redis shiro springboot session共享 https://www.cnblogs.com/shufeiyang/p/12986641.html
1.shiroConfig 文件
/** * Copyright 2018-2020 stylefeng & fengshuonan (sn93@qq.com) * <p> * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * <p> * http://www.apache.org/licenses/LICENSE-2.0 * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package czc.superzig.common.shiro; import czc.superzig.common.operatingtable.config.MyRetryLimitCredentialsMatcher; import org.apache.shiro.cache.CacheManager; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.codec.Base64; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.CookieRememberMeManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.Cookie; import org.apache.shiro.web.servlet.ShiroHttpSession; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.apache.shiro.web.session.mgt.ServletContainerSessionManager; import org.crazycake.shiro.RedisCacheManager; import org.crazycake.shiro.RedisManager; import org.crazycake.shiro.RedisSessionDAO; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.config.MethodInvokingFactoryBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.cache.ehcache.EhCacheManagerFactoryBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.servlet.Filter; import java.util.LinkedHashMap; import java.util.Map; /** * shiro权限管理的配置 * * @author fengshuonan * @date 2019年7月1日 下午3:03:44 */ @Configuration public class ShiroConfig { //用户锁定状态值 public static Integer LockedStatus = 2; //用户锁定状态值 public static Integer MD5Iterations = 4; @Value(value = "${superzig.session-invalidate-time}") Integer sessionInvalidateTime = 24*60*60; @Value(value = "${superzig.session-validation-interval}") Integer sessionValidationInterval = 2*60*60; /** * spring session管理器(多机环境) */ @Bean @ConditionalOnProperty(prefix = "superzig", name = "spring-session-open", havingValue = "true") public ServletContainerSessionManager servletContainerSessionManager() { return new ServletContainerSessionManager(); } /** * session管理器(单机环境) */ @Bean @ConditionalOnProperty(prefix = "superzig", name = "spring-session-open", havingValue = "false") public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager) { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setCacheManager(cacheShiroManager); sessionManager.setSessionValidationInterval(sessionValidationInterval * 1000); sessionManager.setGlobalSessionTimeout(sessionInvalidateTime * 1000); sessionManager.setDeleteInvalidSessions(true); sessionManager.setSessionValidationSchedulerEnabled(true); Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); //SimpleCookie simpleCookie = new SimpleCookie(); cookie.setName("shiroCookie"); //cookie.setName("shiroCookie2"); cookie.setHttpOnly(true); sessionManager.setSessionIdCookie(cookie); return sessionManager; } /** * 安全管理器 */ @Bean public DefaultWebSecurityManager securityManager(@Qualifier("myRetryLimitCredentialsMatcher") MyRetryLimitCredentialsMatcher matcher,CookieRememberMeManager rememberMeManager, DefaultWebSessionManager redisSessionManager,RedisCacheManager redisCacheManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(this.shiroDbRealm(matcher)); //securityManager.setCacheManager(cacheShiroManager); securityManager.setRememberMeManager(rememberMeManager); //securityManager.setSessionManager(sessionManager); securityManager.setSessionManager(redisSessionManager); securityManager.setCacheManager(redisCacheManager); return securityManager; } /** * 缓存管理器 使用Ehcache实现 */ // @Bean // public CacheManager getCacheShiroManager(EhCacheManagerFactoryBean ehcache) { // EhCacheManager ehCacheManager = new EhCacheManager(); // ehCacheManager.setCacheManager(ehcache.getObject()); // ehCacheManager.setCacheManagerConfigFile("ehcache.xml"); // return ehCacheManager; // } /** * 项目自定义的Realm */ @Bean public ShiroDbRealm shiroDbRealm(MyRetryLimitCredentialsMatcher matcher) { ShiroDbRealm myShiroRealm = new ShiroDbRealm(); myShiroRealm.setCredentialsMatcher(matcher); return myShiroRealm; } /** * 密码匹配凭证管理器 * * @return */ @Bean(name = "myRetryLimitCredentialsMatcher") public MyRetryLimitCredentialsMatcher hashedCredentialsMatcher() { MyRetryLimitCredentialsMatcher hashedCredentialsMatcher = new MyRetryLimitCredentialsMatcher(); // 采用MD5方式加密 hashedCredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); // 设置加密次数 hashedCredentialsMatcher.setHashIterations(ShiroConfig.MD5Iterations);; return hashedCredentialsMatcher; } /** * rememberMe管理器, cipherKey生成见{@code