spring boot实战教程之shiro session过期时间详解
发布时间:2020-12-14 22:19:26 所属栏目:Java 来源:网络整理
导读:前言 众所周知在spring boot内,设置session过期时间只需在 application.properties 内添加 server.session.timeout 配置即可。在整合shiro时发现, server.session.timeout 设置为7200,但未到2小时就需要重新登录,后来发现是shiro的session已经过期了,sh
前言 众所周知在spring boot内,设置session过期时间只需在 ShiroSessionFilter /** * 通过拦截器设置shiroSession过期时间 * @author yangwk */ public class ShiroSessionFilter implements Filter { private static Logger logger = LoggerFactory.getLogger(ShiroSessionFilter.class); public List<String> excludes = new ArrayList<String>(); private long serverSessionTimeout = 180000L;//ms public void doFilter(ServletRequest request,ServletResponse response,FilterChain filterChain) throws IOException,ServletException { if(logger.isDebugEnabled()){ logger.debug("shiro session filter is open"); } HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; if(handleExcludeURL(req,resp)){ filterChain.doFilter(request,response); return; } Subject currentUser = SecurityUtils.getSubject(); if(currentUser.isAuthenticated()){ currentUser.getSession().setTimeout(serverSessionTimeout); } filterChain.doFilter(request,response); } private boolean handleExcludeURL(HttpServletRequest request,HttpServletResponse response) { if (excludes == null || excludes.isEmpty()) { return false; } String url = request.getServletPath(); for (String pattern : excludes) { Pattern p = Pattern.compile("^" + pattern); Matcher m = p.matcher(url); if (m.find()) { return true; } } return false; } @Override public void init(FilterConfig filterConfig) throws ServletException { if(logger.isDebugEnabled()){ logger.debug("shiro session filter init~~~~~~~~~~~~"); } String temp = filterConfig.getInitParameter("excludes"); if (temp != null) { String[] url = temp.split(","); for (int i = 0; url != null && i < url.length; i++) { excludes.add(url[i]); } } String timeout = filterConfig.getInitParameter("serverSessionTimeout"); if(StringUtils.isNotBlank(timeout)){ this.serverSessionTimeout = NumberUtils.toLong(timeout,1800L)*1000L; } } @Override public void destroy() {} } 注册filter 在被@Configuration注解标注的类内注册ShiroSessionFilter。 @Value("${server.session.timeout}") private String serverSessionTimeout; @Bean public FilterRegistrationBean shiroSessionFilterRegistrationBean() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(new ShiroSessionFilter()); filterRegistrationBean.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE); filterRegistrationBean.setEnabled(true); filterRegistrationBean.addUrlPatterns("/*"); Map<String,String> initParameters = Maps.newHashMap(); initParameters.put("serverSessionTimeout",serverSessionTimeout); initParameters.put("excludes","/favicon.ico,/img/*,/js/*,/css/*"); filterRegistrationBean.setInitParameters(initParameters); return filterRegistrationBean; } 这样当每次请求时,如果用户已登录,就重新设置shiro session有效期,从而和server session保持了一致。 总结 以上就是这篇文章的全部内容,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对编程小技巧的支持。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |