AI 助理
备案控制台
开发者社区> 问答> 正文

shiro报错 There is no session with id [xxx] ?报错

shiro报错There is no session with id [xxx]  

七月 06, 2015 3:06:03 下午 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet [spring_mvc] in context with path [/Aladdin] threw exception [Request processing failed; nested exception is org.apache.shiro.session.UnknownSessionException: There is no session with id [e32a4c83-45e1-4e0f-809f-2e57851e3c6a]] with root cause
org.apache.shiro.session.UnknownSessionException: There is no session with id [e32a4c83-45e1-4e0f-809f-2e57851e3c6a]
	at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
	at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
	at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206)
	at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
	at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
	at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
	at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipals(DelegatingSubject.java:452)
	at org.apache.shiro.subject.support.DelegatingSubject.<init>(DelegatingSubject.java:111)
	at org.apache.shiro.web.subject.support.WebDelegatingSubject.<init>(WebDelegatingSubject.java:60)
	at org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(DefaultWebSubjectFactory.java:62)
	at org.apache.shiro.mgt.DefaultSecurityManager.doCreateSubject(DefaultSecurityManager.java:369)
	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:344)
	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
	at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
	at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:257)
	at com.word4one.hotel.pc.controller.CommercialController.commercialLogin(CommercialController.java:132)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:380)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)


PS:  本项目是 spring + shiro + mybatis

applicationContext.xml的配置 

	<!-- 初始化认证策略 FirstSuccessfulStrategy:只要有一个Realm验证成功即可,只返回第一个Realm身份验证成功的认证信息,其他的忽略 -->
	<bean id="firstSuccess" class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy"/>
	
	<!-- 设置认证策略 -->
	<bean id="modelAuthricator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
		<property name="authenticationStrategy" ref="firstSuccess"/>
	</bean>
	
	<!-- 继承自AuthorizingRealm的自定义Realm,即指定Shiro验证用户登录的类为自定义的ShiroDbRealm.java -->
	<bean id="commerRealm" class="com.word4one.hotel.realm.CommerRealm"></bean>
	<bean id="sysRealm" class="com.word4one.hotel.realm.SysRealm"></bean>
	<bean id="appRealm" class="com.word4one.hotel.realm.AppRealm"></bean>
	<bean id="saleRealm" class="com.word4one.hotel.realm.SaleRealm"></bean>
	<bean id="factoryUserRealm" class="com.word4one.hotel.realm.FactoryUserRealm"></bean>
	
	<!-- 启用缓存注解功能 -->
    <!-- <cache:annotation-driven cache-manager="cacheManager" /> -->
  	
  	<!-- 缓存管理器 使用Ehcache实现 -->  
	<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">  
	    <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>  
	</bean>
	
	<!-- 配置权限管理器 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		 <!-- 开启shiro session -->
		 <!-- <property name="sessionMode" value="native"/> -->
		 <!-- 配置启用认证策略 -->
		 <property name="authenticator" ref="modelAuthricator"/>
		 <!-- 启用多个realm -->
		 <property name="realms">
		 	<list>
		 		<ref bean="appRealm"/>
		 		<ref bean="commerRealm"/>
		 		<ref bean="sysRealm"/>
		 		<ref bean="saleRealm"/>
		 		<ref bean="factoryUserRealm"/>
			</list>
		 </property>
		 <!-- 启用缓存 -->
		 <property name="cacheManager" ref="cacheManager"/>
		 <!-- 启用会话管理器 -->
		 <property name="sessionManager" ref="sessionManager"/> 
		 <property name="rememberMeManager" ref="rememberMeManager"/>  
	</bean>
	
	<!-- 会话ID生成器 -->
    <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
	
    <!-- 会话Cookie模板 -->
    <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">  
        <constructor-arg value="sid"/>  
        <property name="httpOnly" value="true"/>  
        <property name="maxAge" value="180000"/>  
    </bean>  
  
    <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">  
        <constructor-arg value="rememberMe"/>  
        <property name="httpOnly" value="true"/>  
        <property name="maxAge" value="2592000"/>  
        <!-- 30天 -->  
    </bean>
    
