您好,登錄后才能下訂單哦!
前言
眾所周知在spring boot內(nèi),設(shè)置session過期時間只需在application.properties
內(nèi)添加server.session.timeout
配置即可。在整合shiro時發(fā)現(xiàn),server.session.timeout
設(shè)置為7200,但未到2小時就需要重新登錄,后來發(fā)現(xiàn)是shiro的session已經(jīng)過期了,shiro的session過期時間并不和server.session.timeout
一致,目前是采用filter的方式來進(jìn)行設(shè)置。
ShiroSessionFilter
/** * 通過攔截器設(shè)置shiroSession過期時間 * @author yangwk */ public class ShiroSessionFilter implements Filter { private static Logger logger = LoggerFactory.getLogger(ShiroSessionFilter.class); public List<String> excludes = new ArrayList<String>(); private long serverSessionTimeout = 180000L;//ms public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,ServletException { if(logger.isDebugEnabled()){ logger.debug("shiro session filter is open"); } HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; if(handleExcludeURL(req, resp)){ filterChain.doFilter(request, response); return; } Subject currentUser = SecurityUtils.getSubject(); if(currentUser.isAuthenticated()){ currentUser.getSession().setTimeout(serverSessionTimeout); } filterChain.doFilter(request, response); } private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) { if (excludes == null || excludes.isEmpty()) { return false; } String url = request.getServletPath(); for (String pattern : excludes) { Pattern p = Pattern.compile("^" + pattern); Matcher m = p.matcher(url); if (m.find()) { return true; } } return false; } @Override public void init(FilterConfig filterConfig) throws ServletException { if(logger.isDebugEnabled()){ logger.debug("shiro session filter init~~~~~~~~~~~~"); } String temp = filterConfig.getInitParameter("excludes"); if (temp != null) { String[] url = temp.split(","); for (int i = 0; url != null && i < url.length; i++) { excludes.add(url[i]); } } String timeout = filterConfig.getInitParameter("serverSessionTimeout"); if(StringUtils.isNotBlank(timeout)){ this.serverSessionTimeout = NumberUtils.toLong(timeout,1800L)*1000L; } } @Override public void destroy() {} }
注冊filter
在被@Configuration注解標(biāo)注的類內(nèi)注冊ShiroSessionFilter。
@Value("${server.session.timeout}") private String serverSessionTimeout; @Bean public FilterRegistrationBean shiroSessionFilterRegistrationBean() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(new ShiroSessionFilter()); filterRegistrationBean.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE); filterRegistrationBean.setEnabled(true); filterRegistrationBean.addUrlPatterns("/*"); Map<String, String> initParameters = Maps.newHashMap(); initParameters.put("serverSessionTimeout", serverSessionTimeout); initParameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*"); filterRegistrationBean.setInitParameters(initParameters); return filterRegistrationBean; }
這樣當(dāng)每次請求時,如果用戶已登錄,就重新設(shè)置shiro session有效期,從而和server session保持了一致。
總結(jié)
以上就是這篇文章的全部內(nèi)容,希望本文的內(nèi)容對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值,如果有疑問大家可以留言交流,謝謝大家對億速云的支持。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。