spring boot实战教程之shiro session过期时间详解
程序员文章站
2024-04-01 17:46:04
前言
众所周知在spring boot内,设置session过期时间只需在application.properties内添加server.session.timeout配...
前言
众所周知在spring boot内,设置session过期时间只需在application.properties
内添加server.session.timeout
配置即可。在整合shiro时发现,server.session.timeout
设置为7200,但未到2小时就需要重新登录,后来发现是shiro的session已经过期了,shiro的session过期时间并不和server.session.timeout
一致,目前是采用filter的方式来进行设置。
shirosessionfilter
/** * 通过拦截器设置shirosession过期时间 * @author yangwk */ public class shirosessionfilter implements filter { private static logger logger = loggerfactory.getlogger(shirosessionfilter.class); public list<string> excludes = new arraylist<string>(); private long serversessiontimeout = 180000l;//ms public void dofilter(servletrequest request, servletresponse response, filterchain filterchain) throws ioexception,servletexception { if(logger.isdebugenabled()){ logger.debug("shiro session filter is open"); } httpservletrequest req = (httpservletrequest) request; httpservletresponse resp = (httpservletresponse) response; if(handleexcludeurl(req, resp)){ filterchain.dofilter(request, response); return; } subject currentuser = securityutils.getsubject(); if(currentuser.isauthenticated()){ currentuser.getsession().settimeout(serversessiontimeout); } filterchain.dofilter(request, response); } private boolean handleexcludeurl(httpservletrequest request, httpservletresponse response) { if (excludes == null || excludes.isempty()) { return false; } string url = request.getservletpath(); for (string pattern : excludes) { pattern p = pattern.compile("^" + pattern); matcher m = p.matcher(url); if (m.find()) { return true; } } return false; } @override public void init(filterconfig filterconfig) throws servletexception { if(logger.isdebugenabled()){ logger.debug("shiro session filter init~~~~~~~~~~~~"); } string temp = filterconfig.getinitparameter("excludes"); if (temp != null) { string[] url = temp.split(","); for (int i = 0; url != null && i < url.length; i++) { excludes.add(url[i]); } } string timeout = filterconfig.getinitparameter("serversessiontimeout"); if(stringutils.isnotblank(timeout)){ this.serversessiontimeout = numberutils.tolong(timeout,1800l)*1000l; } } @override public void destroy() {} }
注册filter
在被@configuration注解标注的类内注册shirosessionfilter。
@value("${server.session.timeout}") private string serversessiontimeout; @bean public filterregistrationbean shirosessionfilterregistrationbean() { filterregistrationbean filterregistrationbean = new filterregistrationbean(); filterregistrationbean.setfilter(new shirosessionfilter()); filterregistrationbean.setorder(filterregistrationbean.lowest_precedence); filterregistrationbean.setenabled(true); filterregistrationbean.addurlpatterns("/*"); map<string, string> initparameters = maps.newhashmap(); initparameters.put("serversessiontimeout", serversessiontimeout); initparameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*"); filterregistrationbean.setinitparameters(initparameters); return filterregistrationbean; }
这样当每次请求时,如果用户已登录,就重新设置shiro session有效期,从而和server session保持了一致。
总结
以上就是这篇文章的全部内容,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对的支持。