    <!-- rememberMe管理器 -->  
    <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">  
        <property name="cipherKey"  
                  value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>  
        <property name="cookie" ref="rememberMeCookie"/>  
    </bean>  
    
    <!-- 会话DAO -->  
    <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">  
        <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>  
        <property name="sessionIdGenerator" ref="sessionIdGenerator"/>  
    </bean>  
    
    <!-- 会话验证调度器 -->  
    <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">  
        <property name="sessionValidationInterval" value="1800000"/>  
        <property name="sessionManager" ref="sessionManager"/>  
    </bean>
    
    <!-- 会话管理器 -->  
    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">  
        <property name="globalSessionTimeout" value="1800000"/>  
        <property name="deleteInvalidSessions" value="true"/>  
        <property name="sessionValidationSchedulerEnabled" value="true"/>  
        <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>  
        <property name="sessionDAO" ref="sessionDAO"/>  
        <property name="sessionIdCookieEnabled" value="true"/>  
        <property name="sessionIdCookie" ref="sessionIdCookie"/>  
    </bean>
    
	<!--自定义的filter-->
	<bean id="roleOrFilter" class="com.word4one.hotel.filter.MyRolesAuthorizationFilter"></bean>
	
	<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<!-- Shiro的核心安全接口,这个属性是必须的 -->
		<property name="securityManager" ref="securityManager" />
		<!-- 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面 -->
		<!-- ps:检测到未登录(也就是未认证状态时),会被拦截到property中的配置页面 -->
		<!-- <property name="loginUrl" value="/" /> -->
		<!-- 登录成功后要跳转的连接 -->
		<!-- <property name="successUrl" value="/"/> -->
		<!-- 用户访问未对其授权的资源时,所显示的连接 -->
		<!-- ps:检测到角色,权限 不符时,会被拦截到property中配置的页面 -->
		<!-- <property name="unauthorizedUrl" value="/error.do" /> -->
		<property name="unauthorizedUrl" value="/error.jsp" />
		<!-- Shiro连接约束配置,即过滤链的定义 -->
		<!-- 下面value值的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 -->
		<!-- anon:不指定过滤器,不错是这个过滤器是空的,什么都没做,跟没有一样 -->
		<!-- authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
		<property name="filters">  
            <map>  
                <entry key="roleOrFilter" value-ref="roleOrFilter"/>
            </map>
        </property>  
		<property name="filterChainDefinitions">
			<value>
				<!-- 省略... -->
			</value>
		</property>
	</bean>

	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />



web.xml配置 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" 
	xmlns="http://java.sun.com/xml/ns/javaee" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  
  <!-- 防止发生java.beans.Introspector内存泄露,应将它配置在ContextLoaderListener的前面 -->  
  <!-- JDK中的java.beans.Introspector类的用途是发现Java类是否符合JavaBean规范  -->
  <listener>  
  	<listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>  
  </listener> 
  
  <!-- 实例化Spring容器 -->  
  <!-- 应用启动时,该监听器被执行,它会读取Spring相关配置文件,其默认会到WEB-INF中查找applicationContext.xml -->  
  <listener>  
  	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
  </listener> 
  
  <!-- 配置Shiro过滤器,先让Shiro过滤系统接收到的请求 -->
  <!-- 这里filter-name必须对应applicationContext.xml中定义的<bean id="shiroFilter"/> -->
  <!-- 使用[/*]匹配所有请求,保证所有的可控请求都经过Shiro的过滤 -->
  <!-- 通常会将此filter-mapping放置到最前面(即其他filter-mapping前面),以保证它是过滤器链中第一个起作用的 -->
  <filter>
  	<filter-name>shiroFilter</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
  </filter>
  <filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
  </filter-mapping>
  
  <filter>    
    <filter-name>encodingFilter</filter-name>    
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>    
    <init-param>    
        <param-name>encoding</param-name>    
        <param-value>UTF-8</param-value>    
    </init-param>    
    <init-param>    
        <param-name>forceEncoding</param-name>    
        <param-value>true</param-value>    
    </init-param>    
  </filter>    
    
  <filter-mapping>    
  	<filter-name>encodingFilter</filter-name>    
    <url-pattern>/*</url-pattern>    
  </filter-mapping>
  
