我希望我的shiro会话在用户登录系统1分钟后过期,但是当我第一次登录我的应用程序时出现了一些问题,一切正常,但是当我登录页面时它没有转发到我的登录页面尝试在1分钟后第二次登录。我的applicationContext-shiro.xml中的所有位置都已开启,我也在web.xml设置了会话超时。我想要一些帮助,无论如何,谢谢。
的applicationContext-shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
default-lazy-init="true">
<description>Shiro Configuration</description>
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">
<property name="sessionValidationInterval" value="60000"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<bean id="sessionManager" class="org.apache.shiro.session.mgt.DefaultSessionManager">
<property name="globalSessionTimeout" value="60000"/>
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<property name="sessionDAO" ref="sessionDAO"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm"/>
<property name="cacheManager" ref="cacheManager"/>
</bean>
<bean id="shiroDbRealm" class="com.aspire.cms.service.impl.ShiroDbRealm">
</bean>
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/main"/>
<!-- <property name="unauthorizedUrl"></property>-->
<property name="filterChainDefinitions">
<value>
/login = authc
/ajaxLogin = anon
/logout = logout
/static/** = anon
/** = user
</value>
</property>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true"/>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
</beans>
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:web="http://java.sun.com/xml/ns/javaee"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="migucms" version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath*:/applicationContext-shiro.xml
classpath*:/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.util.Log4jConfigListener
</listener-class>
</listener>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/mvc-dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
的LoginController
package com.aspire.cms.controller;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LoginController {
//private static final Logger logger = LoggerFactory.getLogger(LoginController.class);
/** GET
* @throws IOException */
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (SecurityUtils.getSubject().isAuthenticated()) {
response.sendRedirect(request.getContextPath() + "/main");
}
return "login";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ModelAndView fail(@RequestParam(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM) String userName, String password) {
ModelAndView mav = new ModelAndView("login");
mav.addObject(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, userName);
return mav;
}
@RequestMapping(value = "/ajaxLogin", method = RequestMethod.POST)
public @ResponseBody Object ajaxLogin(HttpServletRequest request, HttpServletResponse response,
@RequestParam String username, @RequestParam String password,
@RequestParam boolean rememberMe){
Subject currentUser = SecurityUtils.getSubject();
String success = "true";
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(rememberMe);
try{
currentUser.login(token);
// SecurityUtils.getSubject().getSession().setTimeout(60000);
success = "true";
} catch(UnknownAccountException ex) {
success = "1100";
} catch(IncorrectCredentialsException ex) {
success = "1101";
} catch(LockedAccountException ex) {
success = "1102";
} catch(AuthenticationException ex) {
success = "1103";
}
}
//Session session = SecurityUtils.getSubject().getSession(false);
return success;
}
@RequestMapping(value = "/isAuthenticated", method = RequestMethod.GET)
public @ResponseBody boolean isAuthenticated() {
Subject subject = SecurityUtils.getSubject();
boolean isAuthenticated = subject.isAuthenticated();
return isAuthenticated;
}
}
答案 0 :(得分:0)
您可能需要添加:
<property name="sessionManager" ref="sessionManager"/>
到你的securityManager bean。