shrio 配置ehcache 启动报错,一直报cacheManager匹配不对

ehcache.xml配置:
<?xml version="1.0" encoding="UTF-8"?>
xsi:noNamespaceSchemaLocation="ehcache.xsd"
updateCheck="false" monitoring="autodetect"
dynamicConfig="true" name="shiroCache">



<!-- ==========当内存缓存中对象数量超过maxElementsInMemory时,将缓存对象写到磁盘缓存中(需对象实现序列化接口)

* ==用来配置磁盘缓存使用的物理路径,Ehcache磁盘缓存使用的文件后缀名是*.data和*.index

* name=================缓存名称,cache的唯一标识(ehcache会把这个cache放到HashMap里)

* maxElementsOnDisk====磁盘缓存中最多可以存放的元素数量,0表示无穷大

* maxElementsInMemory==内存缓存中最多可以存放的元素数量,若放入Cache中的元素超过这个数值,则有以下两种情况

* 1)若overflowToDisk=true,则会将Cache中多出的元素放入磁盘文件中

* 2)若overflowToDisk=false,则根据memoryStoreEvictionPolicy策略替换Cache中原有的元素

* eternal==============缓存中对象是否永久有效,即是否永驻内存,true时将忽略timeToIdleSeconds和timeToLiveSeconds

* timeToIdleSeconds====缓存数据在失效前的允许闲置时间(单位:秒),仅当eternal=false时使用,默认值是0表示可闲置时间无穷大,此为可选属性

* 即访问这个cache中元素的最大间隔时间,若超过这个时间没有访问此Cache中的某个元素,那么此元素将被从Cache中清除

* timeToLiveSeconds====缓存数据在失效前的允许存活时间(单位:秒),仅当eternal=false时使用,默认值是0表示可存活时间无穷大

* 即Cache中的某元素从创建到清楚的生存时间,也就是说从创建开始计时,当超过这个时间时,此元素将从Cache中清除

* overflowToDisk=======内存不足时,是否启用磁盘缓存(即内存中对象数量达到maxElementsInMemory时,Ehcache会将对象写到磁盘中)

* 会根据标签中path值查找对应的属性值,写入磁盘的文件会放在path文件夹下,文件的名称是cache的名称,后缀名是data

* diskPersistent=======是否持久化磁盘缓存,当这个属性的值为true时,系统在初始化时会在磁盘中查找文件名为cache名称,后缀名为index的文件

* 这个文件中存放了已经持久化在磁盘中的cache的index,找到后会把cache加载到内存

* 要想把cache真正持久化到磁盘,写程序时注意执行net.sf.ehcache.Cache.put(Element element)后要调用flush()方法

* diskExpiryThreadIntervalSeconds==磁盘缓存的清理线程运行间隔,默认是120秒

* diskSpoolBufferSizeMB============设置DiskStore(磁盘缓存)的缓存区大小,默认是30MB

* memoryStoreEvictionPolicy========内存存储与释放策略,即达到maxElementsInMemory限制时,Ehcache会根据指定策略清理内存

* 共有三种策略,分别为LRU(最近最少使用)、LFU(最常用的)、FIFO(先进先出) -->

<!-- 注意,以下缓存是永久有效,是系统初始化数据到缓存中,如果不需要永久有效,请另写,或在 -->

 <defaultCache eternal="false" maxElementsInMemory="10000"
   overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="0"
   timeToLiveSeconds="600" memoryStoreEvictionPolicy="LRU" />

 <cache name="baseCache" eternal="false" maxElementsInMemory="1000"
   overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="0"
   timeToLiveSeconds="300" memoryStoreEvictionPolicy="LRU" />       

<!-- 登录记录缓存 锁定10分钟 -->
<cache name="passwordRetryCache"
maxEntriesLocalHeap="2000"
       eternal="false"
       timeToIdleSeconds="600"
       timeToLiveSeconds="0"
       overflowToDisk="false"
       statistics="true">
</cache>

<cache name="authorizationCache" 
maxEntriesLocalHeap="2000"
       eternal="false"
       timeToIdleSeconds="1800" 
       timeToLiveSeconds="0" 
       overflowToDisk="false"
       statistics="true">
</cache>

<cache name="authenticationCache" 
        maxEntriesLocalHeap="2000"
       eternal="false"
       timeToIdleSeconds="1800" 
       timeToLiveSeconds="0" 
       overflowToDisk="false"
       statistics="true">
</cache>

<cache name="shiro-activeSessionCache"
maxEntriesLocalHeap="2000"
       eternal="false"
       timeToIdleSeconds="1800" 
       timeToLiveSeconds="0" 
       overflowToDisk="false"
       statistics="true">
</cache>            

spring-shiro.xml 配置

<?xml version="1.0" encoding="UTF-8"?>
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-lazy-init="true" default-autowire="byName">

<description>Shiro Configuration</description>
<!-- SHIRO CONFIG START -->
<!-- 定义密码加密算法及迭代次数 -->
<bean id="passwordHelper" class="com.leadbank.bcms.utils.PasswordHelper">
    <property name="algorithmName" value="md5" />
    <property name="hashIterations" value="2" />
</bean>

<!-- 缓存管理器 使用Ehcache实现-->  
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">  
    <property name="cacheManager" ref="ehCacheManager"/>  
</bean>  
<bean id="ehCacheManager" class ="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">  
    <property name="configLocation" value="classpath:spring/ehcache.xml" />  
    <property name="shared" value="true"></property>  
</bean> 

<!-- 凭证匹配器 -->  
<bean id="credentialsMatcher"
    class="com.leadbank.bcms.controller.shiro.credential.RetryLimitHashedCredentialsMatcher">
    <constructor-arg ref="cacheManager" />
    <property name="hashAlgorithmName" value="md5" />
    <property name="hashIterations" value="2" />
    <property name="storedCredentialsHexEncoded" value="true" />
</bean>

<bean id="userService" class="com.leadbank.bcms.service.user.impl.UserServiceImpl" />

<!-- 項目自定义的Realm -->
<bean id="myShiroRealm" class="com.leadbank.bcms.controller.shiro.MyshiroRealm" >
    <property name="userService" ref="userService" />
    <property name="credentialsMatcher" ref="credentialsMatcher" />
    <property name="cachingEnabled" value="true" />
    <property name="authenticationCachingEnabled" value="true" />
    <property name="authenticationCacheName" value="authenticationCache" />
    <property name="authorizationCachingEnabled" value="true" />
    <property name="authorizationCacheName" value="authorizationCache" />
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realms">  
        <list><ref bean="myShiroRealm"/></list>  
    </property>
    <property name="sessionManager" ref="sessionManager"/>  
    <property name="cacheManager" ref="cacheManager"/>  
    <property name="rememberMeManager" ref="rememberMeManager"/>
</bean>

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager" />       
    <property name="loginUrl" value="/login/loginIndex" />      
    <property name="successUrl" value="/backstage/index" /> 
    <property name="unauthorizedUrl" value="/login/loginIndex" />
    <property name="filterChainDefinitions">
        <!-- anon:匿名拦截器,即不需要登录即可访问;一般用于静态资源过滤
             authc:如果没有登录会跳到相应的登录页面登录
             user:用户拦截器,用户已经身份验证/记住我登录的都可 -->
        <value>
     <!--       /static/js/system/login/**  = anon
        /static/js/system/**        = authc
        /static/**                  = anon
        /favicon.ico                = anon
        /verifyCode/**              = anon
        /system_login               = anon
        /weixin/**                  = anon
        /upload/**                  = anon
        /**                         = authc 
        /static/**/**               = anon-->
        <!-- /test/toManagerIndex       = roles[mg_001] -->
        /** = anon
        </value>
    </property>
</bean>

  <!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
    <property name="proxyTargetClass" value="true" />
</bean>

<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

启动报错 如下:
2016/09/07-17:59:41.148 [localhost-startStop-1] ERROR o.s.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroFilter' defined in URL [file:/E:/apache-tomcat-7.0.68/wtpwebapps/leadbank-bcms-manage/WEB-INF/classes/spring/spring-shiro.xml]: Cannot resolve reference to bean 'securityManager' while setting bean property 'securityManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityManager' defined in URL [file:/E:/apache-tomcat-7.0.68/wtpwebapps/leadbank-bcms-manage/WEB-INF/classes/spring/spring-shiro.xml]: Cannot resolve reference to bean 'myShiroRealm' while setting bean property 'realms' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myShiroRealm' defined in URL [file:/E:/apache-tomcat-7.0.68/wtpwebapps/leadbank-bcms-manage/WEB-INF/classes/spring/spring-shiro.xml]: Cannot resolve reference to bean 'credentialsMatcher' while setting bean property 'credentialsMatcher'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'credentialsMatcher' defined in URL [file:/E:/apache-tomcat-7.0.68/wtpwebapps/leadbank-bcms-manage/WEB-INF/classes/spring/spring-shiro.xml]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.apache.shiro.cache.Cache]: Could not convert constructor argument value of type [org.apache.shiro.cache.ehcache.EhCacheManager] to required type [org.apache.shiro.cache.Cache]: Failed to convert value of type 'org.apache.shiro.cache.ehcache.EhCacheManager' to required type 'org.apache.shiro.cache.Cache'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [org.apache.shiro.cache.ehcache.EhCacheManager] to required type [org.apache.shiro.cache.Cache]: no matching editors or conversion strategy found

1个回答

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
shiro整合ehcache总是报错

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityManager' defined in class path resource [spring/spring-shiro.xml]: Cannot resolve reference to bean 'sessionManager' while setting bean property 'sessionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionManager' defined in class path resource [spring/spring-shiro.xml]: Initialization of bean failed; nested exception is org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'net.sf.ehcache.CacheManager' to required type 'org.apache.shiro.cache.CacheManager' for property 'cacheManager'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [net.sf.ehcache.CacheManager] to required type [org.apache.shiro.cache.CacheManager] for property 'cacheManager': no matching editors or conversion strategy found Caused by: java.lang.IllegalStateException: Cannot convert value of type [net.sf.ehcache.CacheManager] to required type [org.apache.shiro.cache.CacheManager] for property 'cacheManager': no matching editors or conversion strategy found

shiro整合ehcache时报错

shiro整合ehcache application-shiro.xml中相关配置: ``` <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="userRealm" /> <!-- 注入缓存管理器 --> <property name="cacheManager" ref="cacheManager"/> <!-- 注入session管理器 --> <property name="sessionManager" ref="sessionManager" /> </bean> <!-- 缓存管理器 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:pvf-shiro-ehcache.xml"/> </bean> ``` pvf-shiro-ehcache.xml ``` <ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd" updateCheck="false"> <!--diskStore:缓存数据持久化的目录 地址 --> <diskStore path="java.io.tmpdir"/> <defaultCache maxElementsInMemory="1000" maxElementsOnDisk="10000000" eternal="false" overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="120" timeToLiveSeconds="120" diskExpiryThreadIntervalSeconds="120" memoryStoreEvictionPolicy="LRU"> </defaultCache> </ehcache> ``` 项目启动时报错: Caused by: java.lang.IllegalStateException: Cannot convert value of type [org.apache.shiro.cache.ehcache.EhCacheManager] to required type [net.sf.ehcache.CacheManager] for property 'cacheManager': no matching editors or conversion strategy found at org.springframework.beans.TypeConverterDelegate.convertIfNecessary(TypeConverterDelegate.java:231) at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:447) ... 53 more