  <!-- 检测登录过滤器 
  	         检测到未登录状态(为检测到session)拦截回登录首页 -->
  <filter>
  	<filter-name>loginFilter</filter-name>
  	<filter-class>com.word4one.hotel.filter.LoginFilter</filter-class>
  </filter>
  <filter-mapping>
	<filter-name>loginFilter</filter-name>
	<url-pattern>/jsp/system/show.jsp</url-pattern>
  </filter-mapping>
 
  <!-- 注册servlet节点,容器启动时,加载spring框架 -->
  <servlet>
    <servlet-name>spring_mvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <!-- <servlet-class>com.xxx.util.MyDispatcherServlet</servlet-class> 
    	自定义核心控制器  MyDispatcherServelet 继承 DispatcherServlet 用来处理请求编码
    -->
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/applicationContext.xml</param-value>
    </init-param>
  </servlet>
  
  <!-- 注册servlet-mapping节点  设置spring_mvc处理请求类型*.do-->
  <servlet-mapping>
    <servlet-name>spring_mvc</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>

  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  
  <error-page>  
      <error-code>405</error-code>  
      <location>/WEB-INF/405.jsp</location>  
  </error-page>  
  <error-page>  
      <error-code>404</error-code>  
      <location>/WEB-INF/404.jsp</location>  
  </error-page>  
  <error-page>  
      <error-code>500</error-code>  
      <location>/WEB-INF/500.jsp</location>  
  </error-page>
  
</web-app>



controller登录代码片段 

@RequestMapping("/jsp/system/systemUserLogin")
	public String systemUserLogin(SystemUserForm systemUserForm, HttpSession session,
			HttpServletRequest request) {

		System.out.println("系统用户登录...");
		// 失败后的跳转路径
		String resultPageURL = "redirect:/";
		// 接收提交表单项
		String username = systemUserForm.getUsername();
		String password = systemUserForm.getPassword();
		String validatecode = systemUserForm.getValidatecode();
		// 获取session中的验证码
		String checkcode = (String) session.getAttribute("key");
		System.out.println("用户[" + username + "]登录时输入的验证码为[" + validatecode + "],HttpSession中的验证码为[" + checkcode + "]");  
		// 判断验证码是否一致
		if (checkcode != null && checkcode.equalsIgnoreCase(validatecode)) {
			session.removeAttribute("key");
			//生成基于用户名和密码的令牌
			UsernamePasswordToken token = new UsernamePasswordToken(username, AESUtils.encrypt(AESUtils.SEED, password));  
			//token.setRememberMe(true);
		    System.out.println("为了验证登录用户而封装的token为" + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE));  
		    //获取当前的Subject  
	        Subject currentUser = SecurityUtils.getSubject();
	        try {
	        	//尝试登录
	        	currentUser.login(token); 
	        	//验证是否登录成功  
		        if(currentUser.isAuthenticated()){  
		            System.out.println("用户[" + username + "]登录认证通过 ...");
		            return "redirect:/jsp/system/show.jsp";
		        }else{  
		            token.clear(); 
		            return resultPageURL;
		        }
	        }catch(UnknownAccountException uae){  
	            System.out.println("对用户[" + username + "]进行登录验证..验证未通过,未知账户");  
	            request.setAttribute("message_login", "未知账户");  
	        }catch(IncorrectCredentialsException ice){  
	            System.out.println("对用户[" + username + "]进行登录验证..验证未通过,错误的凭证");  
	            request.setAttribute("message_login", "密码不正确");  
	        }catch(LockedAccountException lae){  
	            System.out.println("对用户[" + username + "]进行登录验证..验证未通过,账户已锁定");  
	            request.setAttribute("message_login", "账户已锁定");  
	        }catch(ExcessiveAttemptsException eae){  
	            System.out.println("对用户[" + username + "]进行登录验证..验证未通过,错误次数过多");  
	            request.setAttribute("message_login", "用户名或密码错误次数过多");  
	        }catch(AuthenticationException ae){  
	            //通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景  
	            System.out.println("对用户[" + username + "]进行登录验证..验证未通过,堆栈轨迹如下");  
	            ae.printStackTrace();  
	            request.setAttribute("message_login", "用户名或密码不正确");  
	        }
	        //用户名,密码验证失败跳转...
	        return resultPageURL;
		}
		//验证码失败跳转...
		return resultPageURL;
}



