spring boot实战教程之shiro session过期时间详解
作者:思与学 时间:2023-01-05 01:37:47
前言
众所周知在spring boot内,设置session过期时间只需在application.properties内添加server.session.timeout配置即可。在整合shiro时发现,server.session.timeout设置为7200,但未到2小时就需要重新登录,后来发现是shiro的session已经过期了,shiro的session过期时间并不和server.session.timeout一致,目前是采用filter的方式来进行设置。
ShiroSessionFilter
/**
* 通过 * 设置shiroSession过期时间
* @author yangwk
*/
public class ShiroSessionFilter implements Filter {
private static Logger logger = LoggerFactory.getLogger(ShiroSessionFilter.class);
public List<String> excludes = new ArrayList<String>();
private long serverSessionTimeout = 180000L;//ms
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,ServletException {
if(logger.isDebugEnabled()){
logger.debug("shiro session filter is open");
}
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
if(handleExcludeURL(req, resp)){
filterChain.doFilter(request, response);
return;
}
Subject currentUser = SecurityUtils.getSubject();
if(currentUser.isAuthenticated()){
currentUser.getSession().setTimeout(serverSessionTimeout);
}
filterChain.doFilter(request, response);
}
private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
if (excludes == null || excludes.isEmpty()) {
return false;
}
String url = request.getServletPath();
for (String pattern : excludes) {
Pattern p = Pattern.compile("^" + pattern);
Matcher m = p.matcher(url);
if (m.find()) {
return true;
}
}
return false;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
if(logger.isDebugEnabled()){
logger.debug("shiro session filter init~~~~~~~~~~~~");
}
String temp = filterConfig.getInitParameter("excludes");
if (temp != null) {
String[] url = temp.split(",");
for (int i = 0; url != null && i < url.length; i++) {
excludes.add(url[i]);
}
}
String timeout = filterConfig.getInitParameter("serverSessionTimeout");
if(StringUtils.isNotBlank(timeout)){
this.serverSessionTimeout = NumberUtils.toLong(timeout,1800L)*1000L;
}
}
@Override
public void destroy() {}
}
注册filter
在被@Configuration注解标注的类内注册ShiroSessionFilter。
@Value("${server.session.timeout}")
private String serverSessionTimeout;
@Bean
public FilterRegistrationBean shiroSessionFilterRegistrationBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new ShiroSessionFilter());
filterRegistrationBean.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE);
filterRegistrationBean.setEnabled(true);
filterRegistrationBean.addUrlPatterns("/*");
Map<String, String> initParameters = Maps.newHashMap();
initParameters.put("serverSessionTimeout", serverSessionTimeout);
initParameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*");
filterRegistrationBean.setInitParameters(initParameters);
return filterRegistrationBean;
}
这样当每次请求时,如果用户已登录,就重新设置shiro session有效期,从而和server session保持了一致。
来源:http://www.jianshu.com/p/21d800215c17
标签:springboot,session过期,shiro
0
投稿猜你喜欢
Android常用的图片加载库
2021-06-04 18:56:30
Spring Boot 搭建 ELK正确看日志的配置流程
2022-08-28 17:13:46
Java查看和修改线程优先级操作详解
2023-09-13 08:25:30
DWR异常情况处理常见方法解析
2022-10-14 02:10:50
java基础的详细了解第四天
2022-11-25 07:24:51
flutter仿微信底部图标渐变功能的实现代码
2023-08-18 14:31:39
SpringBoot防止大量请求攻击的实现
2023-11-24 16:42:54
Kotlin Flow封装类SharedFlow StateFlow LiveData使用对比
2021-12-12 17:49:18
MyBatis如何进行双重foreach循环
2022-11-24 22:54:17
C#使用windows服务开启应用程序的方法
2022-08-14 04:37:14
Jersey Restful接口如何获取参数的问题
2023-10-29 14:44:16
Java内存溢出案例模拟和原理分析过程
2023-04-09 07:27:48
Java Spring AOP之PointCut案例详解
2023-05-24 16:46:15
Java 生成PDF文档的示例代码
2022-10-31 17:39:10
SpringBoot+redis配置及测试的方法
2022-11-21 04:12:52
关于javascript冒泡与默认事件的使用详解
2023-05-16 07:16:32
C++实现扫雷小游戏
2022-07-27 22:59:39
使用JMX监控Zookeeper状态Java API
2023-05-14 02:27:26
浅谈Android Studio 4.1 更新内容
2021-09-17 11:27:30
java异常处理执行顺序详解try catch finally
2022-10-01 04:10:10
