67,513
社区成员
发帖
与我相关
我的任务
分享
<!-- 缓存管理器 使用Ehcache实现 -->
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />
</bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realms">
<list>
<ref bean="securityRealm" />
</list>
</property>
<!-- cacheManager,集合spring缓存工厂 -->
<property name="cacheManager" ref="shiroEhcacheManager" />
<property name="sessionManager" ref="sessionManager" /> <!-- 注释后 没有问题 -->
</bean>
<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="shiro-activeSessionCache" />
<property name="sessionIdGenerator" ref="sessionIdGenerator" />
</bean>
<bean id="sessionIdGenerator"
class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
<!-- 会话管理器 -->
<!-- 全局的会话信息设置成30分钟,sessionValidationSchedulerEnabled参数就是是否开启扫描 -->
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="60000" />
<property name="deleteInvalidSessions" value="true" />
<property name="sessionValidationSchedulerEnabled" value="true" />
<property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
<property name="sessionDAO" ref="sessionDAO" />
</bean>
<!-- 会话验证调度器 -->
<!-- 全局的会话信息检测扫描信息间隔30分钟 -->
<bean id="sessionValidationScheduler"
class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">
<property name="sessionValidationInterval" value="60000" />
<property name="sessionManager" ref="sessionManager" />
</bean>
@RequestMapping(value = "/validate", method = RequestMethod.POST)
public String login(User user, BindingResult result, Model model, HttpServletRequest request) {
try {
Subject subject = SecurityUtils.getSubject();
// 已登陆则 跳到首页
if (subject.isAuthenticated()) {
return "redirect:/shiro/index";
}
if (result.hasErrors()) {
model.addAttribute("error", "参数错误!");
return "redirect:/shiro/login";
}
UsernamePasswordToken token = new UsernamePasswordToken(user.getAccount(), user.getPasswd());
// 身份验证
subject.login(token);
// 验证成功在Session中保存用户信息
final User authUserInfo = userServiceImpl.authentication(user.getAccount(), MD5.crypt(user.getPasswd()));
Session session = SecurityUtils.getSubject().getSession();
session.setAttribute("userInfo", authUserInfo);
} catch (AuthenticationException e) {
// 身份验证失败
model.addAttribute("error", "用户名或密码错误 !");
return "redirect:/shiro/login";
}
return "redirect:/shiro/index";
}
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="60000" />
<property name="deleteInvalidSessions" value="true" />
<property name="sessionValidationSchedulerEnabled" value="true" />
<property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
<property name="sessionDAO" ref="sessionDAO" />
<property name="sessionIdCookie.name" value="jsid"/>
<property name="sessionIdCookie.path" value="/"/>
</bean>
这是我的解决办法