shiro和spring集成时session管理器超时时间问题

这是我的配置文件,我配置了并发人数控制和动态权限过滤,然后session超时时间这里也是配置了的,然后并没有什么鸟用,在登录以后获取超时时间也是正常的,但还是1分钟就过期了。 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="targetObject" ref="shiroFilter"/> <property name="targetMethod" value="setFilterChainResolver"/> <property name="arguments" ref="filterChainResolver"/> </bean> <bean id="filterChainResolver" class="com.sfkj.platform.shiro.CustomPathMatchingFilterChainResolver"> <property name="customDefaultFilterChainManager" ref="filterChainManager"/> </bean> <bean id="filterChainManager" class="com.sfkj.platform.shiro.CustomDefaultFilterChainManager"> <property name="loginUrl" value="/index/redirect.html"/> <property name="successUrl" value="/index/redirect.html"/> <property name="unauthorizedUrl" value="/index/unauthorizedUrl.html"/> <property name="customFilters"> <util:map> <entry key="kickout" value-ref="kickoutSessionControlFilter"/> <entry key="sysUser" value-ref="sysUserFilter"/> </util:map> </property> <property name="defaultFilterChainDefinitions"> <value> <!-- /login = authc /logout = logout /unauthorized.jsp = authc /** = user,sysUser --> /admin/**=kickout /** =anon </value> </property> </bean> <bean id="sysUserFilter" class="com.sfkj.platform.shiro.SysUserFilter"/> <bean id="kickoutSessionControlFilter" class="com.sfkj.platform.shiro.KickoutSessionControlFilter"> <property name="cacheManager" ref="cacheManager"/> <property name="sessionManager" ref="sessionManager"/> <property name="kickoutAfter" value="false"/> <property name="maxSession" value="1"/> <property name="kickoutUrl" value="/index/kickoutUrl.html"/> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="userRealm" /> <property name="cacheManager" ref="cacheManager" /> <property name="sessionManager" ref="sessionManager"/> </bean> <bean id="userRealm" class="com.sfkj.platform.shiro.UserRealm"/> <!-- 缓存管理器 使用Ehcache实现 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="ehCacheManager"/> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/> </bean> <bean id="ehCacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> <!-- 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="604800000"/> <property name="deleteInvalidSessions" value="true"/> <property name="sessionValidationSchedulerEnabled" value="true"/> <!-- <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/> --> <property name="sessionDAO" ref="sessionDAO"/> <property name="sessionIdCookieEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> </bean> <!-- 会话验证调度器 --> <!--<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> <property name="sessionValidationInterval" value="1800000"/> <property name="sessionManager" ref="sessionManager"/> </bean> --> <!-- 会话DAO --> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/> <property name="sessionIdGenerator" ref="sessionIdGenerator"/> </bean> <!-- 会话ID生成器 --> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/> <!-- 会话Cookie模板 --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="sid"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="-1"/> </bean> <!-- Shiro生命周期处理器--> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> </beans> ``` ``` <ehcache updateCheck="false" name="shiroCache"> <cache name="authorizationCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="604800" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="authenticationCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="604800" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="shiro-activeSessionCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="604800" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="shiro-kickout-session" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="604800" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> </ehcache> ``` ```

Shiro缓存问题,Spring整合Shiro

Spring+Mybatis+Shiro整合时,shiro第一次验证身份通过后,后续验证都不生效,必须清除浏览器缓存才可生效,请问这是为什么呢?

springmvc和shiro整合时出错

新手在学习springmvc整合shiro,但是搞了好久都没解决这个问题,特地上来问一下。 报错的具体内容: ``` Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroFilter' defined in class path resource [applicationContext.xml]: Cannot resolve reference to bean 'securityManager' while setting bean property 'securityManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityManager' defined in class path resource [applicationContext.xml]: Cannot resolve reference to bean 'jdbcRealm' while setting bean property 'realm'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdbcRealm' defined in class path resource [applicationContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.workpanorama.handlers.ShiroRealm]: Constructor threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroFilter' defined in class path resource [applicationContext.xml]: Cannot resolve reference to bean 'securityManager' while setting bean property 'securityManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityManager' defined in class path resource [applicationContext.xml]: Cannot resolve reference to bean 'cacheManager' while setting bean property 'cacheManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cacheManager' defined in class path resource [applicationContext.xml]: Initialization of bean failed; nested exception is org.springframework.beans.FatalBeanException: Error initializing bean [cacheManager]; nested exception is org.apache.shiro.cache.CacheException: net.sf.ehcache.CacheException: Another unnamed CacheManager already exists in the same VM. Please provide unique names for each CacheManager in the config or do one of following: 1. Use one of the CacheManager.create() static factory methods to reuse same CacheManager with same name or create one if necessary 2. Shutdown the earlier cacheManager before creating new one with same name. ```

关于shiro的问题,会话管理器配置了 但是没有效果

这个是spring ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"> <bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor"></bean> <bean id="systemAuthorizingRealm" class="cn.ojama.MyRealm" /> <bean id="adminSecurityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="systemAuthorizingRealm" /> <property name="cacheManager" ref="cacheManager" /> </bean> <!-- 缓存管理器 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml" /> </bean> <bean id="adminShiroFilterFactoryBean" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="adminSecurityManager" /> <property name="loginUrl" value="/login.jsp" /> <!--<property name="successUrl" value="/admin/entry/index"/> --> <property name="successUrl" value="/admin/index.jsp"></property> <property name="unauthorizedUrl" value="/login.jsp" /> <property name="filterChainDefinitions"> <value> /logout.ojama = logout /admin/index.jsp = perms[user:create] /admin/** = authc </value> </property> </bean> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="sha-1" /> <property name="hashIterations" value="1" /> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="systemAuthorizingRealm" /> <property name="sessionManager" ref="sessionManager"/> </bean> <!-- 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <!-- session的失效时长,单位毫秒 --> <property name="globalSessionTimeout" value="10000"/> <!-- 删除失效的session --> <property name="deleteInvalidSessions" value="true"/> </bean> </beans> ``` 这个是web.xml ``` <?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <!-- 配置 Spring --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:application-shiro.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- 配置shiro过滤器 注意:默认情况下filter-name必须和ShiroFilterFactoryBean实例化的id一样 比如:现在filter-name是:shiroFilter 在通过spring自动注入时配置的ShiroFilterFactoryBean的id也必须是shiroFilter 或者可以通过指定targetBeanName参数定义ShiroFilterFactoryBean的id --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetBeanName</param-name> <param-value>adminShiroFilterFactoryBean</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <description>This is the description of my J2EE component</description> <display-name>This is the display name of my J2EE component</display-name> <servlet-name>Servlet</servlet-name> <servlet-class>cn.ojama.Servlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>Servlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> <!-- Spring字符集过滤器 --> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app> ``` 这个是realm ``` package cn.ojama; import java.util.ArrayList; import java.util.List; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.session.InvalidSessionException; import org.apache.shiro.session.Session; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; import service.UserService; import entity.User; public class MyRealm extends AuthorizingRealm { private UserService userService = new UserService(); @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userCode = (String) principals.getPrimaryPrincipal(); List<String> p = new ArrayList<String>(); p.add("user:create"); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addStringPermissions(p); return authorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(token.getUsername(), token.getPassword(), this.getName()); return authcInfo; ``` 这个是servlet 真心求教一下...配置了会话管理器,但是session还是半小时才失效,是我漏配置什么了吗? ``` public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated()) { UsernamePasswordToken token = new UsernamePasswordToken(username, password); token.setRememberMe(true); UserService userService=new UserService(); User user= userService.getMemberByName(username); if(user==null){ System.out.println("用户名或密码错误"); }else{ try { subject.login(token); response.sendRedirect("admin/index.jsp"); } catch (Exception e) { System.out.println("用户名或密码错误"); } } } } ```

