Shiro provides a Cache abstraction similar to Spring , that is, Shiro itself does not implement Cache , but abstracts Cache again, which is convenient to replace different underlying Cache implementations. For some concepts of Cache , please refer to my " Spring Cache Abstraction Detailed": http://jinnianshilongnian.iteye.com/blog/2001040 .
Cache interface provided by Shiro :
- public interface Cache<K, V> {
- / / Get the value in the cache according to the Key
- public V get(K key) throws CacheException;
- //Put the key-value into the cache and return the previous value in the cache
- public V put(K key, V value) throws CacheException;
- //Remove the value corresponding to the key in the cache and return the value
- public V remove(K key) throws CacheException;
- // clear the entire cache
- public void clear() throws CacheException;
- //return cache size
- public int size();
- //Get all the keys in the cache
- public Set<K> keys();
- //Get all the values in the cache
- public Collection<V> values();
- }
The CacheManager interface provided by Shiro :
- public interface CacheManager {
- //Get a Cache based on the cache name
- public <K, V> Cache<K, V> getCache(String name) throws CacheException;
- }
Shiro also provides CacheManagerAware for injecting CacheManager :
- public interface CacheManagerAware {
- //Inject CacheManager
- void setCacheManager(CacheManager cacheManager);
- }
The corresponding component ( DefaultSecurityManager ) in Shiro will automatically detect whether the corresponding object (such as Realm ) implements CacheManagerAware and automatically inject the corresponding CacheManager .
The use cases in this chapter use the same code from Chapter 6.
Realm cache
Shiro provides CachingRealm, which implements the CacheManagerAware interface and provides some basic implementations of caching; in addition, AuthenticatingRealm and AuthorizingRealm provide caching of AuthenticationInfo and AuthorizationInfo information respectively.
ini placement
- userRealm=com.github.zhangkaitao.shiro.chapter11.realm.UserRealm
- userRealm.credentialsMatcher=$credentialsMatcher
- userRealm.cachingEnabled=true
- userRealm.authenticationCachingEnabled=true
- userRealm.authenticationCacheName=authenticationCache
- userRealm.authorizationCachingEnabled=true
- userRealm.authorizationCacheName=authorizationCache
- securityManager.realms=$userRealm
- cacheManager=org.apache.shiro.cache.ehcache.EhCacheManager
- cacheManager.cacheManagerConfigFile=classpath:shiro-ehcache.xml
- securityManager.cacheManager=$cacheManager
userRealm.cachingEnabled: enable caching, default false;
userRealm.authenticationCachingEnabled : Enable authentication caching, that is, cache AuthenticationInfo information, the default is false ;
userRealm.authenticationCacheName : the cache name for caching AuthenticationInfo information;
userRealm. authorizationCachingEnabled : Enable authorization caching, that is, cache AuthorizationInfo information, default false ;
userRealm. authorizationCacheName : the cache name for caching AuthorizationInfo information;
cacheManager:缓存管理器,此处使用EhCacheManager,即Ehcache实现,需要导入相应的Ehcache依赖,请参考pom.xml;
因为测试用例的关系,需要将Ehcache的CacheManager改为使用VM单例模式:
this.manager = new net.sf.ehcache.CacheManager(getCacheManagerConfigFileInputStream());
改为
this.manager = net.sf.ehcache.CacheManager.create(getCacheManagerConfigFileInputStream());
测试用例
- @Test
- public void testClearCachedAuthenticationInfo() {
- login(u1.getUsername(), password);
- userService.changePassword(u1.getId(), password + "1");
- RealmSecurityManager securityManager =
- (RealmSecurityManager) SecurityUtils.getSecurityManager();
- UserRealm userRealm = (UserRealm) securityManager.getRealms().iterator().next();
- userRealm.clearCachedAuthenticationInfo(subject().getPrincipals());
- login(u1.getUsername(), password + "1");
- }
首先登录成功(此时会缓存相应的AuthenticationInfo),然后修改密码;此时密码就变了;接着需要调用Realm的clearCachedAuthenticationInfo方法清空之前缓存的AuthenticationInfo;否则下次登录时还会获取到修改密码之前的那个AuthenticationInfo;
- @Test
- public void testClearCachedAuthorizationInfo() {
- login(u1.getUsername(), password);
- subject().checkRole(r1.getRole());
- userService.correlationRoles(u1.getId(), r2.getId());
- RealmSecurityManager securityManager =
- (RealmSecurityManager) SecurityUtils.getSecurityManager();
- UserRealm userRealm = (UserRealm)securityManager.getRealms().iterator().next();
- userRealm.clearCachedAuthorizationInfo(subject().getPrincipals());
- subject().checkRole(r2.getRole());
- }
和之前的用例差不多;此处调用Realm的clearCachedAuthorizationInfo清空之前缓存的AuthorizationInfo;
另外还有clearCache,其同时调用clearCachedAuthenticationInfo和clearCachedAuthorizationInfo,清空AuthenticationInfo和AuthorizationInfo。
UserRealm还提供了clearAllCachedAuthorizationInfo、clearAllCachedAuthenticationInfo、clearAllCache,用于清空整个缓存。
在某些清空下这种方式可能不是最好的选择,可以考虑直接废弃Shiro的缓存,然后自己通过如AOP机制实现自己的缓存;可以参考:
https://github.com/zhangkaitao/es/tree/master/web/src/main/java/com/sishuok/es/extra/aop
另外如果和Spring集成时可以考虑直接使用Spring的Cache抽象,可以考虑使用SpringCacheManagerWrapper,其对Spring Cache进行了包装,转换为Shiro的CacheManager实现:
Session缓存
当我们设置了SecurityManager的CacheManager时,如:
- securityManager.cacheManager=$cacheManager
当我们设置SessionManager时:
- sessionManager=org.apache.shiro.session.mgt.DefaultSessionManager
- securityManager.sessionManager=$sessionManager
如securityManager实现了SessionsSecurityManager,其会自动判断SessionManager是否实现了CacheManagerAware接口,如果实现了会把CacheManager设置给它。然后sessionManager会判断相应的sessionDAO(如继承自CachingSessionDAO)是否实现了CacheManagerAware,如果实现了会把CacheManager设置给它;如第九章的MySessionDAO就是带缓存的SessionDAO;其会先查缓存,如果找不到才查数据库。
对于CachingSessionDAO,可以通过如下配置设置缓存的名称:
- sessionDAO=com.github.zhangkaitao.shiro.chapter11.session.dao.MySessionDAO
- sessionDAO.activeSessionsCacheName=shiro-activeSessionCache
activeSessionsCacheName is shiro-activeSessionCache by default .