对应realm文件代码片段 

package com.word4one.hotel.realm;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.lang.builder.ReflectionToStringBuilder;
import org.apache.commons.lang.builder.ToStringStyle;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

import com.word4one.hotel.bean.DicBean;
import com.word4one.hotel.bean.Permission;
import com.word4one.hotel.bean.SystemUser;
import com.word4one.hotel.service.DicBeanService;
import com.word4one.hotel.service.PermissionService;
import com.word4one.hotel.service.SystemUserService;
import com.word4one.hotel.util.RoleDescriptionUtil;

public class SysRealm extends AuthorizingRealm{

	@Autowired
	private SystemUserService systemUserService;
	@Autowired
	private DicBeanService dicBeanService;
	@Autowired
	private PermissionService permissionService;
	
	
	
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		
		System.out.println("登录之后,做任何操作-先取得角色权限<为系统用户授权>......");
		//获取当前登录的用户名
		String currentUsername = (String)super.getAvailablePrincipal(principals);
		System.out.println(currentUsername + "...........");
		//创建角色列表集合
		List<String> roleList = new ArrayList<String>();
		System.out.println(roleList + "roleList.......");
		//创建权限列表集合
		List<String> premissionList = new ArrayList<String>();
		System.out.println(roleList + "premissionList........"); 
		
		//授权核心业务逻辑
		try {
			//从数据库中获取当前登录用户的详细信息  
			SystemUser systemUser = systemUserService.getSystemUserByUsername(currentUsername);
			if(systemUser != null){
				//根据role_id判断 系统用户身份:<系统管理员 or 业务员>
				if(systemUser.getRole_id() == RoleDescriptionUtil.ROLE_2){
					System.out.println("正在为<" + systemUser.getUsername() + ">系统管理员---授权中---");
				}else if(systemUser.getRole_id() == RoleDescriptionUtil.ROLE_4){
					System.out.println("正在为<" + systemUser.getUsername() + ">业务员---授权中---");
				}
				//根据当前登录role_id,查询tb_dic得到role
				DicBean dicBean = dicBeanService.getRoleByRoleId(systemUser.getRole_id());
				if(dicBean != null){
					System.out.println("roleName:--" + dicBean.getValue());
					roleList.add(dicBean.getValue());
				}
				//根据当前登录role_id,查询permission得到requestName
				List<Permission> permissions = permissionService.getPermissionByRoleId(systemUser.getRole_id());
				if(permissions.size() != 0){
					for(Permission perm : permissions){
						System.out.println("permissionName:--" + perm.getRequestName());
						premissionList.add(perm.getRequestName());
					}
				}
			}else{
				//throw new AuthorizationException();
				System.out.println("授权用户验证失败,不是系统用户...<<无法授权!!!>>");
			}
			
			System.out.println("-----开始当前用户[" + currentUsername + "]授权-------");
			//为当前用户设置角色和权限  
			SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();  
			simpleAuthorInfo.addRoles(roleList);  
			simpleAuthorInfo.addStringPermissions(premissionList);
			System.out.println("-----结束当前用户[" + currentUsername + "]授权-------");
			return simpleAuthorInfo;
			
		} catch (Exception e) {
			e.printStackTrace();
			//记录日志,系统异常
		}
		// 若该方法什么都不做直接返回null的话,就会导致任何用户访问时都会自动跳转到unauthorizedUrl指定的地址
		// 详见applicationContext.xml中的<bean id="shiroFilter">的配置
		return null;
	}

	
	
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
			
		System.out.println("<-- 系统用户 -->该方法的调用时机为 sys Subject.login()时");
		// 获取基于用户名和密码的令牌
		// 实际上这个authcToken是从SystemUserController里面currentUser.login(token)传过来的
		// 两个token的引用都是一样的
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		System.out.println("<-- 系统用户 -->验证当前Subject时获取到token为" + ReflectionToStringBuilder.toString(token,ToStringStyle.MULTI_LINE_STYLE));
		//验证后台用户登录
		try {
			//封装数据
			SystemUser systemUser = new SystemUser();
			systemUser.setUsername(token.getUsername());
			systemUser.setPassword(new String(token.getPassword()));
			//后台用户登录
			SystemUser sysUser = systemUserService.getSystemUserByUsernameAndPwd(systemUser);
			if(sysUser != null){
				AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(sysUser.getUsername(),sysUser.getPassword(),this.getName());
				System.out.println("后台用户: " + sysUser.getUsername() + "认证成功...");
				systemUserService.modifyLasttime2SystemUser(sysUser);
				System.out.println("后续数据初始化成功...");
				this.setSession("sysUser", sysUser);
				return authcInfo;
			}else{
				// 没有返回登录用户名对应的SimpleAuthenticationInfo对象时,就会抛出UnknownAccountException异常
				System.out.println("后台用户登录败以后走的这里...");
				return null;
			}
		} catch(SQLException sqlException){
			sqlException.printStackTrace();
			//记录日志,系统异常,数据库异常
		} catch (Exception e) {
			e.printStackTrace();
			//记录日志,系统异常
		}
		return null;
	}

	/**
	 * @author yh
	 * time : 2014-11-24
	 * content :
	 * 将一些数据放到ShiroSession中,以便于其它地方使用
	 * 在Controller中,使用时直接用HttpSession.getAttribute(key)就可以取到
	 */
	private void setSession(Object key, Object value) {
		Subject currentUser = SecurityUtils.getSubject();
		if (null != currentUser) {
			Session session = currentUser.getSession();
			System.out.println("Session默认超时时间为[" + session.getTimeout() + "]毫秒");
			if (null != session) {
				session.setAttribute(key, value);
			}
		}
	}
}




小生实在搞不明白,shiro中的session会话. 

在不启用session会话配置时,程序运行一切正常.

若使用shiro 中的 session会话,为何启用就会报错.

不明白其中原理.

展开
收起
爱吃鱼的程序员 2020-06-14 14:52:58 897 0
1 条回答
写回答
取消 提交回答
  • 爱吃鱼的程序员
    https://developer.aliyun.com/profile/5yerqm5bn5yqg?spm=a2c6h.12873639.0.0.6eae304abcjaIB

    Sessionsession=currentUser.getSession();

    这里的session是否是shironative的session

    这里的session是否是shironative的session??

    什么意思!!

    shiro本身的bug

    有解么。。。
    请问这个问题解决了吗?如何解决的?可以分享下吗 shiro本身的bug

    确认一下是不是这个问题导致的:

    https://www.v2ex.com/t/56219

    这个也许对你有点用:

    解决方法:

    <beanid="sessionManager"class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
          <!--设置session过期时间为1小时(单位:毫秒),默认为30分钟-->
          <propertyname="globalSessionTimeout"value="3600000"></property>
          <propertyname="sessionValidationSchedulerEnabled"value="true"></property>
           <propertyname="sessionIdCookie">
           <beanclass="org.apache.shiro.web.servlet.SimpleCookie">
             <propertyname="name"value="JSESSID"/>
           </bean>
         </property>
       </bean>

    2020-06-14 14:53:16
    赞同 展开评论 打赏
问答分类:
XML 缓存 Java 数据库连接 数据库 数据安全/隐私保护 数据格式 Spring 容器 mybatis 日志服务
问答地址:
开发者社区 > 开发与运维 > 问答

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关问答
请问 sql-Client写入es 需要账号密码 怎么配置呢 username password ?
366
0
0
user的代码是什么呢?
997
1
0
  CREATE TABE USER的作用是什么?
530
1
0
session方法执行CRUD操作db.session.add的作用是什么?
382
1
0
XML提示的配置(User Specified Entries,)报错如何解决?
575
1
0
spring JPA 查询正常,但是em.persist(user)无效,但不报错?报错
820
1
0
jfinal insert时报错. 当indentity_insert设置为of?报错
403
1
0
Cannot create a session after the respon?报错
413
1
0
shiro报错UsernamePasswordToken ClassCastE?400报错
714
1
0
spring 提示 No property delete found for t?报错
760
1
0
问答排行榜
最热
最新
1 【大咖问答】对话PostgreSQL 中国社区发起人之一,阿里云数据库高级专家 德哥 1818758
2 据说在家办公的程序员是这样写代码的? 1792775
3 阿里云开放端口权限 690123
4 如何升级配置 536198
5 【藏经阁一起读(27)】本周推荐《Apache Flink案例集(2022版)》,你有哪些心得? 522667
6 【精品问答】python技术1000问(1) 514070
7 Flink Forward Asia 2021 有奖问答 512865
8 OceanBase 使用动画(持续更新) 359333
9 阿里云LNAMP(Linux + Nginx + Apache + MySQL + PHP)环境一键安装脚本 329774
10 OSS存储服务-客户端工具 321478
11 为体验实验室取一个新名字。 307410
12 企业邮箱发送邮件时,若出现投递失败产生退信,内容提示包含如下: the mta server of * reply:550 failed to meet SPF requirements 或者 the mta server of 163.com — 163mx01.mxmail.netease.com(220.181.14.141) reply:550 MI:SPF mx14,QMCowECpA0qTiftVaeB3Cg—.872S2 1442548128 http://mail.163.com/help 304003
13 Win Server 2003-2016 加密勒索事件必打补丁合集 295276
14 FLASH播放器,在IE浏览器下显示请确定您的域名已完成备案和CNAME绑定 284061
15 安全组详解,新手必看教程 277311
16 写code还是做管理,开发者如何进行职业规划? 268887
17 惊喜翻倍:免费ECS+免费环境配置~!(ECS免费体验6个月活动3月31日结束) 255861
18 阿里云手机和阿云浏览器连接问题专帖 235670
19 请问阿里云邮箱如何开启SMTP服务啊! 225775
20 一个备案号,如何备案多个域名? 223605
1 我在云栖做动手,一起参与吗? 460
2 99元云服务器,你最pick哪种新玩法? 2743
3 全天候24小时无所不知AI助手是如何炼成的? 1403
4 阿里云百炼的data = json.loads(json_string)是什么意思呀? 333
5 modelscope-funasr的FunClip怎么安装的? 328
6 在钉钉中自定义机器人发送消息返回,这个限流是企业级别的还是机器人的? 375
7 部署了Nacos2.4.0,开启鉴权,用管理员账号,修密码,就报401错误,啥原因呀? 340
8 使用无影云电脑玩黑神话悟空,Mac笔记本可以吗? 456
9 Nacos 配置鉴权后,用户就变成这个了,unknown user!为什么? 292
10 快速开始nacos时遇到的,这是什么原因? 436
11 k8s集群nacos2.2.3升级到nacos2.4.1方法? 404
12 nacos2.4.1版本,客户端可以正常连接,但是服务列表没有服务。这是为什么? 519
13 nacos开启鉴权后是只影响管理台操作的鉴权吗?客户端获取配置时候是否也需要鉴权? 242
14 加载nacos配置时,偶尔会返回 user not found! 这个错误是什么引起的? 289
15 nacos从2.3.1升级到2.4.1后,服务列表菜单不显示注册服务,接口报错503为什么? 296
16 Nacos Jraft 任意文件读写漏洞怎么解决? 641
17 nacos升级到2.4.1 maven依赖服务注册服务发现改为什么版本? 471
18 nacos2.4.1与他俩的版本兼容吗? 409
19 在Nacos中,本地缓存怎么关闭? 198
20 nacos2.4.1应使用哪个版本的maven搭配jdk哪个版本打包? 350
推荐问答
乘风问答官招募中!机械键盘免费拿

相关文章

  • Java中的异常处理:不仅仅是try-catch
  • 网络安全的盾牌与剑:漏洞防御与加密技术解析
  • C/S架构与B/S架构的适用场景分析
  • 自动化测试的利剑:Selenium WebDriver入门与实践
  • Java中的多线程基础与实践

    • 相关电子书

    更多
    • Apache Wicket User Guide - Ref 立即下载
    低代码开发师(初级)实战教程 立即下载
    阿里巴巴DevOps 最佳实践手册 立即下载