shiro 结合 ajax 返回 json 的解决方案

这个是我的shiro配置文件 ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd"> <!-- shiro的第三步 spring文件里面配置Shiro--> <!-- 3.1 配置SecurityManager 安全管理器--> <!-- SecurityManager : 安全管理器,主体认证和授权都是通过SecurityManager进行--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- 3.1.1 注入 cacheManager 缓存管理器 --> <property name="cacheManager" ref="cacheManager" /> <!-- 3.1.2 注入 authenticator 属性赋值(下面会配置这个属性)--> <property name="authenticator" ref="authenticator"/> <!-- realm 域:相当于数据源,通过realm存取认证,授权相关数据 --> <property name="realms"> <list> <!-- 加载一个自定义的realm --> <ref bean="jdbcRealm"/> </list> </property> <!-- 记住我 的时间长--> <property name="rememberMeManager.cookie.maxAge" value="100"></property> </bean> <!-- 3.2配置cacheManager 缓存管理器 --> <!-- 3.2.1需要加入ehcache的jar包 + ehcache.xml配置文件 --> <!-- cacheManager : 缓存管理器,主要针对session和授权数据进行缓存 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!-- 将数据通过 cacheManager + ehcache整合对缓存数据进行管理--> <property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml" /> </bean> <!-- 3.3 配置 authenticator 认证器:主体进行认证最终通过authenticator进行 --> <bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="authenticationStrategy"> <bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy"></bean> </property> </bean> <!-- shiro第四步配置自定义realm --> <!-- realm : 域,相当于数据源 ,通过realm存取认证,授权相关数据 --> <!-- 4.1配置Realm + 重写Realm类--> <bean id="jdbcRealm" class="com.leon.ssms.shiro.ShiroRealm"> <!-- 4.2 MD5加密配置 --> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="MD5"></property> <property name="hashIterations" value="1024"></property> </bean> </property> </bean> <!-- shiro第五步 配置LifecycleBeanPostProcessor --> <!-- 5.配置LifecycleBeanPostProcessor 可以自动的来调用配置在Spring IOC 容器中 shiro bean 的生命周期方法。 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- shiro第六步 启用IOC容器中 使用shiro注解--> <!-- 6.启用IOC容器中 使用shiro注解。但必须在配置lifecycleBeanPostProcessor 之后在可以使用。 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" /> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- shiro第七步 配置shiroFilter--> <!-- 7.1 id必须和web.xml文件中配置的DelegatingFilterProxy 的<filter-name>一致 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- 登录页面 ,用户 登录不成功自动 返回该页面 --> <property name="loginUrl" value="/login.jsp"/> <!-- 登录成功页面,登录成功后跳转到该页面 --> <property name="successUrl" value="/home.action" /> <!-- 无权访问跳转页面 --> <property name="unauthorizedUrl" value="/unauthorized.action"/> <!-- 7.2 配置 filterChainDefinitionMap 属性 --> <!-- 将原先写死的认证和权限数据通过 Map的Key和Value的形式通过实例工厂类方法从数据库获取 --> <property name="filterChainDefinitionMap" ref="filterChainDefinitionMap"/> <!-- 配置哪些页面需要受保护以及访问这些页面需要的权限 --> <!-- 1).anon 可以匿名访问 2).autch 必须认证(需要登录)后才可以访问的页面 3).logout 登出 4).roles 角色权限 <property name="filterChainDefinitions"> <value> /login.jsp = anon /user/login.action = anon /user/logout.action = logout /user.jsp = roles[user] /admin.jsp = roles[admin] /** = authc </value> </property>--> </bean> <!-- 配置一个 bean, 该 bean 实际上是一个 Map. 通过实例工厂方法的方式 --> <bean id="filterChainDefinitionMap" factory-bean="FilterChainDefinitionMapBuilder" factory-method="builderFilterChainDefinitionMap"> </bean> <bean id="FilterChainDefinitionMapBuilder" class="com.leon.ssms.factory.FilterChainDefinitionMapBuilder"> </bean> </beans> ```

Ehcache 缓存刷到磁盘后,重启Tomcat后,产生的.index文件被删除?????

Ehcache 缓存刷到磁盘后,重启Tomcat后,产生的.index文件被删除????? code: 1 ehcache.xml <!-- 永久有效 --> <cache name="empSignOutCache" maxElementsInMemory="10000" diskPersistent="true" maxElementsOnDisk="10000" eternal="true" overflowToDisk="true" diskSpoolBufferSizeMB="200" memoryStoreEvictionPolicy="FIFO" /> 2/ java代码 static{ // System.setProperty("net.sf.ehcache.enableShutdownHook","true"); // System.setProperty(net.sf.ehcache.CacheManager.ENABLE_SHUTDOWN_HOOK_PROPERTY,"true"); URL url = EhCacheUtil.class.getClassLoader().getResource(EhCacheUtil.EHCACHEURL); singletonManager = CacheManager.create(url); singletonManager = new CacheManager(url); out = singletonManager.getCache("empSignOutCache"); 第二次运行这一句的时候会删除.index out = singletonManager.getCache("empSignOutCache");

