为实现Web应用的分布式集群部署,要解决登录session的统一。本文利用shiro做权限控制,redis做session存储,结合spring boot快速配置实现session共享。

  1、引入相关依赖

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-data-redis</artifactId>

        </dependency>

             <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-spring</artifactId>

            <version>1.3.2</version>

        </dependency>

  2、Redis相关

  2.1.redis配置

  spring.redis.host=localhost

  spring.redis.port=6379

  spring.redis.password=

  2.2.redis缓存的对象必须序列化,通用序列化 

import org.springframework.core.convert.converter.Converter;

import org.springframework.core.serializer.support.DeserializingConverter;

import org.springframework.core.serializer.support.SerializingConverter;

import org.springframework.data.redis.serializer.RedisSerializer;

import org.springframework.data.redis.serializer.SerializationException;

/**

 * redis序列化对象

 */

public class RedisObjectSerializer implements RedisSerializer<Object> {

    private Converter<Object, byte[]> serializer = new SerializingConverter();

    private Converter<byte[], Object> deserializer = new DeserializingConverter();

    static final byte[] EMPTY_ARRAY = new byte[0];

    public Object deserialize(byte[] bytes) {

        if (isEmpty(bytes)) {

            return null;

        }

        try {

            return deserializer.convert(bytes);

        } catch (Exception ex) {

            throw new SerializationException("Cannot deserialize", ex);

        }

    }

    public byte[] serialize(Object object) {

        if (object == null) {

            return EMPTY_ARRAY;

        }

        try {

            return serializer.convert(object);

        } catch (Exception ex) {

            return EMPTY_ARRAY;

        }

    }

    private boolean isEmpty(byte[] data) {

        return (data == null || data.length == 0);

    }

}

  2.3 RedisTemplate 配置

import org.springframework.cache.CacheManager;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.data.redis.cache.RedisCacheManager;

import org.springframework.data.redis.connection.RedisConnectionFactory;

import org.springframework.data.redis.core.RedisTemplate;

import org.springframework.data.redis.serializer.StringRedisSerializer;

/**

 * redis 配置

 */

@Configuration

public class RedisConfig {

    @Bean

    public CacheManager cacheManager(RedisTemplate<Object, Object> redisTemplate) {

        RedisCacheManager cacheManager = new RedisCacheManager(redisTemplate);

        cacheManager.setDefaultExpiration(1800);

        return cacheManager;

    }

    @Bean

    public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory factory) {

        RedisTemplate<Object, Object> template = new RedisTemplate<Object, Object>();

        template.setConnectionFactory(factory);

        template.setKeySerializer(new StringRedisSerializer());

        template.setValueSerializer(new RedisObjectSerializer());

        return template;

    }

}

  3.Redis实现shiro的SessionDao存取session

import java.io.Serializable;

import java.util.concurrent.TimeUnit;

import javax.annotation.Resource;

import org.apache.shiro.session.Session;

import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.data.redis.core.RedisTemplate;

import org.springframework.stereotype.Component;

/**

 * redis实现共享session

 */

@Component

public class RedisSessionDAO extends EnterpriseCacheSessionDAO {

    private static Logger logger = LoggerFactory.getLogger(RedisSessionDAO.class);

    // session 在redis过期时间是30分钟30*60

    private static int expireTime = 1800;

    private static String prefix = "weiyou-shiro-session:";

    @Resource

    private RedisTemplate<String, Object> redisTemplate;

    // 创建session,保存到数据库

    @Override

    protected Serializable doCreate(Session session) {

        Serializable sessionId = super.doCreate(session);

        logger.debug("创建session:{}", session.getId());

        redisTemplate.opsForValue().set(prefix + sessionId.toString(), session);

        return sessionId;

    }

    // 获取session

    @Override

    protected Session doReadSession(Serializable sessionId) {

        logger.debug("获取session:{}", sessionId);

        // 先从缓存中获取session,如果没有再去数据库中获取

        Session session = super.doReadSession(sessionId);

        if (session == null) {

            session = (Session) redisTemplate.opsForValue().get(prefix + sessionId.toString());

        }

        return session;

    }

    // 更新session的最后一次访问时间

    @Override

    protected void doUpdate(Session session) {

        super.doUpdate(session);

        logger.debug("获取session:{}", session.getId());

        String key = prefix + session.getId().toString();

        if (!redisTemplate.hasKey(key)) {

            redisTemplate.opsForValue().set(key, session);

