Avoid getting the session from redis every time, first from the servlet, if not found, get it from redis, and then save it to the servlet
1. Create a CustomSessionManager that inherits from DefaultWebSessionManager
package com.springshirodemo.Realm; import java.io.Serializable; import javax.servlet.ServletRequest; import org.apache.shiro.session.Session; import org.apache.shiro.session.UnknownSessionException; import org.apache.shiro.session.mgt.SessionKey; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.apache.shiro.web.session.mgt.WebSessionKey; public class CustoMsessionManager extends DefaultWebSessionManager { @Override protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException { // TODO Auto-generated method stub Serializable sessionId = getSessionId(sessionKey); ServletRequest request = null; if(sessionKey instanceof WebSessionKey) { request = ((WebSessionKey)sessionKey).getServletRequest(); } if(request != null && sessionId != null) { System.out.println("Get session1 from request"); Session session = (Session)request.getAttribute(sessionId.toString()); if (session != null) { System.out.println("Get session2 from request"); return session; } } Session session = super.retrieveSession(sessionKey); System.out.println("Get session from Redis"); if(request != null && sessionId != null) { request.setAttribute(sessionId.toString(), session); } return session; } }2. Spring's xml configuration
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="bosRealm"/> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="redisCacheManager" /> </bean>
<bean id="sessionManager" class="com.springshirodemo.Realm.CustoMsessionManager"> <property name="sessionDAO" ref="sessionDAO" /> </bean>