1、在原有的shiro包的maven中添加一下包:
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>2.9.0</version>
</dependency>-->
<dependency>
<groupId>redis.clients</groupId>
<artifactId>shiro-redis-3.2.2.jar</artifactId>
<version>3.2.2</version>
</dependency>
Maven倉庫會自動配置
2、修改配置文件
以下是新增配置信息:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.2.xsd http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd ">
<!-- shiro-redis configuration [start] -->
<!-- Redis Manager [start] -->
<bean id="redisManager" class="org.crazycake.shiro.RedisManager">
<property name="host" value="127.0.0.1:6379" />
</bean>
<!-- Redis Manager [end] -->
<!-- Redis session DAO [start] -->
<bean id="redisSessionDAO" class="org.crazycake.shiro.RedisSessionDAO">
<property name="redisManager" ref="redisManager" />
</bean>
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="redisSessionDAO" />
</bean>
<!-- Redis session DAO [end] -->
<!-- Redis cache manager [start] -->
<bean id="cacheManager" class="org.crazycake.shiro.RedisCacheManager">
<property name="redisManager" ref="redisManager" />
</bean>
<!-- Redis cache manager [end] -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="sessionManager" ref="sessionManager" />
<property name="cacheManager" ref="cacheManager" />
<!-- shiro-redis configuration [end] -->
</beans>
需要注意:
1.存入session的信息要實現Serializable接口(包括其依賴的成員屬性等bean也要實現),比如user,role,mean對應的bean也要實現序列化,否則會出現序列化異常
2.對存入session的bean要有個唯一標識,且要設值到cacheManager,比如:
public class Role implements Serializable {
private static final long serialVersionUID = 1L;
private String ROLE_ID;
private String ROLE_NAME;
private String RIGHTS;
private String PARENT_ID;
private String ADD_QX;
private String DEL_QX;
private String EDIT_QX;
private String CHA_QX;
private String QX_ID;
public String getQX_ID() {
return QX_ID;
}
public void setQX_ID(String qX_ID) {
QX_ID = qX_ID;
}
public String getROLE_ID() {
return ROLE_ID;
}
public void setROLE_ID(String rOLE_ID) {
ROLE_ID = rOLE_ID;
}
public String getROLE_NAME() {
return ROLE_NAME;
}
public void setROLE_NAME(String rOLE_NAME) {
ROLE_NAME = rOLE_NAME;
}
public String getRIGHTS() {
return RIGHTS;
}
public void setRIGHTS(String rIGHTS) {
RIGHTS = rIGHTS;
}
public String getPARENT_ID() {
return PARENT_ID;
}
public void setPARENT_ID(String pARENT_ID) {
PARENT_ID = pARENT_ID;
}
public String getADD_QX() {
return ADD_QX;
}
public void setADD_QX(String aDD_QX) {
ADD_QX = aDD_QX;
}
public String getDEL_QX() {
return DEL_QX;
}
public void setDEL_QX(String dEL_QX) {
DEL_QX = dEL_QX;
}
public String getEDIT_QX() {
return EDIT_QX;
}
public void setEDIT_QX(String eDIT_QX) {
EDIT_QX = eDIT_QX;
}
public String getCHA_QX() {
return CHA_QX;
}
public void setCHA_QX(String cHA_QX) {
CHA_QX = cHA_QX;
}
}
配置cacheManager如下:
<!-- Redis cache manager [start] -->
<bean id="cacheManager" class="org.crazycake.shiro.RedisCacheManager">
<property name="redisManager" ref="redisManager" />
<!-- shiro-redis will call userInfo.getUserid() to get the id for storing Redis object. -->
<property name="principalIdFieldName" value="ROLE_ID" />
</bean>
<!-- Redis cache manager [end] -->
完整的配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
">
<!-- ================ Shiro start ================ -->
<!-- Redis Manager [start] -->
<bean id="redisManager" class="org.crazycake.shiro.RedisManager">
<property name="host" value="r-wz9vjps1cx4cqcjcw7.redis.rds.aliyuncs.com:6379" />
<property name="password" value="@Ti*8aN-x=Sh9igUaN!(8)" />
</bean>
<!-- Redis Manager [end] -->
<!-- Redis session DAO [start] -->
<bean id="redisSessionDAO" class="org.crazycake.shiro.RedisSessionDAO">
<property name="redisManager" ref="redisManager" />
