Regarding the custom rewriting of sessionId in shiro , the previous article covered it
Through the last introduction, I found that I have more understanding of the spring injection mechanism.
So just roll up your sleeves and start drying.
a need
The first is what I need to do, because a project integrates two systems, which leads to mutual contamination of sessions and confusion of session management for login or abnormal login.
Find information where someone has encountered a similar problem.
<!-- 会话Cookie模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="sid"/>
**<!--设置Cookie名字,默认为JSESSIONID-->
<property name="name" value="WEBSID" />**
</bean>2 web modules, you can set the name of different sessionIdCookie respectively
He solved it like this, yes two sessionIdCookie names, but I'm a project and only one shiro doesn't have two configs for me to use.
Solution: Rewrite the method and define my own logic to assign the sessionIdCookie name.
From the above code we can see that < property name = "name" value = "WEBSID" />
The name property can be modified by injection.
Then by analogy, I must override the method to change this value.
Looking at the shiro configuration file, we can see that sessionIdCookie is injected into sessionManager
It seems that this is what we need to operate on.
public class MySessionListener2 extends SessionListenerAdapter {
@Override
public void onStart(Session session) {
System.out.println("Session creation: " + session.getId());
}
}
Here is what I saw in Zhang Kaitao's great article, I also imitated and wrote one, but I won't post the details.
I debugged it, it is really a session after creation, then sessionIdCookie
It must be still in the process of generating, and I will make a fuss here.
Checked the source code of DefaultWebSessionManager and found that there is also an onStart method.
Overriding it is inevitable, where the injected object is found
private Cookie sessionIdCookie;
private boolean sessionIdCookieEnabled;
Isn't that what I want.
So rewrite the method:
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
public class AngWebSessionManager extends DefaultWebSessionManager {
@Override
/**
* Override the onStart method, which can be called when a session is generated
* At this point, you can operate on the parent class SessionIdCookie and change the value of its CookiseName
* Defaults to JSESSIONID, can be configured to inject a single uniform name
* The overriding method can implement multiple names, which can be used in different systems with different CookiseName
* (Not Enabled)
* Use method substitution to inject DefaultWebSessionManager
*/
protected void onStart(Session session, SessionContext context) {
String name = "";
if(!session.getId().toString().split("_")[0].equals("Hr")
&&!session.getId().toString().split("_")[0].equals("Biz")){
name = "Agrant";
}else if(session.getId().toString().split("_")[0].equals("Hr")){
name = "Agrant_Hr";
}else if(session.getId().toString().split("_")[0].equals("Biz")){
name = "Agrant_biz";
}
super.getSessionIdCookie().setName(name);
super.onStart(session, context);
}
}
Before logging in here, the sessionid name is Agrant, and different systems will be given different names after logging in.
Then inject to shiro to use over
<bean id="sessionManager" class="*****.AngWebSessionManager ">
<!-- Session expiration time, in milliseconds-->
<property name="globalSessionTimeout" value="1800000"/>
<!-- Delete invalid session -->
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionFactory" ref="sessionFactory"/>
<property name="sessionDAO" ref="sessionDAO"/>
</bean>