ehcache集群数据不同步。

问题如题。 server1 : win 7,tomcat。ip:192.168.1.213 server2:win 7中安装的centos6.6虚拟机,tomcat。ip:192.168.1.211. ehcache:2.9版本 需要缓存的App对象已经实现Serializable接口。两个server中的防火墙都已经关闭。 具体文件如下面所示。配置都是参照官网配的,不知道为什么数据不同步。小弟刚接触,望各位不吝赐教,谢谢! **ehcache.xml文件如下:** <ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ehcache.xsd"> <cacheManagerPeerProviderFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory" properties="peerDiscovery=automatic, multicastGroupAddress=230.0.0.1, multicastGroupPort=40001, timeToLive=1"/> <cacheManagerPeerListenerFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerListenerFactory" properties="hostName=localhost, port=40001, socketTimeoutMillis=2000"/> <cache name="sampleCache2" maxEntriesLocalHeap="10" eternal="false" timeToIdleSeconds="100" timeToLiveSeconds="3600" overflowToDisk="false"> <cacheEventListenerFactory class="net.sf.ehcache.distribution.RMICacheReplicatorFactory" properties="replicateAsynchronously=true, replicatePuts=true, replicateUpdates=true, replicateUpdatesViaCopy=false, replicateRemovals=true "/> <bootstrapCacheLoaderFactory class="net.sf.ehcache.distribution.RMIBootstrapCacheLoaderFactory"/> </cache> </ehcache> **EhcacheUtil.java文件:** public class EhcacheUtil implements Serializable { /** * */ private static final long serialVersionUID = 1L; private static final String path = "/cache/ehcache.xml"; private URL url; private CacheManager manager; private static EhcacheUtil ehCache; private EhcacheUtil(String path) { url = getClass().getResource(path); manager = CacheManager.create(url); } public static EhcacheUtil getInstance() { if (ehCache== null) { ehCache= new EhcacheUtil(path); } return ehCache; } public void put(String cacheName, String key, Object value) { Cache cache = manager.getCache(cacheName); Element element = new Element(key, value); cache.put(element); } public Object get(String cacheName, String key) { Cache cache = manager.getCache(cacheName); Element element = cache.get(key); return element == null ? null : element.getObjectValue(); } public Cache get(String cacheName) { return manager.getCache(cacheName); } public void remove(String cacheName, String key) { Cache cache = manager.getCache(cacheName); cache.remove(key); } } **IndexController.java文件:** @WebServlet(description = "index", urlPatterns = { "/index" }) public class IndexController extends HttpServlet { private static final long serialVersionUID = 1L; // private static App app = new App(); /** * @see HttpServlet#HttpServlet() */ public IndexController() { super(); // TODO Auto-generated constructor stub App app = new App(); EhcacheUtil.getInstance().put("sampleCache2", "APP", app); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub App obj = (App)EhcacheUtil.getInstance().get("sampleCache2","APP"); obj.num++; EhcacheUtil.getInstance().put("sampleCache2","APP",obj); response.getOutputStream().write(("num="+obj.num).getBytes()); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub } } **App.java文件:** public class App implements Serializable{ private static final long serialVersionUID = 1L; public static int num=0; }

SSM使用shiro注解报错:nested exception is java.lang.NoClassDefFoundError: org/aspectj/util/PartialOrder$PartialComparable

最近在学习shiro,在整合ssm使用shiro注解授权时一直报错: ``` org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'systemController' defined in file [E:\shiro\code\shiro9-springMVC\out\artifacts\shiro9_springMVC_war_exploded\WEB-INF\classes\com\shiro\controller\SystemController.class]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: org/aspectj/util/PartialOrder$PartialComparable ``` web.xml部分代码: ``` <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--路径监听--> <listener> <listener-class>com.shiro.commons.ShiroContextListener</listener-class> </listener> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <!--配置文件的位置和名字--> <param-name>contextConfigLocation</param-name> <param-value>classpath*:springmvc.xml</param-value> </init-param> <!-- Servlet默认是请求到达服务器时创建对象 并初始化 load-on-startup:表示 服务器启动时创建对象并初始化 --> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> ``` springmvc.xml部分代码: ``` <!--配置注解扫描--> <context:component-scan base-package="com.shiro" /> <!--shiro配置--> <import resource="classpath:shiro-config.xml" /> <!--使用shiro的权限注解 需要Shiro的 SpringAOP集成来扫描合适的注解类以及执行必要的安全逻辑--> <!--开启aop对类的代理--> <aop:config proxy-target-class="true" /> <!--开启shiro注解支持 配置shiro的注解适配器--> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> ``` shiro-config.xml配置: ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd"> <!--加密方式配置--> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5" /> <property name="hashIterations" value="2" /> </bean> <!--自定义realm--> <bean id="realm" class="com.shiro.commons.UserRealm"> <property name="credentialsMatcher" ref="credentialsMatcher" /> </bean> <!--配置缓存 ehcache--> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!--可以配置ehcache--> <!--<property name="cacheManagerConfigFile" value=""></property>--> </bean> <!--将shiro安全管理器交给spring ioc容器管理--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--设置realm--> <property name="realm" ref="realm" /> <!--设置缓存--> <property name="cacheManager" ref="cacheManager" /> </bean> <!--shiro web过滤器--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!--注入安全管理器--> <property name="securityManager" ref="securityManager" /> <!--未认证跳转的页面配置--> <property name="loginUrl" value="pages/login.jsp" /> <!--配置安全规则 --> <property name="filterChainDefinitions"> <value> <!--登录请求不做拦截--> /pages/login.jsp = anon /pages/guest.jsp = anon /toLogin = anon <!--静态资源不做拦截--> /static/** = anon <!--需要拦截的请求 user表示身份认证通过可以访问--> /** = user </value> </property> </bean> <!--使用工厂类将securityManager设置到环境中去 相当于 SecurityUtils.setSecurityManager--> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <!--调用静态方法--> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/> <!--需要的参数--> <property name="arguments" ref="securityManager" /> </bean> <!--shiro生命周期处理器--> <bean name="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> </beans> ``` 报错的controller注解代码 ``` /* * 使用shiro的权限注解 * 1、@RequiresPermissions 验证是拥有某权限,多个用‘,’隔开,参数2定义用and或者or连接条件 默认是and * */ //2、@RequiresAuthentication 通过认证的用户才可以访问 //3、@RequiresRoles(value = {"超级管理员","系统管理"},logical = Logical.OR) 验证是拥有某角色,多个用‘,’隔开,参数2定义用and或者or连接条件 默认是and //@RequiresGuest @RequiresPermissions(value = {"sys:add","sys:info"},logical = Logical.AND) @RequestMapping("System/updateRuleForm") public String updateRuleForm(HttpServletRequest request, Role role){ request.setAttribute("role",role); return "updateRole"; } ``` aop相关jar包 ``` <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>1.8.9</version> </dependency> <!-- https://mvnrepository.com/artifact/aopalliance/aopalliance --> <dependency> <groupId>aopalliance</groupId> <artifactId>aopalliance</artifactId> <version>1.0</version> </dependency> <!-- https://mvnrepository.com/artifact/org.aspectj/aspectjrt --> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>1.8.13</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>5.0.7.RELEASE</version> </dependency> <!-- https://mvnrepository.com/artifact/cglib/cglib-nodep --> <dependency> <groupId>cglib</groupId> <artifactId>cglib-nodep</artifactId> <version>2.2</version> </dependency> ``` 之前百度都说的缺少各种jar包,我现在把aop能用到的jar包都引入了,但还是报错 控制台报错代码: ``` 11-May-2020 15:14:13.134 信息 [RMI TCP Connection(4)-127.0.0.1] org.apache.catalina.core.ApplicationContext.log No Spring WebApplicationInitializer types detected on classpath 11-May-2020 15:14:13.681 信息 [RMI TCP Connection(4)-127.0.0.1] org.apache.catalina.core.ApplicationContext.log Initializing Spring FrameworkServlet 'springmvc' 11-May-2020 15:14:17.051 严重 [RMI TCP Connection(4)-127.0.0.1] org.apache.catalina.core.ApplicationContext.log StandardWrapper.Throwable org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'systemController' defined in file [E:\shiro\code\shiro9-springMVC\out\artifacts\shiro9_springMVC_war_exploded\WEB-INF\classes\com\shiro\controller\SystemController.class]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: org/aspectj/util/PartialOrder$PartialComparable at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:589) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:503) at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:760) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:672) at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:638) at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:686) at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:554) at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:499) at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:172) at javax.servlet.GenericServlet.init(GenericServlet.java:158) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1124) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1079) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:971) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4829) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5143) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:703) at org.apache.catalina.startup.HostConfig.manageApp(HostConfig.java:1737) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:287) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:457) at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:406) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:287) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468) at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1401) at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:829) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) at sun.rmi.transport.Transport$1.run(Transport.java:200) at sun.rmi.transport.Transport$1.run(Transport.java:197) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:196) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.NoClassDefFoundError: org/aspectj/util/PartialOrder$PartialComparable at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:763) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2352) at org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:833) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1278) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1138) at org.springframework.aop.aspectj.autoproxy.AspectJAwareAdvisorAutoProxyCreator.sortAdvisors(AspectJAwareAdvisorAutoProxyCreator.java:72) at org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.findEligibleAdvisors(AbstractAdvisorAutoProxyCreator.java:98) at org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.getAdvicesAndAdvisorsForBean(AbstractAdvisorAutoProxyCreator.java:76) at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.wrapIfNecessary(AbstractAutoProxyCreator.java:352) at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.postProcessAfterInitialization(AbstractAutoProxyCreator.java:304) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:439) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1712) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:581) ... 63 more ``` 请大佬们看看是什么问题!!!