        }

        redisTemplate.expire(key, expireTime, TimeUnit.SECONDS);

    }

    // 删除session

    @Override

    protected void doDelete(Session session) {

        logger.debug("删除session:{}", session.getId());

        super.doDelete(session);

        redisTemplate.delete(prefix + session.getId().toString());

    }

}

  4.实现cache共享

import java.util.ArrayList;

import java.util.Collection;

import java.util.List;

import java.util.Set;

import java.util.concurrent.TimeUnit;

import org.apache.shiro.cache.Cache;

import org.apache.shiro.cache.CacheException;

import org.springframework.data.redis.core.RedisTemplate;

@SuppressWarnings("unchecked")

public class ShiroCache<K, V> implements Cache<K, V> {

    private static final String REDIS_SHIRO_CACHE = "weiyou-shiro-cache:";

    private String cacheKey;

    private RedisTemplate<K, V> redisTemplate;

    private long globExpire = 30;

    @SuppressWarnings("rawtypes")

    public ShiroCache(String name, RedisTemplate client) {

        this.cacheKey = REDIS_SHIRO_CACHE + name + ":";

        this.redisTemplate = client;

    }

    @Override

    public V get(K key) throws CacheException {

        redisTemplate.boundValueOps(getCacheKey(key)).expire(globExpire, TimeUnit.MINUTES);

        return redisTemplate.boundValueOps(getCacheKey(key)).get();

    }

    @Override

    public V put(K key, V value) throws CacheException {

        V old = get(key);

        redisTemplate.boundValueOps(getCacheKey(key)).set(value);

        return old;

    }

    @Override

    public V remove(K key) throws CacheException {

        V old = get(key);

        redisTemplate.delete(getCacheKey(key));

        return old;

    }

    @Override

    public void clear() throws CacheException {

        redisTemplate.delete(keys());

    }

    @Override

    public int size() {

        return keys().size();

    }

    @Override

    public Set<K> keys() {

        return redisTemplate.keys(getCacheKey("*"));

    }

    @Override

    public Collection<V> values() {

        Set<K> set = keys();

        List<V> list = new ArrayList<>();

        for (K s : set) {

            list.add(get(s));

        }

        return list;

    }

    private K getCacheKey(Object k) {

        return (K) (this.cacheKey + k);

    }

}

  实现shiro 的CacheManager

import javax.annotation.Resource;

import org.apache.shiro.cache.Cache;

import org.apache.shiro.cache.CacheException;

import org.apache.shiro.cache.CacheManager;

import org.springframework.data.redis.core.RedisTemplate;

public class RedisCacheManager implements CacheManager {

    @Resource

    private RedisTemplate<String, Object> redisTemplate;

    @Override

    public <K, V> Cache<K, V> getCache(String name) throws CacheException {

        return new ShiroCache<K, V>(name, redisTemplate);

    }

    public RedisTemplate<String, Object> getRedisTemplate() {

        return redisTemplate;

    }

    public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {

        this.redisTemplate = redisTemplate;

    }

}

5.配置

  

import java.util.HashMap;

import java.util.Map;

import javax.annotation.Resource;

import org.apache.shiro.session.mgt.SessionManager;

import org.apache.shiro.spring.LifecycleBeanPostProcessor;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;

import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

/**

 *

 * @author April.Chen

 */

//@Configuration

public class ShiroConfig {

    @Resource

    private RedisSessionDAO sessionDAO;

    @Bean

    public UserRealm getUserRealm() {

        return new UserRealm();

    }

    @Bean

    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {

        return new LifecycleBeanPostProcessor();

    }

    @Bean

    public RedisCacheManager redisCacheManager() {

        return new RedisCacheManager();

    }

    @Bean

    public SessionManager sessionManager() {

        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();

        sessionManager.setSessionDAO(sessionDAO);

        sessionManager.setGlobalSessionTimeout(1800);

        sessionManager.setCacheManager(redisCacheManager());

        return sessionManager;

    }

    @Bean

    public DefaultWebSecurityManager securityManager() {

        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

        securityManager.setSessionManager(sessionManager());

        securityManager.setCacheManager(redisCacheManager());

        return securityManager;

    }

    @Bean

    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() {

        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();

        aasa.setSecurityManager(securityManager());

        return new AuthorizationAttributeSourceAdvisor();

    }

    @Bean

    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {

        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();

        daap.setProxyTargetClass(true);

        return daap;

    }

    @Bean

    public ShiroFilterFactoryBean getShiroFilterFactoryBean() {

        Map<String, String> filterChainDefinitionMap = new HashMap<>();

