Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SpringBoot系列之—Apache Shiro整合 #50

Open
johnnian opened this issue Feb 28, 2018 · 0 comments
Open

SpringBoot系列之—Apache Shiro整合 #50

johnnian opened this issue Feb 28, 2018 · 0 comments
Labels
Java Web

Comments

@johnnian
Copy link
Owner

johnnian commented Feb 28, 2018
edited
Loading

Shiro基础概念

备注: 对于过滤器,user & authc 的区别如下:

user: 参考链接

Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal. This means that any user who is authenticated or remembered via a 'remember me' feature will be allowed access from this filter.
If the accessor is not a known user, then they will be redirected to the loginUrl

authc: 参考链接

Requires the requesting user to be authenticated for the request to continue, and if they are not, forces the user to login via by redirecting them to the loginUrl you configure.

user过滤器,只要用户已经登录过,或者是通过rememberMe的方式登录的,都允许访问;

authc过滤器,要求用户必须授权,一些重要的接口,如支付等,可以设置使用该过滤器;

SpringBoot整合Shiro

1、基础整合

2、CacheManager: EhCache

Ehcache Java 本地缓存的加入,可以大大提高效率,不用每次授权都查询数据库;

3、SessionManager: Redis

PS: 使用Redis做Session管理,有个问题,就是刷新后台的一个页面,会来回调用很多次Redis,这个是有问题的,找到一些解决方法:

补充: 目前对于频繁update sesion的问题,我的处理方法如下:

1). 对于 RedisSessionDao中的doUpdate,不做任何处理;

    /**
     * 刷新session: 不做任何处理
     */
    @Override
    protected void doUpdate(Session session) {     
        super.doUpdate(session);
    }

2). 使用SpringBoot的拦截器,拦截所有请求,并且判断当前用户是否登录,如果已经登录,则手动刷新Session(Redis中对应的Key增加有效时间),这样就可以大大减少Shiro频繁更新session的问题了;

4、Shiro-Thymeleaf标签

5、自定义错误页面

整合Shiro之后,访问错误资源的时候,默认的错误页面如下:

qq20180305-154024 2x

SpringBoot可以自定义配置错误页面,错误页面目录结构需要符合下面结构:

src/
 +- main/
     +- java/
     |   + <source code>
     +- resources/
         +- public/
             +- error/
             |   +- 404.html
             +- <other public assets>

同时,SpringBoot需要配置下面的Bean:

	@Bean
	public EmbeddedServletContainerCustomizer containerCustomizer() {
	    return new EmbeddedServletContainerCustomizer() {
			@Override
			public void customize(ConfigurableEmbeddedServletContainer container) {
				 ErrorPage error404Page = new ErrorPage(HttpStatus.NOT_FOUND, "/error/404.html");
				 ErrorPage error500Page = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/error/500.html");
				 container.addErrorPages(error404Page);
				 container.addErrorPages(error500Page);
			}
	    };
	}

具体,参考下面链接:
@johnnian johnnian changed the title SpringBoot系列之Shiro整合 SpringBoot系列之—Apache Shiro整合 Feb 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Java Web
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@johnnian