Shrio redis implements session sharing in cluster mode

 

Shrio redis implements session sharing in cluster mode

 

 

 

 

Shrio uses redis to achieve session sharing, which is to tell redis to use session to compare cookies, not from local memory, but from redis, which contains session, sessionid, etc.

Directly use the taken out sessionid and cookie to compare

 

Ideas: (compare the configuration usage of the previous article)

Just add sessionmanager to securitymanager

 

 

 

<bean id="sessionManager"

  class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">

<property name="sessionValidationSchedulerEnabled" value="false" />

<property name="sessionDAO" ref="sessionDAO" />

<property name="sessionFactory" ref="sessionFactoryshr"/>

<property name="globalSessionTimeout" value="60000" />

<property name="sessionIdCookie">

<bean class="org.apache.shiro.web.servlet.SimpleCookie">

<constructor-arg name="name" value="SHRIOSESSIONID"/>

</bean>

</property>

<property name="sessionListeners">

<list>

<bean class="com.common.shrio.ShiroSessionListener"/>

</list>

</property>

</bean>

<bean id="sessionDAO" class="com.common.shrio.RedisSessionDao">

 

</bean>

<!--<bean name="sessionFactory" class="org.apache.shiro.session.mgt.SessionFactory"/>-->

<bean id="sessionFactoryshr" class="com.common.shrio.ShiroSessionFactory"/>

 

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

<property name="sessionManager" ref="sessionManager" />

<property name="realm" ref="shiroDbRealm" />

</bean>

 

 

RedisSessionDao：

redis操作类

 

 

ShiroSessionFactory：

session配套

 

 

ShiroSessionListener：

退出清理等

 

 

第二：

 

 

 

 

在做shrio，session共享的同时shrio中的用户信息等也许做redis的存储，这个就需要用客户端cookie的信息作为key，存，之后可以确保之后客户端也可用cookie中的

key从redis拿到用户信息，session信息,不可直接用shrio中拿用户信息

 

 

 

 

 

 

登录成功的时候就保存cookie到客户端：

 

 

private void saveCurUserCookie(HttpServletRequest request, HttpServletResponse response)

  {

    String username = (String)request.getSession().getAttribute(

      "ACEGI_SECURITY_LAST_USERNAME");

 

    String ccidExtno = (String)request.getSession().getAttribute("EXTNO");

 

    this.userDetailsSessionService.setExtNo(ccidExtno);

    String ccid = "";

    String extno = "";

    if (ccidExtno.indexOf("_") > 0)

    {

      ccid = ccidExtno.substring(0, ccidExtno.indexOf("_"));

 

      extno = ccidExtno.substring(ccidExtno.indexOf("_") + 1, ccidExtno

        .length());

    }

    else {

      extno = ccidExtno;

    }

 

    Cookie[] cookies = request.getCookies();

 

    if (!"".equals(ccid)) {

      String c_ccid = getCookieValue(cookies, "callcenterid");

      if ((c_ccid == null) || (!extno.equals(c_ccid))) {

        Cookie baseCookie = new Cookie("callcenterid", ccid);

        baseCookie.setMaxAge(5184000);

        response.addCookie(baseCookie);

      }

    }

 

    String c_extension = getCookieValue(cookies, "extension");

    if ((c_extension == null) || (!extno.equals(c_extension))) {

      Cookie baseCookie = new Cookie("extension", extno);

      baseCookie.setMaxAge(5184000);

      response.addCookie(baseCookie);

    }

 

    String c_username = getCookieValue(cookies, "username");

    if ((c_username == null) || (!username.equals(c_username))) {

      Cookie baseCookie = new Cookie("username", username);

      baseCookie.setMaxAge(5184000);

      response.addCookie(baseCookie);

    }

  }

 

//获取cookie

  private static String getCookieValue(Cookie[] cookies, String cookieName)

  {

    if (cookies == null) {

      return null;

    }

    for (int i = 0; i < cookies.length; i++) {

      Cookie cookie = cookies[i];

      if (cookieName.equals(cookie.getName())) {

        return cookie.getValue();

      }

    }

    return null;

  }

 

 

 

 

 

从request中拿到cookie，之后用这个作为key存取redis

 

HttpServletRequest request1 =(HttpServletRequest) ((WebSubject)SecurityUtils.getSubject()).getServletRequest();  //ServletActionContext.getRequest();

HttpServletResponse response1 =(HttpServletResponse) ((WebSubject)SecurityUtils.getSubject()).getServletResponse();  //ServletActionContext.getRequest();

//HttpServletRequest request2 =(HttpServletRequest) request1;

//HttpServletRequest request = ServletActionContext.getRequest();

//Map request3 = (Map)ActionContext.getContext().get("request");

Cookie[] cookies = request1.getCookies();

 

   String username=getCookieValue(cookies, "username");

WebSession webSession=WebSessionManager.getInstance().getSession(username);

if(webSession==null){

 

webSession=WebSessionManager.getInstance().createSession(username);

}

if(value instanceof UserDetails ){

UserDetailsBean shiroUser = (UserDetailsBean) value;

 

webSession.setAttribute(username, value);

 

webSession.getAttribute(username);

 

}

 

 

 HttpServletRequest request1 =(HttpServletRequest) ((WebSubject)SecurityUtils.getSubject()).getServletRequest();

    Cookie[] cookies = request1.getCookies();

    String username=getCookieValue(cookies, "username");

    WebSession webSession= WebSessionManager.getInstance().getSession(username);

    UserDetailsBean shiroUser = (UserDetailsBean) webSession.getAttribute(username);

 

 

  注意

MyAuthenticationFilter中onLoginSuccess中的session.stop();需要注掉，否则用框架的登陆走了onLoginSuccess然后又清了session会报错

参考：

 

http://sgq0085.iteye.com/blog/2170405