</bean>
<!-- Redis cache manager [start] -->
<bean id="cacheManager" class="org.crazycake.shiro.RedisCacheManager">
<property name="redisManager" ref="redisManager" />
<!-- shiro-redis will call userInfo.getUserid() to get the id for storing Redis object. -->
<property name="principalIdFieldName" value="ROLE_ID" />
</bean>
<!-- Redis cache manager [end] -->
<!-- 項目自定義的Realm -->
<bean id="ShiroRealm" class="com.fh.interceptor.shiro.ShiroRealm" ></bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="ShiroRealm" />
<!-- 記住我 -->
<property name="rememberMeManager" ref="rememberMeManager" />
<!-- 注入緩存管理器 -->
<property name="cacheManager" ref="cacheManager" />
<!-- 注入session管理器 -->
<property name="sessionManager" ref="sessionManager" />
</bean>
<!-- 自定義form認證過慮器 -->
<!-- 基於Form表單的身份驗證過濾器,不配置將也會註冊此過慮器,表單中的用戶賬號、密碼及loginurl將採用默認值,建議配置 -->
<bean id="formAuthenticationFilter"
class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter ">
<property name="usernameParam" value="loginname" />
<property name="passwordParam" value="password" />
<property name="rememberMeParam" value="rememberMe" />
</bean>
<!-- session會話管理器 -->
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- 注入緩存管理器 -->
<property name="cacheManager" ref="cacheManager" />
<!-- session失效時間 單位毫秒 -->
<property name="globalSessionTimeout" value="1800000" />
<!-- 刪除失效的session -->
<property name="deleteInvalidSessions" value="true" />
<!-- 檢測掃描信息時間間隔,單位爲毫秒-->
<property name="sessionValidationInterval" value="60000"/>
<!-- 是否開啓掃描 -->
<property name="sessionValidationSchedulerEnabled" value="false"/>
<property name="sessionDAO" ref="redisSessionDAO" />
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
<!-- rememberMeManager管理器,寫cookie,取出cookie生成用戶信息 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<property name="cookie" ref="rememberMeCookie" />
</bean>
<!-- 會話Cookie模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="ROLE_ID" />
<property name="httpOnly" value="true" />
<!-- JSESSIONID的path爲/用於多個系統共享JSESSIONID -->
<property name="path" value="/"/>
<!-- <property name="maxAge" value="-1" /> -->
</bean>
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="rememberMe" />
<property name="httpOnly" value="true"/>
<property name="maxAge" value="2592000"/>
<!-- 30天 -->
</bean>
<!-- 自定義form認證過慮器 -->
<!-- <bean id="permfilter" class="cn.xm.exam.utils.realm.ShiroPermsFilter"
scope="prototype">
</bean> -->
<aop:config proxy-target-class="true"></aop:config>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<!-- 保證實現了Shiro內部lifecycle函數的bean執行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- Shiro Filter 安全認證過濾器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/" />
<property name="successUrl" value="/kstx/user_home" />
<property name="unauthorizedUrl" value="/user_toLogin" />
<!-- <property name="loginUrl" value="/" />
<property name="successUrl" value="/main/index" />
<property name="unauthorizedUrl" value="/login_toLogin" />-->
<property name="filterChainDefinitions">
<value>
/login** = anon
/** =anon
/** = authc
</value>
</property>
</bean>
<!-- ================ Shiro end ================ -->
</beans>
Shrio中最核心的類:org.apache.shiro.web.mgt.DefaultWebSecurityManager
他擁有3個重要的屬性 :realm(權限驗證器)、sessionManager(session管理器)、cacheManager(緩存管理器)
這裏需要區分一下:
sessionManager:字面意思,管理session的(這裏指shrio的session,不是HttpSession喔)
cacheManager:認證和授權管理器
我們這裏主要重新注入這兩個屬性。
shrio的類結構圖
Org.crazycake,幫我們實現了 以上所有屬性,
sessionDAO:
org.crazycake.shiro.RedisSessionDAO 第25行:private String keyPrefix = "shiro_redis_session:";
可以看到我們存到redis緩存中的key前綴是"shiro_redis_session:"開頭的(也可以注入新的名稱)
sessionIdCookie:cookie機制存儲name屬性指定cookieId
redisManager:操作緩存的類
原理圖:
