1. The background

In the development process, we may involve multiple scenarios where the application is not distributed. Before, our session was stored in the local cache, but not in the scenario of distributed session

2 Environment Construction

Maven rely on

<! -- Cluster environment, Need to open the comments -- > < the dependency > < groupId > org. Springframework. Session < / groupId > <artifactId>spring-session-data-redis</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-redis</artifactId> </dependency>Copy the code

The configuration file

spring:
  application:
    name: spring-shiro
  redis:
    host:
    port:
    username:
    password:
    lettuce:
      pool:
        max-active:
        min-idle:
        max-idle:
    timeout:
  session:
    store-type: redis
Copy the code

ShiroConfig

@configuration public class ShiroConfig {/** * Session to spring - the session management * / @ Bean public ServletContainerSessionManager ServletContainerSessionManager () {return new ServletContainerSessionManager(); } @Bean("securityManager") public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setCacheManager(new EhCacheManager()); securityManager.setRealm(userRealm); securityManager.setSessionManager(sessionManager); securityManager.setRememberMeManager(null); return securityManager; } @Bean("shiroFilter") public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); shiroFilter.setLoginUrl("/login.html"); shiroFilter.setUnauthorizedUrl("/"); Map<String, String> filterMap = new LinkedHashMap<>(); filterMap.put("/swagger/**", "anon"); filterMap.put("/v2/api-docs", "anon"); filterMap.put("/swagger-ui.html", "anon"); filterMap.put("/webjars/**", "anon"); filterMap.put("/swagger-resources/**", "anon"); filterMap.put("/statics/**", "anon"); /* filterMap.put("/templates/**", "anon"); filterMap.put("/modules/**", "anon"); */ filterMap.put("/login.html", "anon"); filterMap.put("/sys/login", "anon"); filterMap.put("/favicon.ico", "anon"); filterMap.put("/captcha.jpg", "anon"); filterMap.put("/**", "authc"); shiroFilter.setFilterChainDefinitionMap(filterMap); return shiroFilter; } @Bean("lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } / start shiro permissions annotation * * * * @ param securityManager * @ return * / @ Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new  AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; }Copy the code

Problem 3.

3.1 Distributed session also uses cookie. Can I use Hearder?

The answer is yes

HeaderHttpSessionIdResolver

/** * This method is used to separate the front and back ends of the scene by adding x-auth-token to the hearer: sessionID * @return */ @Bean public HttpSessionIdResolver httpSessionIdResolver(){ return HeaderHttpSessionIdResolver.xAuthToken(); }Copy the code

If we look at the source code of Spring-Session, we can find that there are two session processors respectively

  • HttpSessionIdResolver implementation class is: HeaderHttpSessionIdResolver and CookieHttpSessionIdResolver
  • The default value is: CookieHttpSessionIdResolver

Of course we can customize our own sessonIdResolver. Here interested friends can learn by themselves

reference

Blog.csdn.net/chunzhenzyd…

www.cnblogs.com/chenyanbin/…