前言
众所周知在spring boot内,设置session过期时间只需在application.properties内添加server.session.timeout配置即可。在整合shiro时发现,server.session.timeout设置为7200,但未到2小时就需要重新登录,后来发现是shiro的session已经过期了,shiro的session过期时间并不和server.session.timeout一致,目前是采用filter的方式来进行设置。
shirosessionfilter
我要评论
/**
* 通过拦截器设置shirosession过期时间
* @author yangwk
*/
public class shirosessionfilter implements filter {
private static logger logger = loggerfactory.getlogger(shirosessionfilter.class);
public list<string> excludes = new arraylist<string>();
private long serversessiontimeout = 180000l;//ms
public void dofilter(servletrequest request, servletresponse response, filterchain filterchain) throws ioexception,servletexception {
if(logger.isdebugenabled()){
logger.debug("shiro session filter is open");
}
httpservletrequest req = (httpservletrequest) request;
httpservletresponse resp = (httpservletresponse) response;
if(handleexcludeurl(req, resp)){
filterchain.dofilter(request, response);
return;
}
subject currentuser = securityutils.getsubject();
if(currentuser.isauthenticated()){
currentuser.getsession().settimeout(serversessiontimeout);
}
filterchain.dofilter(request, response);
}
private boolean handleexcludeurl(httpservletrequest request, httpservletresponse response) {
if (excludes == null || excludes.isempty()) {
return false;
}
string url = request.getservletpath();
for (string pattern : excludes) {
pattern p = pattern.compile("^" + pattern);
matcher m = p.matcher(url);
if (m.find()) {
return true;
}
}
return false;
}
@override
public void init(filterconfig filterconfig) throws servletexception {
if(logger.isdebugenabled()){
logger.debug("shiro session filter init~~~~~~~~~~~~");
}
string temp = filterconfig.getinitparameter("excludes");
if (temp != null) {
string[] url = temp.split(",");
for (int i = 0; url != null && i < url.length; i++) {
excludes.add(url[i]);
}
}
string timeout = filterconfig.getinitparameter("serversessiontimeout");
if(stringutils.isnotblank(timeout)){
this.serversessiontimeout = numberutils.tolong(timeout,1800l)*1000l;
}
}
@override
public void destroy() {}
}
注册filter
在被@configuration注解标注的类内注册shirosessionfilter。
@value("${server.session.timeout}")
private string serversessiontimeout;
@bean
public filterregistrationbean shirosessionfilterregistrationbean() {
filterregistrationbean filterregistrationbean = new filterregistrationbean();
filterregistrationbean.setfilter(new shirosessionfilter());
filterregistrationbean.setorder(filterregistrationbean.lowest_precedence);
filterregistrationbean.setenabled(true);
filterregistrationbean.addurlpatterns("/*");
map<string, string> initparameters = maps.newhashmap();
initparameters.put("serversessiontimeout", serversessiontimeout);
initparameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*");
filterregistrationbean.setinitparameters(initparameters);
return filterregistrationbean;
}
这样当每次请求时,如果用户已登录,就重新设置shiro session有效期,从而和server session保持了一致。
总结
以上就是这篇文章的全部内容,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对移动技术网的支持。
如对本文有疑问, 点击进行留言回复!!
详解SpringBoot修改启动端口server.port的四种方式
网友评论