我想最近做会话属性验证。我做了一个拦截器,当请求到来时,它会让shiro会话在session中设置一些属性。但是我发现在使用{时我总是得到不同的shiro会话{1}}用于已登录系统的同一用户。
这是shiro配置xml
getSession()http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" 默认延迟实例="真">
<?xml version="1.0" encoding="UTF-8"?>
以下是获取shiro会话的代码
<description>Shiro Configuration</description>
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<bean id="sessionManager" class="org.apache.shiro.session.mgt.DefaultSessionManager">
<property name="globalSessionTimeout" value="3600000"/>
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<property name="sessionDAO" ref="sessionDAO"/>
</bean>
<!--<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.ExecutorServiceSessionValidationScheduler ">
<property name="interval" value="60000"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>-->
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<constructor-arg name="sessionManager" ref="sessionManager"/>
<property name="interval" value="3600000"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm"/>
<property name="cacheManager" ref="cacheManager"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<bean id="shiroDbRealm" class="com.aspire.cms.service.impl.ShiroDbRealm">
</bean>
<bean id="systemLogoutFilter" class="com.aspire.cms.filter.SystemLogoutFilter"></bean>
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/main"/>
<property name="unauthorizedUrl" value="/login"/>
<property name="filters">
<map>
<entry key="logout" value-ref="systemLogoutFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/login = authc
/ajaxLogin = anon
/logout = logout
/static/** = anon
/** = user
</value>
</property>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true"/>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>