spring boot实战教程之shiro session过期时间详解

spring boot实战教程之shiro session过期时间详解

前言

众所周知在spring boot内，设置session过期时间只需在application.properties内添加server.session.timeout配置即可。在整合shiro时发现，server.session.timeout设置为7200，但未到2小时就需要重新登录，后来发现是shiro的session已经过期了，shiro的session过期时间并不和server.session.timeout一致，目前是采用filter的方式来进行设置。

ShiroSessionFhttp://ilter

/**

* 通过拦截器设置shiroSession过期时间

* @author yangwk

*/

public class ShiroSessionFilter implements Filter {

private static Logger logger = LoggerFactory.getLogger(ShiroSessionFilter.class);

public List excludes = new ArrayList();

private long serverSessionTimeout = 180000L;//ms

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,ServletException {

if(logger.isDebugEnabled()){

logger.debug("shiro session filter is open");

}

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse resp = (HttpServletResponse) response;

if(handleExcludeURL(req, resp)){

filterChain.doFilter(request, response);

return;

}

Subject currentUser = SecurityUtils.getSubject();

if(currentUser.isAuthenticated()){

currentUser.getSession().setTimeout(serverSessionTimeout);

}

filterChain.doFilter(request, response);

}

private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {

if (excludes == null || excludes.isEmpty()) {

return false;

}

String url = request.getServletPath();

for (String pattern : excludes) {

Pattern p = Pattern.compile("^" + pattern);

Matcher m = p.matcher(url);

if (m.find()) {

return true;

}

}

return false;

}

@Override

public void init(FilterConfig filterConfig) throws ServletException {

if(logger.isDebugEnabled()){

logger.debug("shiro session filter init~~~~~~~~~~~~");

}

String temp = filterConfig.getInitParameter("excludes");

if (temp != null) {

String[] url = temp.split(",");

for (int i = 0; url != null && i < url.length; i++) {

excludes.add(url[i]);

}

}

String timeout = filterConfig.getInitParameter("serverSessionTimeout");

if(StringUtils.isNotBlank(timeout)){

this.serverSessionTimeout = NumberUtils.toLong(timeout,1800L)*1000L;

}

}

@Override

public void destroy() {}

}

注册filter

在被@Configuration注解标注的类内注册ShiroSessionFilter。

@Value("${server.session.timeout}")

private String serverSessionTimeout;

@Bean

public FilterRegistrationBean shiroSessionFilterRegistrationBean() {

FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();

filterRegistrationBean.setFilter(new ShiroSessionFilter());

filterRegistrationBean.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE);

filterRegistrationBean.setEnabled(true);

filterRegistrationBean.addUrlPatterns("/*");

Map initParameters = Maps.newHashMap();

initParameters.put("serverSessionTimeout", serverSessionTimeout);

initParameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*");

filterRegistrationBean.setInitParameters(initParameters);

return filterRegistrationBean;

}

这样当每次请求时，如果用户已登录，就重新设置shiro session有效期，从而和server session保持了一致。

总结

以上就是这篇文章的全部内容，希望本文的内容对大家的学习或者工作具有一定的参考学习价值，如果有疑问大家可以留言交流，谢谢大家对我们的支持。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。