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager());

        shiroFilterFactoryBean.setLoginUrl("/login");

        shiroFilterFactoryBean.setSuccessUrl("/index");

        filterChainDefinitionMap.put("/sa/**", "authc");

        filterChainDefinitionMap.put("/**", "anon");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;

    }

}

Spring Boot + Redis 实现Shiro集群的更多相关文章

  1. Spring Boot集成Hazelcast实现集群与分布式内存缓存

    Hazelcast是Hazelcast公司开源的一款分布式内存数据库产品,提供弹性可扩展.高性能的分布式内存计算.并通过提供诸如Map,Queue,ExecutorService,Lock和JCach ...

  2. Spring Boot项目配置RabbitMQ集群

    //具体参看了配置的源码 org.springframework.boot.autoconfigure.amqp.RabbitProperties //RabbitMQ单机 spring:   rab ...

  3. spring + spring-data-redist + Redis 单机、集群(cluster模式,哨兵模式)

    一.单机redis配置 1. 配置redis连接池 <bean id="jedisPoolConfig" class="redis.clients.jedis.Je ...

  4. Apache shiro集群实现 (七)分布式集群系统下---cache共享

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  5. Apache shiro集群实现 (六)分布式集群系统下的高可用session解决方案---Session共享

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  6. Redis 高可用集群

    Redis 高可用集群 Redis 的集群主从模型是一种高可用的集群架构.本章主要内容有:高可用集群的搭建,Jedis连接集群,新增集群节点,删除集群节点,其他配置补充说明. 高可用集群搭建 集群(c ...

  7. Apache shiro集群实现 (八) web集群时session同步的3种方法

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  8. Apache shiro集群实现 (五)分布式集群系统下的高可用session解决方案

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  9. Apache shiro集群实现 (四)shiro授权(Authentication)--访问控制

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

随机推荐

  1. 洛谷P2900 [USACO08MAR]土地征用Land Acquisition(斜率优化)

    题意 约翰准备扩大他的农场,眼前他正在考虑购买N块长方形的土地.如果约翰单买一块土 地,价格就是土地的面积.但他可以选择并购一组土地,并购的价格为这些土地中最大的长 乘以最大的宽.比如约翰并购一块3 ...

  2. LAMP实战之构建博客网站

    1.首先检查LAMP环境 [root@cairui htdocs]# ps -ef | grep httpd php Mar03 ? :: /opt/apache2.2.34/bin/httpd -k ...

  3. 浅谈python web框架django2.x

    1.Django简介 Python下有多款不同的 Web 框架,Django是最有代表性的一种.许多成功的网站和APP都基于Django. Django是一个开源的Web应用框架,由Python写成. ...

  4. c++ string.c_str()小结

    c++ const char *c_str(); c_str()函数返回一个指向正规C字符串的指针常量, 内容与本string串相同.(其实它指向的是string对象内部真正的char缓冲区),所以返 ...

  5. Opencv图像连通域

    [摘要] 本文介绍在图像处理领域中较为常用的一种图像区域(Blob)提取的方法——连通性分析法(连通区域标记法). 文中介绍了两种常见的连通性分析的算法:1)Two-pass:2)Seed-Filli ...

  6. java 柱状图、折线图、饼状图

    1.绘制柱状图: //BarChartTool工具类代码 package GUIview; import HibernateTool.HibernateTools; import ProductCla ...

  7. C语言中复杂的声明

    C允许用户自定义数据形式. 虽然我们常用一些简单的数据形式,但是根据需要有时候会用到复杂的形式. 那么久会涉及定义一些复杂的声明.定义复杂声明之前,就必须能看懂复杂的声明. 这就需要了解一些规则和约定 ...

  8. day_05 字典

    1. 字典 1.成对保存数据 ,以key:value形式保存 2.以{}表示,每项内容都是key:value,元素之间用逗号隔开 3.key是不可重复的 4.字典以hash算法来计算key的hash值 ...

  9. Ancoda 下的python多版本共存

    Ancoda 下的python多版本共存 virtualenv python 多版本共存 Pip, Virtualenv 和Fabric 被称为python 的三大神器,Pip 是包管理工具,Virt ...

  10. my27_OGG MySQL To MySQL错误汇总

    OGG-00446 2019-02-12T14:57:57.668+0800 ERROR OGG-00446 Oracle GoldenGate Delivery for MySQL, r1.prm: ...