ehcache在使用注解缓存时,不起作用。

问题:在spring boot 中引入了ehcache,作用于service层。 然后发现了一个问题。 **如果该service注入到shiro的自定义认证域中,会导致ehcache失效!!** 贴上代码: ``` /** * 其他省略 */ @Service("userService") @Transactional(rollbackFor = RuntimeException.class) public class UserServiceImpl implements UserService { @Resource private UserDao userDao; @Override @Cacheable(value = "jazCache") // 使用ehcache注解 public List<UserEntity> list(Map<String, Object> params) { List<UserEntity> list = userDao.findPage(params); return list; } ``` <br> 然后,在Controller注入 ``` @Resource private UserService userService; @GetMapping(value = "/all") public ResultInfo all(@RequestParam Map<String, Object> params) { return ResultPage.ok().total((long)1).data(this.userService.list(params)); } ``` <br> 然后在浏览器中访问:<br> 第一次查询DB<br> ![图片说明](https://img-ask.csdn.net/upload/201902/20/1550649944_701970.png) <br>第二次走缓存<br> ![图片说明](https://img-ask.csdn.net/upload/201902/20/1550650042_857850.png) <br><br> 接下来,重点来了。在shiro的自定义认证域中,注入userService:<br> ``` @Component public class UserRealm extends AuthorizingRealm { @Resource private UserService userService; ...其他省略 ``` <br> 然后在浏览器中访问:<br> <br> ![图片说明](https://img-ask.csdn.net/upload/201902/20/1550650253_764623.png) 第一次走DB,第二次也走DB <br> ehcache失效了!!! 求大神~~

Ehcache 为啥缓存到磁盘中去

<?xml version="1.0" encoding="ISO-8859-1"?> <ehcache> <diskstore path="java.io.tmpdir"></diskstore> <defaultcache name="spring" maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="true" maxElementsOnDisk="10000000" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" memoryStoreEvictionPolicy="LRU"> </defaultcache> <BootstrapCacheLoaderFactory class="net.sf.ehcache.store.DiskStoreBootstrapCacheLoaderFactory" properties="bootstrapAsynchronously=true" /> </ehcache> <!--ehcache 缓存--> <!--开启扫描--> <cache:annotation-driven cache-manager="cacheManager"></cache:annotation-driven> <bean id="temp" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> <property name="configLocation" value="classpath:ehcache.xml"></property> </bean> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager"> <property name="cacheManager" ref="temp"></property> </bean>

请问 使用shiro想去掉remmemberMe

shiro 并没有配置 rememberMe相关配置 , 但是在浏览器cookie里却有 rememberMe ,造成session过期,一刷新浏览器又能继续访问需要认证的链接, 求大神指导. 小弟在此谢过了. ![图片说明](https://img-ask.csdn.net/upload/201710/15/1508048156_930368.png) ![图片说明](https://img-ask.csdn.net/upload/201710/15/1508048186_891445.png) <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd "> <!-- 凭证匹配器 --> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="HashAlgorithmName" value="md5"></property> <property name="hashIterations" value="1"></property> </bean> <!-- realm --> <bean id="userRealm" class="cn.itcast.act_web.shiro.dao.UserRealm"> <property name="credentialsMatcher" ref="credentialsMatcher" ></property> </bean> <!-- ehcache缓存管理器--> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml"></property> </bean> <!-- Shiro 的 session管理器 <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="180000"></property> <property name="deleteInvalidSessions" value="true"></property> </bean> --> <!-- securityManager --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="userRealm"></property> <!-- <property name="cacheManager" ref="cacheManager"></property> --> <!-- <property name="sessionManager" ref="sessionManager"></property> --> </bean> <!-- web.xml 中shiro的filter 对应的bean --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"></property> <property name="loginUrl" value="/loginUI.jsp"></property> <!-- <property name="successUrl" value="/home/index.action"></property> --> <property name="unauthorizedUrl" value="/loginUI.jsp"></property> <property name="filterChainDefinitions" > <value> <!-- 静态资源匿名访问 --> /images/** = anon /js/** = anon /styles/** = anon /image/** = anon /script/** = anon /style/** = anon <!-- 必须将登录action 及登录提交action匿名 --> /home/index.action*= anon /loginsubmit.action* = anon <!-- /validatecode.jsp* = anon --> <!-- 退出登陆的地址,shiro去清楚session --> /home/logout.action = logout <!-- /cgd/addcgd.action = perms["cgd/addcgd.act"] --> <!-- 如果设置 Cookie 记住我, 则不能使用此user过滤器,还会拦截 --> /index.jsp* = user <!-- /first.action* = user --> <!-- /welcome.action* = user --> <!-- /getmenus.action* = user --> <!-- 所有的URL都必须认证通过才能访问, --> /** = authc <!-- 所有的url 都可以匿名访问 --> <!-- /** = anon --> </value> </property> </bean> </beans>

