Disclaimer: This article is a blogger original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.
Why do we need buffer management?
Generally speaking, we are on the right information in the database. For each access request front end, we must perform a database query, if the right information for a scene change is not very frequent, every time the front page access permissions are a lot of database queries is very uneconomical. Therefore, it is necessary to use a caching scheme for permission data.
Note: User authentication is not provided caching, because only log in once with a database query, the database to bring much pressure.
Shiro cache mode
About Shiro rights data cache mode can be divided into 2 categories
- The cached permission data to the centralized storage middleware, such redis
- The cached data to the local authority
Shiro use cached method
Shiro provides a cache implementation can support specific abstract API interface org.apache.shiro.cache.CacheManager, allows users the flexibility to select specific CacheManager according to their needs.
My method is as follows, we can cautiously refer to:
Open method of increasing the cache
//开启缓存
@Bean
public EhCacheManager ehCacheManager() {
EhCacheManager ehCacheManager = new EhCacheManager();
ehCacheManager.setCacheManagerConfigFile("classpath:shiro/ehcache-shiro.xml");
return ehCacheManager;
}
Set on a Realm cache implementation of management methods and certification will join their Realm container method
//将自己的验证方式加入容器
@Bean(name = "myRealm")
public MyRealm myRealm(HashedCredentialsMatcher matcher) {
MyRealm myRealm = new MyRealm();
myRealm.setCredentialsMatcher(matcher);
myRealm.setCacheManager(ehCacheManager());
return myRealm;
}
//Realm的管理认证
@Bean
public DefaultWebSecurityManager securityManager(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm(matcher));
//自定义缓存实现
securityManager.setCacheManager(ehCacheManager());
return securityManager;
}
Increased profile
<?xml version="1.0" encoding="UTF-8"?>
<ehcache name="es">
<diskStore path="java.io.tmpdir"/>
<!--
name:缓存名称。
maxElementsInMemory:缓存最大数目
maxElementsOnDisk:硬盘最大缓存个数。
eternal:对象是否永久有效,一但设置了,timeout将不起作用。
overflowToDisk:是否保存到磁盘,当系统当机时
timeToIdleSeconds:设置对象在失效前的允许闲置时间(单位:秒)。仅当eternal=false对象不是永久有效时使用,可选属性,默认值是0,也就是可闲置时间无穷大。
timeToLiveSeconds:设置对象在失效前允许存活时间(单位:秒)。最大时间介于创建时间和失效时间之间。仅当eternal=false对象不是永久有效时使用,默认是0.,也就是对象存活时间无穷大。
diskPersistent:是否缓存虚拟机重启期数据 Whether the disk store persists between restarts of the Virtual Machine. The default value is false.
diskSpoolBufferSizeMB:这个参数设置DiskStore(磁盘缓存)的缓存区大小。默认是30MB。每个Cache都应该有自己的一个缓冲区。
diskExpiryThreadIntervalSeconds:磁盘失效线程运行时间间隔,默认是120秒。
memoryStoreEvictionPolicy:当达到maxElementsInMemory限制时,Ehcache将会根据指定的策略去清理内存。默认策略是LRU(最近最少使用)。你可以设置为FIFO(先进先出)或是LFU(较少使用)。
clearOnFlush:内存数量最大时是否清除。
memoryStoreEvictionPolicy:
Ehcache的三种清空策略;
FIFO,first in first out,这个是大家最熟的,先进先出。
LFU, Less Frequently Used,就是上面例子中使用的策略,直白一点就是讲一直以来最少被使用的。如上面所讲,缓存的元素有一个hit属性,hit值最小的将会被清出缓存。
LRU,Least Recently Used,最近最少使用的,缓存的元素有一个时间戳,当缓存容量满了,而又需要腾出地方来缓存新的元素的时候,那么现有缓存元素中时间戳离当前时间最远的元素将被清出缓存。
-->
<defaultCache
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="120"
timeToLiveSeconds="120"
overflowToDisk="false"
diskPersistent="false"
diskExpiryThreadIntervalSeconds="120"
/>
<!-- 登录记录缓存锁定10分钟 -->
<cache name="passwordRetryCache"
maxEntriesLocalHeap="2000"
eternal="false"
timeToIdleSeconds="3600"
timeToLiveSeconds="0"
overflowToDisk="false"
statistics="true">
</cache>
</ehcache>
test
Add log doGetAuthorizationInfo method MyRealm in. Found in the print log permission to do the first time check, after never print the log, cache management that we achieve success.
Shiro placed Deliverable
Here we are realized the cache management configuration class of Shiro
package edu.szu.manager.config;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import java.util.LinkedHashMap;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
/**
* Shiro配置类
* @author 30309
*
*/
@Configuration
public class ShiroConfig {
//设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//未登陆时,统一跳转至login.jsp
shiroFilterFactoryBean.setLoginUrl("/login");
//成功登陆后,统一跳转至index.jsp
shiroFilterFactoryBean.setSuccessUrl("/index");
//访问没有权限访问的界面
//shiroFilterFactoryBean.setUnauthorizedUrl("/out");
//设置权限
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
//将自己的验证方式加入容器
@Bean(name = "myRealm")
public MyRealm myRealm(HashedCredentialsMatcher matcher) {
MyRealm myRealm = new MyRealm();
myRealm.setCredentialsMatcher(matcher);
myRealm.setCacheManager(ehCacheManager());
return myRealm;
}
//Realm的管理认证
@Bean
public DefaultWebSecurityManager securityManager(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm(matcher));
//自定义缓存实现
securityManager.setCacheManager(ehCacheManager());
return securityManager;
}
//密码匹配凭证管理器
@Bean(name = "hashedCredentialsMatcher")
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
//采用MD5方式加密
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
//设置加密次数
hashedCredentialsMatcher.setHashIterations(1024);
return hashedCredentialsMatcher;
}
//开启缓存
@Bean
public EhCacheManager ehCacheManager() {
EhCacheManager ehCacheManager = new EhCacheManager();
ehCacheManager.setCacheManagerConfigFile("classpath:shiro/ehcache-shiro.xml");
return ehCacheManager;
}
//加入注解的使用
@Bean
@DependsOn({"lifecycleBeanPostProcessor"})
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
//加入注解的使用
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager(matcher));
return authorizationAttributeSourceAdvisor;
}
//加入注解的使用
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
Reference: Elaborate shiro seven: Cache
SpringBoot integration shiro, custom sessionManager