NutzCN Logo
问答 nutboot shiro securitymanager如何配置呢
发布于 1799天前 作者 Hamming 1263 次浏览 复制 上一个帖子 下一个帖子
标签:

nutboot shiro securitymanager如何配置呢
看了源码 貌似 没有 shiro securitymanager

8 回复

额,你要配什么。。。

通过 securitymanager 获取在线用户 sessionid 记录 并可以让它强制下线

注入shiroWebSecurityManager就好了

获取不到当前用户的session OnlineSession session = (OnlineSession) request.getAttribute("sid");

    /**
     * 同步会话数据到DB 一次请求最多同步一次 防止过多处理 需要放到Shiro过滤器之前
     */
    @Override
    protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        OnlineSession session = (OnlineSession) request.getAttribute("sid");
//        webSecurityManager.
        // 如果session stop了 也不同步
        // session停止时间,如果stopTimestamp不为null,则代表已停止
        if (session != null && session.getUserId() != null && session.getStopTimestamp() == null) {
            onlineSessionDAO.syncToDb(session);
        }
        return true;
    }

找到原因 未存入
又有问题
执行 Session session = onlineSessionDAO.readSession(subject.getSession().getId()); 异常

@IocBean
public class OnlineSessionDAO extends org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO{

异常信息

[DEBUG] 21:49:22.516 org.nutz.dao.impl.interceptor.DaoTimeInterceptor.filter(DaoTimeInterceptor.java:28) - time=2ms, sql=SELECT * FROM sys_user_online  WHERE sessionId='1572jj0mkig79rl47svrm96dp4'
org.apache.shiro.session.UnknownSessionException: There is no session with id [1572jj0mkig79rl47svrm96dp4]
	at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
	at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
	at io.nutz.nutzsite.common.starter.OnlineSessionFilter.isAccessAllowed(OnlineSessionFilter.java:86)
	at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
	at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
	at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.nutz.mvc.WhaleFilter.doFilter(WhaleFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at io.nutz.nutzsite.common.starter.XssFilterStarter.doFilter(XssFilterStarter.java:102)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602)
	at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:502)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
	at java.lang.Thread.run(Thread.java:748)

找不到对应的SID 难道是我获取session 方式不对么

session过期或者持久化配置错误就会这样

org.nutz.boot.starter.shiro.ShiroEnvStarter里面 方法
EnterpriseCacheSessionDAO 是new 一个出来 我这边 自己创建了一个类
如何通过配置文件 ioc注入OnlineSessionDAO
@IocBean
public class OnlineSessionDAO extends EnterpriseCacheSessionDAO {

    @IocBean(name = "shiroWebSessionManager")
    public WebSessionManager getWebSessionManager() {
        DefaultWebSessionManager webSessionManager = conf.make(DefaultWebSessionManager.class, "shiro.session.manager.");

        // 带缓存的shiro会话
        EnterpriseCacheSessionDAO sessionDAO = new EnterpriseCacheSessionDAO();
        sessionDAO.setSessionIdGenerator(new UU32SessionIdGenerator());
        webSessionManager.setSessionDAO(sessionDAO);
        //设置session会话超时时间
        webSessionManager.setGlobalSessionTimeout(conf.getLong(PROP_SESSION_MANAGER_GLOBALSESSIONTIMEOUT, 1800000));
        webSessionManager.setSessionValidationSchedulerEnabled(conf.getBoolean(PROP_SESSION_MANAGER_SVSE, true));
        webSessionManager.setSessionValidationInterval(conf.getLong(PROP_SESSION_MANAGER_SVI, 3600000));
        // cookie
        conf.putIfAbsent(PROP_SESSION_COOKIE_NAME, "sid");
        conf.putIfAbsent(PROP_SESSION_COOKIE_MAXAGE, "946080000");
        conf.putIfAbsent(PROP_SESSION_COOKIE_HTTPONLY, "true");

        SimpleCookie cookie = conf.make(SimpleCookie.class, "shiro.session.cookie.");
        webSessionManager.setSessionIdCookie(cookie);
        webSessionManager.setSessionIdCookieEnabled(true);

        webSessionManager.setCacheManager(ioc.get(CacheManager.class, "shiroCacheManager"));
        webSessionManager.setSessionListeners(appContext.getBeans(SessionListener.class));
        return webSessionManager;
    }

要覆盖原来的sessionDAO?报个issue或者发个pr吧

添加回复
请先登陆
回到顶部