shiro 登录认证页面不跳转

认证是没有问题的,登录之后一直在登录页面,然后直接输入index.jsp又是可以访问的, 说明认证成功了 直接上图帐号代码,求大神。。。 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> <!-- web.xml中shiro的filter对应的bean --> <!-- Shiro 的Web过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <!-- loginUrl认证提交地址,如果没有认证将会请求此地址进行认证,请求此地址将由formAuthenticationFilter进行表单认证 --> <property name="loginUrl" value="/login/login.html"/> <!-- 认证成功统一跳转到first.action,建议不配置,shiro认证成功自动到上一个请求路径 --> <property name="successUrl" value="/index.jsp"/> <!-- 通过unauthorizedUrl指定没有权限操作时跳转页面--> <!--<property name="unauthorizedUrl" value="/WEB-INF/pages/refuse.jsp"/>--> <!-- 自定义filter配置 --> <property name="filters"> <map> <!--将自定义 的FormAuthenticationFilter注入shiroFilter中--> <entry key="authc" value-ref="formAuthenticationFilter"/> </map> </property> <!-- 过虑器链定义,从上向下顺序执行,一般将/**放在最下边 --> <property name="filterChainDefinitions"> <value> <!-- 对静态资源设置匿名访问 --> /css/** = anon /datas/** = anon /html/** = anon /images/** = anon /js/** = anon /plugins/** = anon /temp/** = anon /login/login.html = anon /login/checkLogin.json = anon <!--请求这个地址退出登录 shiro清除session--> /login/logout = logout <!--所有url都必须认证通过才可以访问--> /** = authc <!--anon所有url都可以匿名访问--> <!--/** = anon--> </value> </property> </bean> <!-- securityManager安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="customRealm"/> <!-- 注入缓存管理器 --> <!--<property name="cacheManager" ref="cacheManager"/>--> <!-- 注入session管理器 --> <!--<property name="sessionManager" ref="sessionManager"/>--> <!-- 记住我 --> <!--<property name="rememberMeManager" ref="rememberMeManager"/>--> </bean> <!-- realm --> <bean id="customRealm" class="com.infore.common.CustomRealm"> </bean> <!-- 缓存管理器 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:/shiro/shiro-ehcache.xml"/> </bean> <bean id="formAuthenticationFilter" class="com.infore.common.CustomFormAuthenticationFilter"> <!-- 表单中账号的input名称 --> <property name="usernameParam" value="username" /> <!-- 表单中密码的input名称 --> <property name="passwordParam" value="password" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> </beans> @ResponseBody @RequestMapping("/checkLogin.json") public AjaxResult<String> checkLogin(HttpServletRequest request){ AjaxResult<String> result = new AjaxResult<String>(); String username = request.getParameter("username"); String password = request.getParameter("password"); try{ /*if(username == null || "".equals(username)){ result.setSuccess(false); result.setMsg("请输入账号"); return result; } if(password == null || "".equals(password)){ result.setSuccess(false); result.setMsg("请输入密码"); return result; } EmpDto emp = empService.selectByUsername(username); if(emp == null){ result.setSuccess(false); result.setMsg("账号不存在"); return result; }**/ ByteSource salt = ByteSource.Util.bytes("emp"); SimpleHash simpleHash = new SimpleHash("MD5", password, salt, 2); String password_md5 = simpleHash.toString(); /*if(!emp.getPassword().equals(password_md5)){ result.setSuccess(false); result.setMsg("密码不正确"); return result; }*/ UsernamePasswordToken token = new UsernamePasswordToken(username, password_md5); Subject currentUser = SecurityUtils.getSubject(); //使用shiro来验证 token.setRememberMe(true); try { currentUser.login(token); EmpDto empDto = (EmpDto) currentUser.getPrincipal(); logger.info("User [" + empDto.getUsername() + "] logged in successfully."); //验证通过保存emp信息 super.getSession().setAttribute("emp", currentUser.getPrincipal()); super.getSession().setAttribute("username", username); super.getSession().setAttribute("empNo", empDto.getEmpNo()); } catch ( UnknownAccountException uae ) { uae.printStackTrace(); result.setSuccess(false); result.setMsg("账号不存在"); return result; } catch ( IncorrectCredentialsException ice ) { ice.printStackTrace(); result.setSuccess(false); result.setMsg("账号/密码不正确"); return result; } catch (LockedAccountException lae) { lae.printStackTrace(); result.setSuccess(false); result.setMsg("用户已被锁定"); return result; } catch (ExcessiveAttemptsException eae ) { eae.printStackTrace(); } }catch (Exception e){ logger.error("验证登录信息异常[checkLogin]",e); publicUtil.insertLog(0,e,0); result.setSuccess(false); result.setMsg("验证登录信息异常"); } return result; } /** * realm的认证方法,从数据库查询用户信息 * @param authToken * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authToken; EmpDto emp = empService.selectByUsername(token.getUsername()); if(emp == null){ throw new UnknownAccountException("账号不存在"); } SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(emp, emp.getPassword(), getName()); return simpleAuthenticationInfo; }

spring 和 Ehcache web做页面缓存配置出异常?

