版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/money9sun/article/details/86605010
经过前两章,我们已经将ssm与shiro配置完毕,现在添加redis的工具类
@Component
public class RedisUtil {
private RedisTemplate<Serializable, Object> redisTemplate;
/**
* 批量删除对应的value
*
* @param keys
*/
public void remove(final String... keys) {
for (String key : keys) {
remove(key);
}
}
/**
* 批量删除key
*
* @param pattern
*/
public void removePattern(final String pattern) {
Set<Serializable> keys = redisTemplate.keys(pattern);
if (keys.size() > 0)
redisTemplate.delete(keys);
}
/**
* 删除对应的value
*
* @param key
*/
public void remove(final String key) {
if (exists(key)) {
redisTemplate.delete(key);
}
}
/**
* 判断缓存中是否有对应的value
*
* @param key
* @return
*/
public boolean exists(final String key) {
return redisTemplate.hasKey(key);
}
/**
* 读取缓存
*
* @param key
* @return
*/
public Object get(final String key) {
Object result = null;
ValueOperations<Serializable, Object> operations = redisTemplate
.opsForValue();
result = operations.get(key);
return result;
}
/**
* 写入缓存
*
* @param key
* @param value
* @return
*/
public boolean set(final String key, Object value) {
boolean result = false;
try {
ValueOperations<Serializable, Object> operations = redisTemplate
.opsForValue();
operations.set(key, value);
result = true;
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
/**
* 写入缓存
*
* @param key
* @param value
* @return
*/
public boolean set(final String key, Object value, Long expireTime) {
boolean result = false;
try {
ValueOperations<Serializable, Object> operations = redisTemplate
.opsForValue();
operations.set(key, value);
redisTemplate.expire(key, expireTime, TimeUnit.SECONDS);
result = true;
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
public void setRedisTemplate(
RedisTemplate<Serializable, Object> redisTemplate) {
this.redisTemplate = redisTemplate;
}
}
为了让redis帮我们管理session 需要在登陆成功之后将session写入redis中,我们修改一下登陆的方法
//登录
@RequestMapping(value = "/login",method = RequestMethod.POST)
public R webLogin(@RequestBody Map<String, String> parameters){
Map<String,Object> map = new HashMap<>();
String newPassword = PasswordUtil.encodePwd(parameters.get("password"));
UsernamePasswordToken token = new UsernamePasswordToken(parameters.get("userName"),newPassword);
Subject subject = SecurityUtils.getSubject();
try{
subject.login(token);
String loginToken = validateSucceed(null, new SsoUser(parameters.get("userName"), newPassword), false);
map.put("token",loginToken);
return R.ok(map);
}catch (Exception e){
e.printStackTrace();
return R.error(R.CODE_LOGIN_ERROR,"用户名或者密码错误");
}
}
private String validateSucceed(String backUrl, SsoUser ssoUser, boolean rememberMe) throws Exception {
// 生成vt
String token = UUID.randomUUID().toString().replace("-", "").toLowerCase();
// 添加vtcookie
CookieUtil.setCookie(httpServletRequest, httpServletResponse, "vt", token, true);
// 添加vt用户到redis
//redisService.set(vt, MAPPER.writeValueAsString(ssoUser), loginConfig.getVtRedisMaxTime());
String userString = JSON.toJSONString(ssoUser);
redisUtil.set(token,userString, 1800l); // 30分钟的有效时间 通过redis来模拟管理session信息
logger.info("new token={}", token);
return token;
}
上面的代码比较容易理解,就是先生成一个token ,存入cookie的同时 存入redis然后返回前台
最后一步,要修改shiro的过滤器,在登陆验证的时候不走shiro的session而是走redis
public class ClientAuthenticationFilter extends OncePerRequestFilter {
private static final Logger LOGGER = LoggerFactory.getLogger(ClientAuthenticationFilter.class);
private RedisUtil redisUtil;
@Override
protected void doFilterInternal(ServletRequest request, ServletResponse response
, FilterChain filterChain) throws ServletException, IOException {
redisUtil = (RedisUtil)SpringContextUtil.getBean("redisUtil");
// 1、 从cookie中获取 2、从header中获取token 3、从参数中获取token
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
UserThreadLocal.clear();
String vt = null;
LOGGER.info("ClientAuthenticationFilter doFilterInternal, url : {}", httpServletRequest.getRequestURL());
// 开始登录状态验证
vt = CookieUtil.getCookieValue(httpServletRequest, "vt", true);
LOGGER.info("ClientAuthenticationFilter doFilterInternal, vt : {}", vt);
if(vt == null) { // 如果cookie里面没有 就从请求头中获取token
vt = httpServletRequest.getHeader("token");
}
if (StringUtils.isNotEmpty(vt)) {
/* cookie有效,接下来判断是否超时 */
String user = (String) redisUtil.get(vt);
// 如果不为空 则表示没有超时
if (StringUtils.isNotBlank(user)) {
SsoUser ssoUser = JSON.parseObject(user, SsoUser.class);
// 将用户重新设置时间
redisUtil.set(vt,user, 1800l);
LOGGER.info("logincheck success !");
// shiro验证权限
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(ssoUser.getAccount(), ssoUser.getPassword());
subject.login(token);
filterChain.doFilter(httpServletRequest, httpServletResponse);
}else{
// session 超时需要重新登陆
Map<String, Object> resultMap = new HashMap<>();
resultMap.put("status", false);
resultMap.put("code", R.CODE_LOGIN_TIMEOUT);
resultMap.put("timeout", "timeout");
resultMap.put("msg" , "timeout");
String resultString = JSON.toJSONString(resultMap);
httpServletResponse.setContentType("application/json; charset=utf-8");
httpServletResponse.setHeader("Access-Control-Allow-Origin","*");
PrintWriter writer = httpServletResponse.getWriter();
writer.print(resultString);
writer.flush();
writer.close();
}
} else { // 没有登陆
Map<String, Object> resultMap = new HashMap<>(); resultMap.put("status", false); resultMap.put("code", R.CODE_LOGIN_NO); resultMap.put("timeout", "no"); resultMap.put("msg" , "not login"); String resultString = JSON.toJSONString(resultMap); httpServletResponse.setContentType("application/json; charset=utf-8"); httpServletResponse.setHeader("Access-Control-Allow-Origin","*"); PrintWriter writer = httpServletResponse.getWriter(); writer.print(resultString); writer.flush(); writer.close();
}
}
}
修改shiro 的配置文件 加入红色的这行
HashMap<String, Filter> myFilters = new HashMap<>();
myFilters.put("authc", new ClientAuthenticationFilter());
shiroFilterFactoryBean.setFilters(myFilters);
其他不用修改 这样就完成了分布式session的交由redis管理的工作,代码会在后期发到git上