前言
众所周知在spring boot内,设置session过期时间只需在application.properties
内添加server.session.timeout
配置即可。在整合shiro时发现,server.session.timeout
设置为7200,但未到2小时就需要重新登录,后来发现是shiro的session已经过期了,shiro的session过期时间并不和server.session.timeout
一致,目前是采用filter的方式来进行设置。
ShiroSessionFilter
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/** * 通过拦截器设置shiroSession过期时间 * @author yangwk */ public class ShiroSessionFilter implements Filter { private static Logger logger = LoggerFactory.getLogger(ShiroSessionFilter. class ); public List<String> excludes = new ArrayList<String>(); private long serverSessionTimeout = 180000L; //ms public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,ServletException { if (logger.isDebugEnabled()){ logger.debug( "shiro session filter is open" ); } HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; if (handleExcludeURL(req, resp)){ filterChain.doFilter(request, response); return ; } Subject currentUser = SecurityUtils.getSubject(); if (currentUser.isAuthenticated()){ currentUser.getSession().setTimeout(serverSessionTimeout); } filterChain.doFilter(request, response); } private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) { if (excludes == null || excludes.isEmpty()) { return false ; } String url = request.getServletPath(); for (String pattern : excludes) { Pattern p = Pattern.compile( "^" + pattern); Matcher m = p.matcher(url); if (m.find()) { return true ; } } return false ; } @Override public void init(FilterConfig filterConfig) throws ServletException { if (logger.isDebugEnabled()){ logger.debug( "shiro session filter init~~~~~~~~~~~~" ); } String temp = filterConfig.getInitParameter( "excludes" ); if (temp != null ) { String[] url = temp.split( "," ); for ( int i = 0 ; url != null && i < url.length; i++) { excludes.add(url[i]); } } String timeout = filterConfig.getInitParameter( "serverSessionTimeout" ); if (StringUtils.isNotBlank(timeout)){ this .serverSessionTimeout = NumberUtils.toLong(timeout,1800L)*1000L; } } @Override public void destroy() {} } |
注册filter
在被@Configuration注解标注的类内注册ShiroSessionFilter。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
@Value ( "${server.session.timeout}" ) private String serverSessionTimeout; @Bean public FilterRegistrationBean shiroSessionFilterRegistrationBean() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter( new ShiroSessionFilter()); filterRegistrationBean.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE); filterRegistrationBean.setEnabled( true ); filterRegistrationBean.addUrlPatterns( "/*" ); Map<String, String> initParameters = Maps.newHashMap(); initParameters.put( "serverSessionTimeout" , serverSessionTimeout); initParameters.put( "excludes" , "/favicon.ico,/img/*,/js/*,/css/*" ); filterRegistrationBean.setInitParameters(initParameters); return filterRegistrationBean; } |
这样当每次请求时,如果用户已登录,就重新设置shiro session有效期,从而和server session保持了一致。
总结
以上就是这篇文章的全部内容,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对服务器之家的支持。
原文链接:http://www.jianshu.com/p/21d800215c17