先看下我们的基本用法:
@RequestMapping("/index")
public ModelAndView index(HttpSession session){
System.out.println(session.getId());
ModelAndView modelAndView = new ModelAndView("main/index");
return modelAndView;
}
如果我们添加断点进行调试,可以看到session类型是:
org.apache.catalina.session.StandardSessionFacade
依赖于tomcat容器。
Shiro是一款非常优秀的用户-角色-权限管理框架,具体可以Google下。当然,Shiro也提供Session管理模块,现在我们就使用shiro+spring实现一个与容器无关的session。
- 引入shiro的jar包
-
<properties> <shiroVersion>1.2.3</shiroVersion> </properties> <dependencies> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiroVersion}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiroVersion}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiroVersion}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiroVersion}</version> </dependency> </dependencies> - 配置shiro(web.xml)
-
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>*.html</url-pattern> </filter-mapping>
- 配置shiro(spring)
-
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="sessionManager" ref="sessionManager"/> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="sessionManager" class="com.whereta.model.DemoSessionManager"> <property name="globalSessionTimeout" value="1000" /> <property name="deleteInvalidSessions" value="true" /> <property name="sessionValidationSchedulerEnabled" value="false" /> <property name="sessionDAO" ref="sessionDao" /> </bean> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" /> <bean id="demoCache" class="com.whereta.model.DemoCache" /> <bean id="sessionDao" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> <property name="sessionIdGenerator" ref="sessionIdGenerator" /> <property name="activeSessionsCache" ref="demoCache"/> </bean>
- 具体类用法
-
package com.whereta.model; import org.apache.shiro.cache.Cache; import org.apache.shiro.cache.CacheException; import org.apache.shiro.session.Session; import java.io.Serializable; import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.Set; /** * 该类是缓存工具类,提供session的存储和获取等方法 * @author Vincent * @time 2015/7/27 15:00 */ public class DemoCache implements Cache<Serializable, Session> { //模拟缓存存储session对象 private static final Map<Serializable, Session> map = new HashMap<Serializable, Session>(); public Session get(Serializable key) throws CacheException { //根据key获取缓存中的session return map.get(key); } public Session put(Serializable key, Session value) throws CacheException { //将session对象存入缓存 map.put(key, value); return value; } public Session remove(Serializable key) throws CacheException { //移除session中为key的对象 Session session = get(key); if (session != null) { session.setAttribute(key, null); return session; } return null; } public void clear() throws CacheException { //清除所有的session map.clear(); } public int size() { //返回session的数量 return map.size(); } public Set<Serializable> keys() { //返回所有session的key return map.keySet(); } public Collection<Session> values() { //返回所有session return map.values(); } } -
package com.whereta.model; import org.apache.shiro.session.Session; import org.apache.shiro.session.mgt.eis.SessionIdGenerator; import java.io.Serializable; /** * sessionId生成工具类 * @author Vincent * @time 2015/7/27 11:45 */ public class DemoSessionIdGenerator implements SessionIdGenerator { public Serializable generateId(Session session) { //自定义规则生成sessionid return System.currentTimeMillis(); } } -
package com.whereta.model; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.shiro.session.Session; import org.apache.shiro.session.mgt.SessionContext; import org.apache.shiro.web.servlet.ShiroHttpServletRequest; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.apache.shiro.web.util.WebUtils; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import java.io.Serializable; import java.util.HashMap; import java.util.Map; /** * 集成websession管理器,重写两个方法实现自己的需求 * @author Vincent * @time 2015/7/27 15:35 */ public class DemoSessionManager extends DefaultWebSessionManager { //自定义缓存,存储 客户端-sessionid public static final Map<String,Serializable> MAP=new HashMap<String, Serializable>(); private static Log log = LogFactory.getLog(DemoSessionManager.class); @Override protected Serializable getSessionId(ServletRequest request, ServletResponse response) { HttpServletRequest req= (HttpServletRequest) request; //假设以请求地址为key标注唯一一个客户端 String remoteHost = req.getRemoteHost(); //存入缓存 Serializable id = MAP.get(remoteHost); return id; } @Override protected void onStart(Session session, SessionContext context) { //判断是否是http请求 if (!WebUtils.isHttp(context)) { log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " + "pair. No session ID cookie will be set."); return; } HttpServletRequest request = WebUtils.getHttpRequest(context); request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE); String remoteHost = request.getRemoteHost(); Serializable id = session.getId(); MAP.put(remoteHost,id); } }通过以上配置,可以再次运行查看session,已经变为shiro的自定义session了
-
org.apache.shiro.web.servlet.ShiroHttpSession
时间: 2024-08-12 21:08:01