ssm+shiro项目集成session共享

改造项目可集成方式

一 集成jwt

本人参考过的文章

1.  https://blog.csdn.net/qq_41219586/article/details/104600304
2. GitHub - FENGZHIJIE1998/shiro-auth: 使用SpringBoot+SpringJPA+Swagger+Shiro快速搭建前后端分离的权限管理系统
3. (4条消息) 一看就懂！Springboot +Shiro +VUE 前后端分离式权限管理系统_大誌的博客-CSDN博客
4. ShiroJwt: API SpringBoot + Shiro + Java-Jwt + Redis(Jedis)
5. https://blog.csdn.net/weixin_44215175/article/details/111412168
6. https://blog.csdn.net/weixin_44215175/article/details/111412168

改造shiro的认证流程为jwt认证就可以实现 本人集成改造之后发现不太符合项目业务 

二 集成shiro-redis

集成依赖

<dependency>
    <groupId>org.crazycake</groupId>
    <artifactId>shiro-redis</artifactId>
    <version>3.3.1</version>
</dependency>

github有例子和文档

https://github.com/alexxiyang/shiro-redis

注意 3.0.0版本有以下问题

org.crazycake.shiro.exception.PrincipalInstanceException: Principal must implement org.crazycake.shiro.AuthCachePrincipal.
shiro-redis will get the key for store authorization object in Redis from org.crazycake.shiro.AuthCachePrincipal
So please use AuthCachePrincipal to tell shiro-redis how to get the cache key
For example: There is a class UserInfo which implements org.crazycake.shiro.AuthCachePrincipal. You can use this class to initial SimpleAuthenticationInfo like this:
UserInfo userInfo = new userInfo();
new SimpleAuthenticationInfo(userInfo, "123456", "realm1")

需要实现AuthCachePrincipal接口 最好不要用这个版本 

详情可查看issues#56 https://github.com/alexxiyang/shiro-redis/issues/56

注意3.3.0 只能在高于java11 中编译。请使用java8编译的3.3.1版本

3.3.1版本也是发布的最新版本

maven仓库历史版本

https://mvnrepository.com/artifact/org.apache.shiro/shiro-core/1.7.1

这是方法是我目前所用的方法集成起来比较简单方便不会大改项目的认证业务流程

个人 spring配置

<!--shiro session共享版设置start -->
	<!--shiro-redis docs地址 https://github.com/alexxiyang/shiro-redis/tree/master/docs-->
	<bean id="redisManager" class="org.crazycake.shiro.RedisManager">
		<property name="host" value="#{redis.host}:6379"/>
		<property name="password" value="#{redis.password}"/>
	</bean>
	<!--redisSessionDAO-->
	<bean id="redisSessionDAO" class="org.crazycake.shiro.RedisSessionDAO">
		<property name="redisManager" ref="redisManager" />
		<property name="keyPrefix" value="shiro:mysession:" />
		<!--		<property name="expire" value="600" />-->
	</bean>
	<!--simpleCookie,不定义在集群环境下会出现There is no session with id ....-->
	<bean id="simpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
		<constructor-arg name="name" value="syscore.ssession"/>
		<property name="path" value="/"/>
	</bean>
	<!--sessionManager-->
	<bean id="cacheManager" class="org.crazycake.shiro.RedisCacheManager">
		<property name="redisManager" ref="redisManager" />
		<property name="keyPrefix" value="shiro:mycache:" />
		<property name="expire" value="600" />
	</bean>
	<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
		<property name="sessionDAO" ref="redisSessionDAO"/>
		<!-- <property name="globalSessionTimeout" value="-1000l"/>-->
		<!-- <property name="sessionValidationInterval" value="2000"/> -->
		<!-- <property name="sessionValidationSchedulerEnabled" value="true"/> -->
		<!-- 防止登录URL中带JSESSIONID -->
		<property name="sessionIdUrlRewritingEnabled" value="false" />
		<property name="sessionIdCookie" ref="simpleCookie"/>
		<!-- <property name="sessionIdCookieEnabled" value="true"/>-->
	</bean>
	<!-- 自定义Realm -->
	<bean id="myRealm" class="org.deyi.common.realm.MyRealm"/>

	<!-- 安全管理器 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="cacheManager" ref="cacheManager"/>
		<property name="sessionManager" ref="sessionManager"/>
		<!-- other configurations -->
		<property name="realm" ref="myRealm"/>
		<property name="rememberMeManager.cipherKey" value="kPH+bIxk5D2deZiIxcaaaA==" />
	</bean>

	
	<bean id="userFormAuthenticationFilter" class="org.deyi.common.filter.UserFormAuthenticationFilter"></bean>
	<!-- Shiro过滤器 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
		<!--自定义过滤器  -->
	     <property name="filters">
            <util:map>
              <entry key="authc" value-ref="userFormAuthenticationFilter" />
            </util:map>
        </property> 
	    <!-- Shiro的核心安全接口,这个属性是必须的 -->  
	    <property name="securityManager" ref="securityManager"/>
	    <!-- 身份认证失败，则跳转到登录页面的配置 -->  
	    <property name="loginUrl" value="/login.jsp"/>
	    <!-- 权限认证失败，则跳转到指定页面 -->  
	    <property name="unauthorizedUrl" value="/unauthor.jsp"/>  
	    
	    <!-- Shiro连接约束配置,即过滤链的定义 -->  
	    <property name="filterChainDefinitions">  
	        <value>
                ***
				/**= authc
	        </value>  
	    </property>
	</bean>  
	
	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->  
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>  
	
	<!-- 开启Shiro注解 -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>  
  		<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">  
  	  <property name="securityManager" ref="securityManager"/>  
    </bean>  

三 集成cas

本人没用这个实现，不过还是整理了一个博客供参考

(7条消息) CAS+Shiro实现权限管理_下半夜的风-CSDN博客