欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

spring boot实战教程之shiro session过期时间详解

程序员文章站 2024-04-01 17:46:04
前言 众所周知在spring boot内,设置session过期时间只需在application.properties内添加server.session.timeout配...

前言

众所周知在spring boot内,设置session过期时间只需在application.properties内添加server.session.timeout配置即可。在整合shiro时发现,server.session.timeout设置为7200,但未到2小时就需要重新登录,后来发现是shiro的session已经过期了,shiro的session过期时间并不和server.session.timeout一致,目前是采用filter的方式来进行设置。

shirosessionfilter

/** 
 * 通过拦截器设置shirosession过期时间
 * @author yangwk 
 */ 
public class shirosessionfilter implements filter { 
 private static logger logger = loggerfactory.getlogger(shirosessionfilter.class);
 
 public list<string> excludes = new arraylist<string>();
 
 private long serversessiontimeout = 180000l;//ms
 
 public void dofilter(servletrequest request, servletresponse response, filterchain filterchain) throws ioexception,servletexception { 
  if(logger.isdebugenabled()){
   logger.debug("shiro session filter is open");
  }
  
  httpservletrequest req = (httpservletrequest) request;
  httpservletresponse resp = (httpservletresponse) response;
  if(handleexcludeurl(req, resp)){
   filterchain.dofilter(request, response);
   return;
  }
  
  subject currentuser = securityutils.getsubject();
  if(currentuser.isauthenticated()){
   currentuser.getsession().settimeout(serversessiontimeout);
  }
  filterchain.dofilter(request, response);
 }
 
 private boolean handleexcludeurl(httpservletrequest request, httpservletresponse response) {

  if (excludes == null || excludes.isempty()) {
   return false;
  }

  string url = request.getservletpath();
  for (string pattern : excludes) {
   pattern p = pattern.compile("^" + pattern);
   matcher m = p.matcher(url);
   if (m.find()) {
    return true;
   }
  }

  return false;
 }

 @override
 public void init(filterconfig filterconfig) throws servletexception {
  if(logger.isdebugenabled()){
   logger.debug("shiro session filter init~~~~~~~~~~~~");
  }
  string temp = filterconfig.getinitparameter("excludes");
  if (temp != null) {
   string[] url = temp.split(",");
   for (int i = 0; url != null && i < url.length; i++) {
    excludes.add(url[i]);
   }
  }
  string timeout = filterconfig.getinitparameter("serversessiontimeout");
  if(stringutils.isnotblank(timeout)){
   this.serversessiontimeout = numberutils.tolong(timeout,1800l)*1000l;
  }
 }

 @override
 public void destroy() {} 
 
}

注册filter

在被@configuration注解标注的类内注册shirosessionfilter。

@value("${server.session.timeout}")
private string serversessiontimeout;

@bean
public filterregistrationbean shirosessionfilterregistrationbean() {
 filterregistrationbean filterregistrationbean = new filterregistrationbean();
 filterregistrationbean.setfilter(new shirosessionfilter());
 filterregistrationbean.setorder(filterregistrationbean.lowest_precedence);
 filterregistrationbean.setenabled(true);
 filterregistrationbean.addurlpatterns("/*");
 map<string, string> initparameters = maps.newhashmap();
 initparameters.put("serversessiontimeout", serversessiontimeout);
 initparameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*");
 filterregistrationbean.setinitparameters(initparameters);
 return filterregistrationbean;
}

这样当每次请求时,如果用户已登录,就重新设置shiro session有效期,从而和server session保持了一致。

总结

以上就是这篇文章的全部内容,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对的支持。