1.背景
我们在开发过程中,可能涉及到多个应用分布式不是的场景,之前我们session都是存在本机的缓存中,但不到分布式session的场景
2环境搭建
maven 依赖
<!-- 集群环境,需要打开注释 -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
复制代码
配置文件
spring:
application:
name: spring-shiro
redis:
host:
port:
username:
password:
lettuce:
pool:
max-active:
min-idle:
max-idle:
timeout:
session:
store-type: redis
复制代码
ShiroConfig
@Configuration
public class ShiroConfig {
/**
* 集群环境,session交给spring-session管理
*/
@Bean
public ServletContainerSessionManager servletContainerSessionManager() {
return new ServletContainerSessionManager();
}
@Bean("securityManager")
public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setCacheManager(new EhCacheManager());
securityManager.setRealm(userRealm);
securityManager.setSessionManager(sessionManager);
securityManager.setRememberMeManager(null);
return securityManager;
}
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl("/login.html");
shiroFilter.setUnauthorizedUrl("/");
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/swagger/**", "anon");
filterMap.put("/v2/api-docs", "anon");
filterMap.put("/swagger-ui.html", "anon");
filterMap.put("/webjars/**", "anon");
filterMap.put("/swagger-resources/**", "anon");
filterMap.put("/statics/**", "anon");
/* filterMap.put("/templates/**", "anon");
filterMap.put("/modules/**", "anon");*/
filterMap.put("/login.html", "anon");
filterMap.put("/sys/login", "anon");
filterMap.put("/favicon.ico", "anon");
filterMap.put("/captcha.jpg", "anon");
filterMap.put("/**", "authc");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 开始shiro的权限注解
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
复制代码
3.问题
3.1 分布式session也是使用cookie方式,我想使用hearder的方式可以么?
答案是可以的
HeaderHttpSessionIdResolver
/**
* 这种方式是前后端分离的场景使用
* hearer中增加X-Auth-Token:sessionID
* @return
*/
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
return HeaderHttpSessionIdResolver.xAuthToken();
}
复制代码
我们看spring-session的源码发现,其实有个2中session的处理器分别为
- HttpSessionIdResolver 实现类为:HeaderHttpSessionIdResolver和CookieHttpSessionIdResolver
- 默认为:CookieHttpSessionIdResolver
当然我们可以自定义自己的sessonIdResolver。这里有兴趣的朋友可以自己学习一下
近期评论