Home > Others

Rewrite session with Shiro

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Let's take a look at our basic usage:

@RequestMapping ("/index") public Modelandview Index (HttpSession session) {System.out.println (Session.getid ());    Modelandview Modelandview = new Modelandview ("Main/index"); return Modelandview;}

If we add breakpoints for debugging, we can see that the session type is:

Org.apache.catalina.session.StandardSessionFacade

Relies on the Tomcat container.

Shiro is a very good user-role-rights management framework, specific to Google. Of course, Shiro also provides session management modules, and now we use shiro+spring to implement a container-independent session.

  2. Introducing the Shiro Jar package

  3. <properties>    <shiroVersion>1.2.3</shiroVersion></properties> <dependencies>    <dependency>         <groupid>org.apache.shiro</groupid>        <artifactid >shiro-core</artifactid>        <version>${shiroversion }</version>    </dependency>    <dependency>         <groupId>org.apache.shiro</groupId>         <artifactId>shiro-web</artifactId>         <version>${shiroVersion}</version>    </dependency>     <dependency>        <groupId> Org.apache.shiro</groupid>        <artifactid>shiro-ehcache</artifactid>         <version>${shiroVersion}</version>     </dependency>    <dependency>         <groupId>org.apache.shiro</groupId>        < artifactid>shiro-spring</artifactid>        <version>${ Shiroversion}</version>    </dependency></dependencies>

  5. Configuration Shiro (web. xml)

  7. <filter> <filter-name>shiroFilter</filter-name> <filter-class> Org.springframework.web.filter.delegatingfilterproxy</filter-class> <init-param> <param-name>t Argetfilterlifecycle</param-name> <param-value>true</param-value> </init-param></filt Er><filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>*.html</ Url-pattern></filter-mapping>

  9. Configuring Shiro (Spring)

  10. <bean id= "SecurityManager"  class= "Org.apache.shiro.web.mgt.DefaultWebSecurityManager" >     <property name= "SessionManager"  ref= "SessionManager"/></bean><bean  id= "Shirofilter"  class= "Org.apache.shiro.spring.web.ShiroFilterFactoryBean" >     <property name= "SecurityManager"  ref= "SecurityManager"/></bean><bean id= " SessionManager " class=" Com.whereta.model.DemoSessionManager ">    <property  name= "Globalsessiontimeout"  value= " />    <property name=" Deleteinvalidsessions " value=" true " />    <property name=" Sessionvalidationschedulerenabled " value=" false " />    <property name = "Sessiondao"  ref= "Sessiondao"  /></bean><bean id= "Sessionidgenerator"  class= " Org.apache.shiro.session.mgt.eis.Javauuidsessionidgenerator " /><bean id=" Democache " class=" Com.whereta.model.DemoCache "  /><bean id= "Sessiondao"  class= " Org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO ">    <property name= "Sessionidgenerator"  ref= "Sessionidgenerator"  />    <property name= " Activesessionscache " ref=" Democache "/></bean>

  12. Specific class usage 

  13. package com.whereta.model;import org.apache.shiro.cache.cache;import  org.apache.shiro.cache.cacheexception;import org.apache.shiro.session.session;import  java.io.serializable;import java.util.collection;import java.util.hashmap;import java.util.map; import java.util.set;/** *  This class is a caching tool class that provides methods for storing and retrieving sessions  *  @author  vincent *   @time  2015/7/27 15:00 */public class DemoCache implements Cache< serializable, session> {    //Analog Cache Store Session object     private  static final Map<Serializable, Session> map = new HashMap< Serializable, session> ();     public session get (Serializable key)  throws cacheexception {        //gets the session from the cache based on key         return maP.get (key);     }    public session put (Serializable key ,  session value)  throws CacheException {         //the session object into the cache         map.put (Key, value);         return value;    }    public  session remove (Serializable key)  throws CacheException {         //remove the object that is key in Session         Session  Session = get (Key);        if  (session !=  NULL)  {            session.setattribute (key,  null);            return session;         }        return null;    }     public void clear ()  throws CacheException {         //Clear All the Session        map.clear ();     }    public int size ()  {         //returns the number of Session         return map.size ();     }    public set<serializable> keys ()  {         //return all Key        return of the session  map.keyset ();    }    public collection<session>  values ()  {        //returns all session         return map.values ();     }} 
  15. package com.whereta.model;import  org.apache.shiro.session.session;import org.apache.shiro.session.mgt.eis.sessionidgenerator;import  Java.io.serializable;/** * sessionid generation Tools  *  @author  Vincent *  @time   2015/7/27 11:45 */public class demosessionidgenerator implements  Sessionidgenerator {    public serializable generateid (Session session )  {        //Custom rule generation sessionid         return system.currenttimemillis ();     }} 
  16. package com.whereta.model;import org.apache.commons.logging.log;import  org.apache.commons.logging.logfactory;import org.apache.shiro.session.session;import  org.apache.shiro.session.mgt.sessioncontext;import org.apache.shiro.web.servlet.shirohttpservletrequest; import org.apache.shiro.web.session.mgt.defaultwebsessionmanager;import  org.apache.shiro.web.util.webutils;import javax.servlet.servletrequest;import  javax.servlet.servletresponse;import javax.servlet.http.httpservletrequest;import  java.io.serializable;import java.util.hashmap;import java.util.map;/** *  Integrated Websession Manager, Rewrite two ways to implement your own needs  *  @author  Vincent *  @time  2015/7/27 15:35 */public  class demosessionmanager extends defaultwebsessionmanager {    //Custom Cache , storage    Client-sessionid    public static final map<string, Serializable>&nBsp Map=new hashmap<string, serializable> ();     private static log  log = logfactory.getlog (demosessionmanager.class);     @Override      protected serializable getsessionid (servletrequest request,  Servletresponse response)  {        HttpServletRequest  req=  (HttpServletRequest)  request;        // Assume that the only one client is labeled with the request address key         String remoteHost =  Req.getremotehost ();         //Cache          serializable id = map.get (remotehost);         return id;    }     @Override      Protected void onstart (session session,  Sessioncontext context)  {        //to determine if it is an HTTP request          if  (! Webutils.ishttp (context))  {             Log.debug ("Sessioncontext argument is not http compatible or does not  have an HTTP request/response  " +                      "Pair. no session  id cookie will be set. ");             return;         }        httpservletrequest request =  webutils.gethttprequest (context);         request.removeattribute (shirohttpservletrequest.referenced_session_id_source);         request.setattribute ( Shirohttpservletrequest.referenced_session_is_new, boolean.true);         string remotehost = request.getremotehost ();         serializable id = session.getid ();         Map.put (remotehost,id);     }}


    With the above configuration, you can run the view session again, which has become a Shiro custom session.

  18. Org.apache.shiro.web.servlet.ShiroHttpSession

Rewrite session with Shiro

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
apache shiro php login example with session php login form with session php login script with session php protected page with session php login code with session php login and logout script with session

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More