SpringBoot整合shiro(二)自定義sessionManager
阿新 • • 發佈:2019-01-04
傳統結構專案中,shiro從cookie中讀取sessionId以此來維持會話,在前後端分離的專案中(也可在移動APP專案使用),我們選擇在ajax的請求頭中傳遞sessionId,因此需要重寫shiro獲取sessionId的方式。自定義ShiroSessionManager類繼承DefaultWebSessionManager類,重寫getSessionId方法,
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.util.StringUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.Serializable;
/**
* Description:shiro框架 自定義session獲取方式
* 可自定義session獲取規則。這裡採用ajax請求頭authToken攜帶sessionId的方式
*
* @author zlp
* @create 2018-05-24 10:04
**/
public class ShiroSessionManager extends DefaultWebSessionManager {
private static final String AUTHORIZATION = "authToken";
private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request";
public ShiroSessionManager(){
super();
}
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response){
String id = WebUtils.toHttp(request).getHeader(AUTHORIZATION);
System.out.println("id:"+id);
if(StringUtils.isEmpty(id)){
//如果沒有攜帶id引數則按照父類的方式在cookie進行獲取
System.out.println("super:"+super.getSessionId(request, response));
return super.getSessionId(request, response);
}else{
//如果請求頭中有 authToken 則其值為sessionId
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,REFERENCED_SESSION_ID_SOURCE);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID,id);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID,Boolean.TRUE);
return id;
}
}
}
然後修改ShiroConfig 類。將自定義的ShiroSessionManager 注入管理器中
//新增bean
/**
* 自定義sessionManager
* @return
*/
@Bean
public SessionManager sessionManager(){
ShiroSessionManager shiroSessionManager = new ShiroSessionManager();
//這裡可以不設定。Shiro有預設的session管理。如果快取為Redis則需改用Redis的管理
shiroSessionManager.setSessionDAO(new EnterpriseCacheSessionDAO());
return shiroSessionManager;
}
//修改securityManager()方法
/**
* 配置管理層。即安全控制層
* @return
*/
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(shiroRealm());
//自定義session管理
securityManager.setSessionManager(sessionManager());
//自定義快取實現
securityManager.setCacheManager(ehCacheManager());
return securityManager;
}