ssm+shiro project integrated session sharing

Retrofit projects can be integrated

One integrated jwt

Articles I have referenced

1.  https://blog.csdn.net/qq_41219586/article/details/104600304
2. GitHub - FENGZHIJIE1998/shiro-auth: Use SpringBoot+SpringJPA+Swagger+Shiro to quickly build a permission management system with front-end and back-end separation
3. (4 messages) Understand at a glance! Springboot + Shiro + VUE front-end and back-end separation rights management system - Dazhi Blog - CSDN Blog
4. ShiroJwt: API SpringBoot + Shiro + Java-Jwt + Redis(Jedis)
5. https://blog.csdn.net/weixin_44215175/article/details/111412168
6. https://blog.csdn.net/weixin_44215175/article/details/111412168

Transforming shiro's authentication process to jwt authentication can be realized. After the integration transformation, I found that it does not meet the project business. 

Two integrated shiro-redis

Integration dependencies

<dependency>
    <groupId>org.crazycake</groupId>
    <artifactId>shiro-redis</artifactId>
    <version>3.3.1</version>
</dependency>

github has examples and documentation

https://github.com/alexxiyang/shiro-redis

Note that version 3.0.0 has the following problems

org.crazycake.shiro.exception.PrincipalInstanceException: Principal must implement org.crazycake.shiro.AuthCachePrincipal.
shiro-redis will get the key for store authorization object in Redis from org.crazycake.shiro.AuthCachePrincipal
So please use AuthCachePrincipal to tell shiro-redis how to get the cache key
For example: There is a class UserInfo which implements org.crazycake.shiro.AuthCachePrincipal. You can use this class to initial SimpleAuthenticationInfo like this:
UserInfo userInfo = new userInfo();
new SimpleAuthenticationInfo(userInfo, "123456", "realm1")

It is best not to use this version if you need to implement the AuthCachePrincipal interface 

For details, please see issues#56  https://github.com/alexxiyang/shiro-redis/issues/56

Note that 3.3.0 can only be compiled in higher than java11. Please use version 3.3.1 compiled by java8

Version 3.3.1 is also the latest version released

Maven warehouse history version

https://mvnrepository.com/artifact/org.apache.shiro/shiro-core/1.7.1

This is the method I am currently using. It is relatively simple and convenient to integrate and will not greatly change the certification business process of the project.

Personal spring configuration

<!--shiro session共享版设置start -->
	<!--shiro-redis docs地址 https://github.com/alexxiyang/shiro-redis/tree/master/docs-->
	<bean id="redisManager" class="org.crazycake.shiro.RedisManager">
		<property name="host" value="#{redis.host}:6379"/>
		<property name="password" value="#{redis.password}"/>
	</bean>
	<!--redisSessionDAO-->
	<bean id="redisSessionDAO" class="org.crazycake.shiro.RedisSessionDAO">
		<property name="redisManager" ref="redisManager" />
		<property name="keyPrefix" value="shiro:mysession:" />
		<!--		<property name="expire" value="600" />-->
	</bean>
	<!--simpleCookie,不定义在集群环境下会出现There is no session with id ....-->
	<bean id="simpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
		<constructor-arg name="name" value="syscore.ssession"/>
		<property name="path" value="/"/>
	</bean>
	<!--sessionManager-->
	<bean id="cacheManager" class="org.crazycake.shiro.RedisCacheManager">
		<property name="redisManager" ref="redisManager" />
		<property name="keyPrefix" value="shiro:mycache:" />
		<property name="expire" value="600" />
	</bean>
	<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
		<property name="sessionDAO" ref="redisSessionDAO"/>
		<!-- <property name="globalSessionTimeout" value="-1000l"/>-->
		<!-- <property name="sessionValidationInterval" value="2000"/> -->
		<!-- <property name="sessionValidationSchedulerEnabled" value="true"/> -->
		<!-- 防止登录URL中带JSESSIONID -->
		<property name="sessionIdUrlRewritingEnabled" value="false" />
		<property name="sessionIdCookie" ref="simpleCookie"/>
		<!-- <property name="sessionIdCookieEnabled" value="true"/>-->
	</bean>
	<!-- 自定义Realm -->
	<bean id="myRealm" class="org.deyi.common.realm.MyRealm"/>

	<!-- 安全管理器 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="cacheManager" ref="cacheManager"/>
		<property name="sessionManager" ref="sessionManager"/>
		<!-- other configurations -->
		<property name="realm" ref="myRealm"/>
		<property name="rememberMeManager.cipherKey" value="kPH+bIxk5D2deZiIxcaaaA==" />
	</bean>

	
	<bean id="userFormAuthenticationFilter" class="org.deyi.common.filter.UserFormAuthenticationFilter"></bean>
	<!-- Shiro过滤器 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
		<!--自定义过滤器  -->
	     <property name="filters">
            <util:map>
              <entry key="authc" value-ref="userFormAuthenticationFilter" />
            </util:map>
        </property> 
	    <!-- Shiro的核心安全接口,这个属性是必须的 -->  
	    <property name="securityManager" ref="securityManager"/>
	    <!-- 身份认证失败，则跳转到登录页面的配置 -->  
	    <property name="loginUrl" value="/login.jsp"/>
	    <!-- 权限认证失败，则跳转到指定页面 -->  
	    <property name="unauthorizedUrl" value="/unauthor.jsp"/>  
	    
	    <!-- Shiro连接约束配置,即过滤链的定义 -->  
	    <property name="filterChainDefinitions">  
	        <value>
                ***
				/**= authc
	        </value>  
	    </property>
	</bean>  
	
	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->  
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>  
	
	<!-- 开启Shiro注解 -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>  
  		<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">  
  	  <property name="securityManager" ref="securityManager"/>  
    </bean>  

Three integrated cas

I didn't use this implementation, but I still organized a blog for reference

(7 messages) CAS+Shiro implements authority management_The wind in the second half of the night-CSDN blog