增加会话管理器

This commit is contained in:
shuzheng 2017-02-21 00:00:40 +08:00
parent 4f849bc241
commit 912499396c
1 changed files with 108 additions and 43 deletions

View File

@ -1,78 +1,143 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<description>zheng-upms</description>
<!-- 会话ID生成器 -->
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<!-- 会话DAO -->
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.MemorySessionDAO">
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<!-- 会话监听器 -->
<bean id="sessionListener" class="com.zheng.upms.server.listener.ShiroSessionListener"/>
<!-- 会话管理器 -->
<bean id="sessionManager" class="org.apache.shiro.session.mgt.DefaultSessionManager">
<property name="globalSessionTimeout" value="1800000"/>
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionDAO" ref="sessionDAO"/>
<property name="sessionListeners">
<list><ref bean="sessionListener"/></list>
</property>
</bean>
<!-- realm实现继承自AuthorizingRealm -->
<bean id="upmsRealm" class="com.zheng.upms.server.realm.UpmsRealm"></bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realms">
<list><ref bean="upmsRealm"/></list>
</property>
<!--<property name="sessionManager" ref="sessionManager"/>-->
<!--<property name="cacheManager" ref="cacheManager"/>-->
</bean>
<!-- Shiro的Web过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/sso/login"/>
<property name="successUrl" value="/manage"/>
<property name="unauthorizedUrl" value="/403"/>
<property name="filters">
<util:map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
<!-- 不需要认证 -->
/ = anon
/swagger-ui.html = anon
/webjars/** = anon
/resources/** = anon
/sso/** = anon
/403 = anon
/druid/**=authc
/sso/logout = logout
<!-- isAuthenticated或RememberMe -->
/druid/**=user
<!-- isAuthenticated -->
/manage/**=authc
</value>
</property>
</bean>
<!-- 设置SecurityUtils -->
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realms">
<list><ref bean="upmsRealm"/></list>
</property>
<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>
<!--<property name="cacheManager" ref="cacheManager"/>-->
</bean>
<!-- realm实现继承自AuthorizingRealm -->
<bean id="upmsRealm" class="com.zheng.upms.server.realm.UpmsRealm"></bean>
<!-- 会话管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- 全局session超时时间,半小时(单位毫秒) -->
<property name="globalSessionTimeout" value="1800000"/>
<!-- 删除无效的session默认为true -->
<property name="deleteInvalidSessions" value="true"/>
<!-- 是否开启session过期检测默认为true -->
<property name="sessionValidationSchedulerEnabled" value="true"/>
<!-- session检测调度器 -->
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<!-- sessionDAO -->
<property name="sessionDAO" ref="sessionDAO"/>
<property name="sessionIdCookieEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
<property name="sessionListeners">
<list><ref bean="sessionListener"/></list>
</property>
</bean>
<!-- 会话验证调度器 -->
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">
<!-- 相隔多久检查一次session的有效性,半小时(单位毫秒) -->
<property name="sessionValidationInterval" value="1800000"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<!-- 会话DAO可重写持久化session -->
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.MemorySessionDAO">
<!--<property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>-->
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<!-- 会话ID生成器 -->
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<!-- 会话Cookie模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<!-- 不会暴露给客户端 -->
<property name="httpOnly" value="true"/>
<!-- 设置Cookie的过期时间秒为单位默认-1表示关闭浏览器时过期Cookie -->
<property name="maxAge" value="-1"/>
<!-- Cookie名称 -->
<property name="name" value="zheng-upms-shiro-sessionId"/>
</bean>
<!-- 会话监听器 -->
<bean id="sessionListener" class="com.zheng.upms.server.listener.ShiroSessionListener"/>
<!-- rememberMe管理器 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度128 256 512 位)-->
<property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
<property name="cookie" ref="rememberMeCookie"/>
</bean>
<!-- rememberMe缓存cookie -->
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="rememberMe"/>
<!-- 不会暴露给客户端 -->
<property name="httpOnly" value="true"/>
<!-- 记住我cookie生效时间30天 -->
<property name="maxAge" value="2592000"/>
</bean>
<!-- cacheManager -->
<!-- 登录表单过滤器 -->
<bean id="formAuthenticationFilter"
class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
<property name="usernameParam" value="username"/>
<property name="passwordParam" value="password"/>
<property name="rememberMeParam" value="rememberMe"/>
<property name="loginUrl" value="/sso/login"/>
</bean>
<!-- 设置SecurityUtils相当于调用SecurityUtils.setSecurityManager(securityManager) -->
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
<!-- Shiro生命周期处理器-->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- @RequiresPermissions注解支持 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<!-- 开启Shiro Spring AOP权限注解@RequiresPermissions的支持 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!-- Shiro生命周期处理器-->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
</beans>