1. 首页
  2. 问答
  3. Shiro会话超时不起作用

Shiro会话超时不起作用

2016-09-29 85 views
0

我希望我的shiro会话在用户登录系统1分钟后过期,但有一些问题,当我第一次登录我的应用程序时,一切正常,但它不是转发到我的登录页面,当我尝试在1分钟后第二次登录。一切都在我的applicationContext-shiro.xml位置,我也设置会话超时在我的web.xml too.I想要一些帮助,无论如何。Shiro会话超时不起作用

的applicationContext-shiro.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" 
     default-lazy-init="true"> 

    <description>Shiro Configuration</description> 

    <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/> 

    <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> 
     <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/> 
     <property name="sessionIdGenerator" ref="sessionIdGenerator"/> 
    </bean> 

    <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> 
     <property name="sessionValidationInterval" value="60000"/> 
     <property name="sessionManager" ref="sessionManager"/> 
    </bean> 

    <bean id="sessionManager" class="org.apache.shiro.session.mgt.DefaultSessionManager"> 
     <property name="globalSessionTimeout" value="60000"/> 
     <property name="deleteInvalidSessions" value="true"/> 
     <property name="sessionValidationSchedulerEnabled" value="true"/> 
     <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/> 
     <property name="sessionDAO" ref="sessionDAO"/> 
    </bean> 

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 
     <property name="realm" ref="shiroDbRealm"/> 
     <property name="cacheManager" ref="cacheManager"/> 
    </bean> 

    <bean id="shiroDbRealm" class="com.aspire.cms.service.impl.ShiroDbRealm"> 
    </bean> 

    <!-- Shiro Filter --> 
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
     <property name="securityManager" ref="securityManager"/> 
     <property name="loginUrl" value="/login"/> 
     <property name="successUrl" value="/main"/> 
     <!-- <property name="unauthorizedUrl"></property>--> 
     <property name="filterChainDefinitions"> 
      <value> 
       /login = authc 
       /ajaxLogin = anon 
       /logout = logout 
       /static/** = anon 
       /** = user 
      </value> 
     </property> 
    </bean> 

    <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/> 

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 

    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" 
      depends-on="lifecycleBeanPostProcessor"> 
     <property name="proxyTargetClass" value="true"/> 
    </bean> 

    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 
     <property name="securityManager" ref="securityManager"/> 
    </bean> 
</beans>

的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       xmlns:web="http://java.sun.com/xml/ns/javaee" 
       xmlns="http://java.sun.com/xml/ns/javaee" 
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
       http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="migucms" version="2.5"> 
    <context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
      classpath*:/applicationContext-shiro.xml 
      classpath*:/applicationContext.xml 
      </param-value> 
    </context-param> 
    <listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 
    <context-param> 
    <param-name>log4jConfigLocation</param-name> 
    <param-value>classpath:log4j.properties</param-value> 
    </context-param> 
    <listener> 
    <listener-class> 
      org.springframework.web.util.Log4jConfigListener 
      </listener-class> 
    </listener> 
    <filter> 
    <filter-name>encodingFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
     <param-name>encoding</param-name> 
     <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
     <param-name>forceEncoding</param-name> 
     <param-value>true</param-value> 
    </init-param> 
    </filter> 
    <filter-mapping> 
    <filter-name>encodingFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <filter> 
    <filter-name>shiroFilter</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    <init-param> 
     <param-name>targetFilterLifecycle</param-name> 
     <param-value>true</param-value> 
    </init-param> 
    </filter> 
    <filter-mapping> 
    <filter-name>shiroFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
    <dispatcher>REQUEST</dispatcher> 
    </filter-mapping> 
    <servlet> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>classpath*:/mvc-dispatcher-servlet.xml</param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <url-pattern>/</url-pattern> 
    </servlet-mapping> 
    <session-config> 
    <session-timeout>1</session-timeout> 
    </session-config> 
</web-app>

的LoginController

package com.aspire.cms.controller; 

import java.io.IOException; 

import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

import org.apache.shiro.SecurityUtils; 
import org.apache.shiro.authc.AuthenticationException; 
import org.apache.shiro.authc.IncorrectCredentialsException; 
import org.apache.shiro.authc.LockedAccountException; 
import org.apache.shiro.authc.UnknownAccountException; 
import org.apache.shiro.authc.UsernamePasswordToken; 
import org.apache.shiro.subject.Subject; 
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; 
import org.springframework.stereotype.Controller; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RequestMethod; 
import org.springframework.web.bind.annotation.RequestParam; 
import org.springframework.web.bind.annotation.ResponseBody; 
import org.springframework.web.servlet.ModelAndView; 

@Controller 
public class LoginController { 

    //private static final Logger logger = LoggerFactory.getLogger(LoginController.class); 
    /** GET 
    * @throws IOException */ 
    @RequestMapping(value = "/login", method = RequestMethod.GET) 
    public String login(HttpServletRequest request, HttpServletResponse response) throws IOException { 
     if (SecurityUtils.getSubject().isAuthenticated()) { 
      response.sendRedirect(request.getContextPath() + "/main"); 
     } 

     return "login"; 
    } 

    @RequestMapping(value = "/login", method = RequestMethod.POST) 
    public ModelAndView fail(@RequestParam(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM) String userName, String password) { 
     ModelAndView mav = new ModelAndView("login"); 
     mav.addObject(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, userName); 

     return mav; 
    } 

    @RequestMapping(value = "/ajaxLogin", method = RequestMethod.POST) 
    public @ResponseBody Object ajaxLogin(HttpServletRequest request, HttpServletResponse response, 
               @RequestParam String username, @RequestParam String password, 
               @RequestParam boolean rememberMe){ 

     Subject currentUser = SecurityUtils.getSubject(); 
     String success = "true"; 
     if (!currentUser.isAuthenticated()) { 
      UsernamePasswordToken token = new UsernamePasswordToken(username, password); 
      token.setRememberMe(rememberMe); 
      try{ 
       currentUser.login(token); 
//    SecurityUtils.getSubject().getSession().setTimeout(60000); 
       success = "true"; 
      } catch(UnknownAccountException ex) { 
       success = "1100"; 
      } catch(IncorrectCredentialsException ex) { 
       success = "1101"; 
      } catch(LockedAccountException ex) { 
       success = "1102"; 
      } catch(AuthenticationException ex) { 
       success = "1103"; 
      } 
     } 
     //Session session = SecurityUtils.getSubject().getSession(false); 
     return success; 

    } 

    @RequestMapping(value = "/isAuthenticated", method = RequestMethod.GET) 
    public @ResponseBody boolean isAuthenticated() { 
     Subject subject = SecurityUtils.getSubject(); 
     boolean isAuthenticated = subject.isAuthenticated(); 

     return isAuthenticated; 
    } 
}

来源

2016-09-29 Aezio

回答

0

您可能需要添加: <property name="sessionManager" ref="sessionManager"/>securityManager豆。

来源

2016-09-29 20:08:07

+0

谢谢任何​​方式。我尝试了你说的方式,但它不起作用。我应该再写一些代码来判断shiro会话是否过期了吗? – Aezio

+0

是否调用QuartzSessionValidationScheduler.enableSessionValidation()?如果打开调试日志记录,您应该看到类似于以下内容的日志消息: '使用Quartz调度会话验证作业...' (也请确保您使用的是最新的Shiro版本) –

相关问题

 相关问题