Base64Test.java} */ @Bean public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) { CookieRememberMeManager manager = new CookieRememberMeManager(); manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA==")); manager.setCookie(rememberMeCookie); return manager; } /** * 记住密码Cookie */ @Bean public SimpleCookie rememberMeCookie() { SimpleCookie simpleCookie = new SimpleCookie("rememberMe"); simpleCookie.setHttpOnly(true); //7天 simpleCookie.setMaxAge(7 * 24 * 60 * 60); return simpleCookie; } public CORSAuthenticationFilter corsAuthenticationFilter(){ return new CORSAuthenticationFilter(); } /** * Shiro的过滤器链 */ @Bean public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); /** * 默认的登陆访问url */ shiroFilter.setLoginUrl("/login"); /** * 登陆成功后跳转的url */ shiroFilter.setSuccessUrl("/"); /** * 没有权限跳转的url */ shiroFilter.setUnauthorizedUrl("/global/error"); /** * 覆盖默认的user拦截器(默认拦截器解决不了ajax请求 session超时的问题,若有更好的办法请及时反馈作者,删除了) */ /** * 配置shiro拦截器链 * * anon 不需要认证 * authc 需要认证(不接受RememberMe登录的认证) * user 验证通过或RememberMe登录的都可以 * * 当应用开启了rememberMe时,用户下次访问时可以是一个user,但不会是authc,因为authc是需要重新认证的 * * 顺序从上到下,优先级依次降低 * * api开头的接口,走rest api鉴权,不走shiro鉴权 * */ // 注意这里不要用Bean的方式,否则会报错 // Map<String, Filter> filters = shiroFilter.getFilters(); // filters.put("authc", new ShiroUserFilter()); // shiroFilter.setFilters(filters); Map<String, String> hashMap = new LinkedHashMap<>(); //第三方接口放行 hashMap.put("/czc/thirdParty/**","anon"); //录制视频相关操作放行 hashMap.put("/czc/camera/startVideo","anon"); hashMap.put("/czc/camera/endVideo","anon"); //swagger接口权限 开放 hashMap.put("/swagger-ui.html", "anon"); hashMap.put("/druid/**", "anon"); hashMap.put("/webjars/**", "anon"); hashMap.put("/v2/**", "anon"); hashMap.put("/swagger-resources/**", "anon"); /////////////////////////////////////// // hashMap.put("/user/addOne", "anon"); hashMap.put("/static/**", "anon"); hashMap.put("/superzigApi/**", "anon"); hashMap.put("/login", "anon"); hashMap.put("/singleLogin", "anon"); hashMap.put("/verifyTicket", "anon"); hashMap.put("/global/sessionError", "anon"); hashMap.put("/kaptcha", "anon"); //hashMap.put("/**", "user"); hashMap.put("/**", "corsAuthenticationFilter"); shiroFilter.setFilterChainDefinitionMap(hashMap); Map<String, Filter> filterMap = new LinkedHashMap<>(); filterMap.put("corsAuthenticationFilter", corsAuthenticationFilter()); shiroFilter.setFilters(filterMap); return shiroFilter; } /** * 在方法中 注入 securityManager,进行代理控制 */ @Bean public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) { MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean(); bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager"); bean.setArguments(new Object[]{securityManager}); return bean; } /** * Shiro生命周期处理器: * 用于在实现了Initializable接口的Shiro bean初始化时调用Initializable接口回调(例如:UserRealm) * 在实现了Destroyable接口的Shiro bean销毁时调用 Destroyable接口回调(例如:DefaultSecurityManager) */ @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } /** * 启用shrio授权注解拦截方式,AOP式方法级权限检查 */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } @Bean public RedisManager redisManager() { RedisManager redisManager = new RedisManager(); redisManager.setHost("10.0.0.172"); redisManager.setPort(6379); redisManager.setExpire(1800);// 配置缓存过期时间 redisManager.setTimeout(3000); return redisManager; } @Bean public RedisSessionDAO redisSessionDAO(RedisManager redisManager) { RedisSessionDAO redisSessionDAO = new RedisSessionDAO(); redisSessionDAO.setRedisManager(redisManager); return redisSessionDAO; } /** * shiro session的管理 */ @Bean public DefaultWebSessionManager redisSessionManager(RedisSessionDAO redisSessionDAO) { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionDAO(redisSessionDAO); return sessionManager; } @Bean public RedisCacheManager redisCacheManager(RedisManager redisManager) { RedisCacheManager redisCacheManager = new RedisCacheManager(); redisCacheManager.setRedisManager(redisManager); return redisCacheManager; } }View Code
2.部署redis
docker load < redis_5.0.3.tar.gz
docker run -d --restart=always -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -p 6379:6379 --name=redis redis:5.0.3
3.配置文件
redis:
# REDIS (RedisProperties)
# Redis数据库索引(默认为0)
database: 0
# Redis服务器地址
host: localhost
# Redis服务器连接端口
port: 6379
# Redis服务器连接密码(默认为空)
password:
# 连接池最大连接数(使用负值表示没有限制)
pool:
max-active: 8
# 连接池最大阻塞等待时间(使用负值表示没有限制)
max-wait: -1
# 连接池中的最大空闲连接
max-idle: 8
# 连接池中的最小空闲连接
min-idle: 0
# 连接超时时间(毫秒)
timeout: 5000