2522-shiro Series-Storage of authentication session and authorization cache using cache

How do I cache the session? Principle:

Shiro has 1 classes, Authorizingrealm Authenticatingrealm, there is a method to obtain authentication information,
In the Authenticatingrealm Getauthenticationinfo;getauthenticationinfo method

   public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {        AuthenticationInfo info = getCachedAuthenticationInfo(token);        if (info == null) {            //otherwise not cached, perform the lookup:            info = doGetAuthenticationInfo(token);            log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);            if (token != null && info != null) {                cacheAuthenticationInfoIfPossible(token, info);            }        } else {            log.debug("Using cached authentication info [{}] to perform credentials matching.", info);        }        if (info != null) {            assertCredentialsMatch(token, info);        } else {            log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}].  Returning null.", token);        }        return info;    }

Get cache authentication Information First AuthenticationInfo

• If info is empty, call Dogetauthenticationinfo to fetch the authentication information and call Cacheauthenticationinfoifpossible to cache the authentication information.
• If the cache information is not empty, the token and authentication information are compared, and then the info is returned

Realize

Shiro provides an interface to the cache operation Abstractsessiondao, just implement the interface, the cache operation, the underlying cache library is the library can be, the use of MongoDB.

Assuming that the implementation class is Shiromongosessiondao, simply inject it into the defaultwebsessionmanager and inject it into the SecurityManager.

Reference code:

    /** * Shiro Session Management */@Bean public Defaultwebsessionmanager SessionManager () {defaultwebsess        Ionmanager SessionManager = new Defaultwebsessionmanager ();        The implementation class Sessionmanager.setsessiondao (Shiromongosessiondao) that injects the custom Sessiondao operation;        Set the security cookie name to g_s and expiration time this cookie is the specification provided by Shiro Sessionmanager.setsessionidcookieenabled (true);        Simplecookie Simplecookie = new Simplecookie ();        Simplecookie.setname ("g_s");        Simplecookie.setmaxage (60 * 60 * 24 * 30);        Sessionmanager.setsessionidcookie (Simplecookie);        Sessionmanager.setglobalsessiontimeout (60 * 60 * 24 * 30 * 1000);    return sessionmanager; } @Bean Public SecurityManager SecurityManager () {Defaultwebsecuritymanager SecurityManager = new Defaul        Twebsecuritymanager ();        The implementation of the custom cache session and cache can be Securitymanager.setcachemanager (Shiromongocachemanager) using Redis and MongoDB; Securitymanager.setsessionmanager (SessionManager ());        Securitymanager.setrealm (Myshirorealm);    return SecurityManager; }

How do I cache caching for authorization information?

Principle:
Shiro has 1 classes, Authorizingrealm, which has a method of obtaining authorization information,
Authorizingrealm Getauthorizationinfo

The rationale is similar to session caching

Code reference Address

Https://github.com/starmoon1994/shiro-collection

2522-shiro Series-Storage of authentication session and authorization cache using cache