nginx+springboot+shiro+redis實現分佈式session共享，同一項目部署多份實現負載均衡

上篇文章寫道了基本的keepalived+nginx高可用，用興趣的夥伴可以參考我上篇文章！

centos7+keepalived+nginx+tomcat+springboot實現nginx+tomcat高可用以及故障郵件通知

一個項目部署多份後，必然會出現session問題，因爲每個tomcat的session是獨立的，要讓他們是一致的，就需要做到session共享，在springboot+shiro項目中tomcat的session是交給shiro管理的，默認情況下,shiro也是在內存中獨立處理session，爲了實現session共享，需要把Session交給redis來管理，這樣所有的項目都連接一個redis的話，那session就是共享的了

這篇文章寫得是shiro連接單機版redis，我貼出後來寫得shiro連接redis哨兵模式高可用集羣的鏈接

springboot+shiro+redis實現高可用集羣，shiro連接哨兵redis集羣，springboot配置方法，接上篇文章

說到這裏，其他的應用都作了高可用，redis當然也要做，下面的文章我就會把我做redis高可用的方法也貼出來，一步一步往上爬，redis這關攻破之後就是數據庫高可用，用的mysql比較多，就用mysql做例子吧

 先說shiro分佈式session：pom文件添加依賴如下

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
<dependency>
            <groupId>org.crazycake</groupId>
            <artifactId>shiro-redis</artifactId>
            <version>2.4.2.1-RELEASE</version>
        </dependency>

其他的普通的包我就不貼了，主要是比一般使用shiro多這兩個包

下面是配置項

多一個sessionDao

package com.huohua.common.config;
import java.io.Serializable;
import java.util.Collection;
import java.util.concurrent.TimeUnit;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
@Service
public class RedisSessionDao extends AbstractSessionDAO{
	// Session超時時間，單位爲毫秒 
	  private long expireTime = 120000; 
	  
	  @Autowired
	  private RedisTemplate redisTemplate;
	  
	  public RedisSessionDao() { 
	    super(); 
	  } 
	  
	  public RedisSessionDao(long expireTime, RedisTemplate redisTemplate) { 
	    super(); 
	    this.expireTime = expireTime; 
	    this.redisTemplate = redisTemplate; 
	  } 
	  
	  @Override // 更新session 
	  public void update(Session session) throws UnknownSessionException { 
	    System.out.println("===============update================"); 
	    if (session == null || session.getId() == null) { 
	      return; 
	    } 
	    session.setTimeout(expireTime); 
	    redisTemplate.opsForValue().set(session.getId(), session, expireTime, TimeUnit.MILLISECONDS); 
	  } 
	  
	  @Override // 刪除session 
	  public void delete(Session session) { 
	    System.out.println("===============delete================"); 
	    if (null == session) { 
	      return; 
	    } 
	    redisTemplate.opsForValue().getOperations().delete(session.getId()); 
	  } 
	  
	  @Override// 獲取活躍的session，可以用來統計在線人數，如果要實現這個功能，可以在將session加入redis時指定一個session前綴，統計的時候則使用keys("session-prefix*")的方式來模糊查找redis中所有的session集合 
	  public Collection<Session> getActiveSessions() { 
	    System.out.println("==============getActiveSessions================="); 
	    return redisTemplate.keys("*"); 
	  } 
	  
	  @Override// 加入session 
	  protected Serializable doCreate(Session session) { 
	    System.out.println("===============doCreate================"); 
	    Serializable sessionId = this.generateSessionId(session); 
	    this.assignSessionId(session, sessionId); 
	  
	    redisTemplate.opsForValue().set(session.getId(), session, expireTime, TimeUnit.MILLISECONDS); 
	    return sessionId; 
	  } 
	  
	  @Override// 讀取session 
	  protected Session doReadSession(Serializable sessionId) { 
	    System.out.println("==============doReadSession================="); 
	    if (sessionId == null) { 
	      return null; 
	    } 
	    return (Session) redisTemplate.opsForValue().get(sessionId); 
	  } 
	  
	  public long getExpireTime() { 
	    return expireTime; 
	  } 
	  
	  public void setExpireTime(long expireTime) { 
	    this.expireTime = expireTime; 
	  } 
	  
	  public RedisTemplate getRedisTemplate() { 
	    return redisTemplate; 
	  } 
	  
	  public void setRedisTemplate(RedisTemplate redisTemplate) { 
	    this.redisTemplate = redisTemplate; 
	  } 
}

shiroConfig類

package com.huohua.common.config;

import com.huohua.modules.sys.shiro.UserRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * Shiro的配置文件
 */
@Configuration
public class ShiroConfig {

    @Bean
    public DefaultWebSessionManager sessionManager(@Value("${globalSessionTimeout:3600}") long globalSessionTimeout
, RedisManager c){
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setSessionValidationSchedulerEnabled(true);
        sessionManager.setSessionIdUrlRewritingEnabled(false);
        sessionManager.setSessionValidationInterval(globalSessionTimeout * 1000);
        sessionManager.setGlobalSessionTimeout(globalSessionTimeout * 1000);
        sessionManager.setSessionDAO(redisSessionDAO(c));
        return sessionManager;
    }
    @ConfigurationProperties(prefix="spring.redis")
    @Bean
    public RedisManager redisManager() {
        return new RedisManager();
    }
    @Bean
    public RedisSessionDAO redisSessionDAO(RedisManager redisManager) {
        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
        redisSessionDAO.setRedisManager(redisManager);
        return redisSessionDAO;
    }

    @Bean("securityManager")
    public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm);
        securityManager.setSessionManager(sessionManager);
        securityManager.setRememberMeManager(null);

        return securityManager;
    }


    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);
        shiroFilter.setLoginUrl("/login.html");
        shiroFilter.setUnauthorizedUrl("/");

        Map<String, String> filterMap = new LinkedHashMap<>();
        filterMap.put("/swagger/**", "anon");
        filterMap.put("/v2/api-docs", "anon");
        filterMap.put("/swagger-ui.html", "anon");
        filterMap.put("/webjars/**", "anon");
        filterMap.put("/swagger-resources/**", "anon");

        filterMap.put("/statics/**", "anon");
        filterMap.put("/login.html", "anon");
        filterMap.put("/sys/login", "anon");
        filterMap.put("/favicon.ico", "anon");
        filterMap.put("/captcha.jpg", "anon");
        filterMap.put("/**", "authc");
        shiroFilter.setFilterChainDefinitionMap(filterMap);

        return shiroFilter;
    }

    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}

主要是下面這些地方相比一般使用shiro多了session管理的配置 

注意在application.yml加入redis相關的配置

然後可以啓動項目了，使用瀏覽器訪問頁面後就會看到session被保存到了redis中

至此shiro分佈式session配置完成，下面是redis的高可用，請小夥伴們持續關注哦！