)
  42. getShiroSessionRepository().deleteSession(id);
  43. }
  45. @Override
  46. public Collection<Session> getActiveSessions() {
  47. return getShiroSessionRepository().getAllSessions();
  48. }
  50. @Override
  51. protected Serializable doCreate(Session session) {
  52. Serializable sessionId = this.generateSessionId(session);
  53. this.assignSessionId(session, sessionId);
  54. getShiroSessionRepository().saveSession(session);
  55. return sessionId;
  56. }
  58. @Override
  59. protected Session doReadSession(Serializable sessionId) {
  60. return getShiroSessionRepository().getSession(sessionId);
  61. } }

 

这样基本就OK了, Redis  配置请看前面的博客。因为我们是使用同一个 Redis  ,所以 Session  是共享的。

posted @ 2017-06-14 16:28  半也  阅读(1313)  评论(0编辑  收藏  举报