How do I cache the session? Principle:
Shiro has 1 classes, Authorizingrealm Authenticatingrealm, there is a method to obtain authentication information,
In the Authenticatingrealm Getauthenticationinfo;getauthenticationinfo method
public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info = getCachedAuthenticationInfo(token); if (info == null) { //otherwise not cached, perform the lookup: info = doGetAuthenticationInfo(token); log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info); if (token != null && info != null) { cacheAuthenticationInfoIfPossible(token, info); } } else { log.debug("Using cached authentication info [{}] to perform credentials matching.", info); } if (info != null) { assertCredentialsMatch(token, info); } else { log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token); } return info; }
Get cache authentication Information First AuthenticationInfo
- If info is empty, call Dogetauthenticationinfo to fetch the authentication information and call Cacheauthenticationinfoifpossible to cache the authentication information.
- If the cache information is not empty, the token and authentication information are compared, and then the info is returned
Realize
Shiro provides an interface to the cache operation Abstractsessiondao, just implement the interface, the cache operation, the underlying cache library is the library can be, the use of MongoDB.
Assuming that the implementation class is Shiromongosessiondao, simply inject it into the defaultwebsessionmanager and inject it into the SecurityManager.
Reference code:
/** * Shiro Session Management */@Bean public Defaultwebsessionmanager SessionManager () {defaultwebsess Ionmanager SessionManager = new Defaultwebsessionmanager (); The implementation class Sessionmanager.setsessiondao (Shiromongosessiondao) that injects the custom Sessiondao operation; Set the security cookie name to g_s and expiration time this cookie is the specification provided by Shiro Sessionmanager.setsessionidcookieenabled (true); Simplecookie Simplecookie = new Simplecookie (); Simplecookie.setname ("g_s"); Simplecookie.setmaxage (60 * 60 * 24 * 30); Sessionmanager.setsessionidcookie (Simplecookie); Sessionmanager.setglobalsessiontimeout (60 * 60 * 24 * 30 * 1000); return sessionmanager; } @Bean Public SecurityManager SecurityManager () {Defaultwebsecuritymanager SecurityManager = new Defaul Twebsecuritymanager (); The implementation of the custom cache session and cache can be Securitymanager.setcachemanager (Shiromongocachemanager) using Redis and MongoDB; Securitymanager.setsessionmanager (SessionManager ()); Securitymanager.setrealm (Myshirorealm); return SecurityManager; }
How do I cache caching for authorization information?
Principle:
Shiro has 1 classes, Authorizingrealm, which has a method of obtaining authorization information,
Authorizingrealm Getauthorizationinfo
The rationale is similar to session caching
Code reference Address
Https://github.com/starmoon1994/shiro-collection
2522-shiro Series-Storage of authentication session and authorization cache using cache