<div class="iteye-blog-content-contain" style="font-size: 14px;"> <p>项目用的是spring mvc + hibernate 的结构。现在想用 Ehcache web做一个简单的页面缓存。网上找了很多例子但是就是报异常:</p> <pre name="code" class="java">Caused by: net.sf.ehcache.CacheException: Error configuring from file:/D:/workspace/sulai/webapp/WEB-INF/classes/ehcache.xml. Initial cause was Error configuring from input stream. Initial cause was null:90: Element &lt;ehcache&gt; does not allow nested &lt;transactionManagerLookup&gt; elements. at net.sf.ehcache.config.ConfigurationFactory.parseConfiguration(ConfigurationFactory.java:95) at net.sf.ehcache.config.ConfigurationFactory.parseConfiguration(ConfigurationFactory.java:131) at net.sf.ehcache.CacheManager.parseConfiguration(CacheManager.java:241) at net.sf.ehcache.CacheManager.init(CacheManager.java:190) at net.sf.ehcache.CacheManager.&lt;init&gt;(CacheManager.java:183) at net.sf.ehcache.CacheManager.create(CacheManager.java:343) at net.sf.ehcache.CacheManager.getInstance(CacheManager.java:364) at net.sf.ehcache.constructs.web.filter.SimplePageCachingFilter.getCacheManager(SimplePageCachingFilter.java:100) at net.sf.ehcache.constructs.web.filter.CachingFilter.doInit(CachingFilter.java:83) at net.sf.ehcache.constructs.web.filter.Filter.init(Filter.java:191) ... 27 more</pre> <p> 这是我的web.xml,是按照网上例子搞的。</p> <pre name="code" class="xml">&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"&gt; &lt;!-- Shiro Filter --&gt; &lt;filter&gt; &lt;filter-name&gt;shiroFilter&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;targetFilterLifecycle&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;shiroFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- 异常处理过滤器拦截所有请求/* 或可改成*.action --&gt; &lt;filter&gt; &lt;filter-name&gt;SulaiExceptionFilter&lt;/filter-name&gt; &lt;filter-class&gt;com.sulai.core.exception.filter.SulaiExceptionFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;errorPage&lt;/param-name&gt; &lt;param-value&gt;/jsp/error/error.jsp&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;SulaiExceptionFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- Ehcache web 页面缓存过滤器 --&gt; &lt;filter&gt; &lt;filter-name&gt;PageCacheFilter&lt;/filter-name&gt; &lt;filter-class&gt;net.sf.ehcache.constructs.web.filter.SimplePageCachingFilter&lt;/filter-class&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;PageCacheFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- spring MVC 配置 --&gt; &lt;servlet&gt; &lt;servlet-name&gt;spring&lt;/servlet-name&gt; &lt;servlet-class&gt;org.springframework.web.servlet.DispatcherServlet&lt;/servlet-class&gt; &lt;!-- 自定义servlet.xml配置文件的位置和名称,默认为WEB-INF目录下,名称为[&lt;servlet-name&gt;]-servlet.xml,如spring-servlet.xml --&gt; &lt;init-param&gt; &lt;param-name&gt;contextConfigLocation&lt;/param-name&gt; &lt;param-value&gt;classpath:spring-servlet.xml&lt;/param-value&gt; &lt;/init-param&gt; &lt;load-on-startup&gt;1&lt;/load-on-startup&gt; &lt;/servlet&gt; &lt;servlet-mapping&gt; &lt;servlet-name&gt;spring&lt;/servlet-name&gt; &lt;url-pattern&gt;*.action&lt;/url-pattern&gt; &lt;/servlet-mapping&gt; &lt;!-- DWR ScriptSession过滤器 --&gt; &lt;servlet&gt; &lt;servlet-name&gt;initScriptSessionListener&lt;/servlet-name&gt; &lt;servlet-class&gt; com.sulai.message.util.InitScriptSession &lt;/servlet-class&gt; &lt;load-on-startup&gt;1&lt;/load-on-startup&gt; &lt;/servlet&gt; &lt;!--dwr servlet--&gt; &lt;servlet&gt; &lt;servlet-name&gt;dwr-invoker&lt;/servlet-name&gt; &lt;servlet-class&gt; org.directwebremoting.servlet.DwrServlet &lt;/servlet-class&gt; &lt;init-param&gt; &lt;param-name&gt;debug&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;crossDomainSessionSecurity&lt;/param-name&gt; &lt;param-value&gt;false&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;allowScriptTagRemoting&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;pollAndCometEnabled&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;activeReverseAjaxEnabled&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;org.directwebremoting.extend.ServerLoadMonitor&lt;/param-name&gt; &lt;param-value&gt;org.directwebremoting.impl.PollingServerLoadMonitor&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;disconnectedTime&lt;/param-name&gt; &lt;param-value&gt;60000&lt;/param-value&gt; &lt;/init-param&gt; &lt;load-on-startup&gt;1&lt;/load-on-startup&gt; &lt;/servlet&gt; &lt;servlet-mapping&gt; &lt;servlet-name&gt;dwr-invoker&lt;/servlet-name&gt; &lt;url-pattern&gt;/dwr/*&lt;/url-pattern&gt; &lt;/servlet-mapping&gt; &lt;!-- Spring log4j加载 --&gt; &lt;context-param&gt; &lt;param-name&gt;webAppRootKey&lt;/param-name&gt; &lt;param-value&gt;webapp.root&lt;/param-value&gt; &lt;/context-param&gt; &lt;context-param&gt; &lt;param-name&gt;log4jConfigLocation&lt;/param-name&gt; &lt;param-value&gt;classpath:log4j.xml&lt;/param-value&gt; &lt;/context-param&gt; &lt;context-param&gt; &lt;param-name&gt;log4jRefreshInterval&lt;/param-name&gt; &lt;param-value&gt;60000&lt;/param-value&gt; &lt;/context-param&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.web.util.Log4jConfigListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;!-- Spring配置 --&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.web.context.ContextLoaderListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;!-- 定时器servletContext加载 --&gt; &lt;listener&gt; &lt;listener-class&gt;com.sulai.util.jobs.JobContextListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;!-- 指定Spring Bean的配置文件所在目录。默认配置在WEB-INF目录下 --&gt; &lt;context-param&gt; &lt;param-name&gt;contextConfigLocation&lt;/param-name&gt; &lt;param-value&gt; classpath:applicationContext.xml, classpath:applicationContext-dao.xml, classpath:applicationContext-shiro.xml, classpath:messages.xml &lt;/param-value&gt; &lt;/context-param&gt; &lt;filter&gt; &lt;filter-name&gt;Set Character Encoding&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.web.filter.CharacterEncodingFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;encoding&lt;/param-name&gt; &lt;param-value&gt;utf8&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;Set Character Encoding&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;filter&gt; &lt;filter-name&gt;UrlRewriteFilter&lt;/filter-name&gt; &lt;filter-class&gt;org.tuckey.web.filters.urlrewrite.UrlRewriteFilter&lt;/filter-class&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;UrlRewriteFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;dispatcher&gt;REQUEST&lt;/dispatcher&gt; &lt;dispatcher&gt;FORWARD&lt;/dispatcher&gt; &lt;/filter-mapping&gt; &lt;!-- 404 自定义页面 --&gt; &lt;error-page&gt; &lt;error-code&gt;404&lt;/error-code&gt; &lt;location&gt; /jsp/error/error.jsp &lt;/location&gt; &lt;/error-page&gt; &lt;welcome-file-list&gt; &lt;welcome-file&gt;index.action&lt;/welcome-file&gt; &lt;/welcome-file-list&gt; &lt;/web-app&gt;</pre> <p> 这是 ehcache.xml</p> <pre name="code" class="xml">&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="true" monitoring="autodetect" dynamicConfig="true"&gt; &lt;diskStore path="D:\\workspace\\sulai\\webapp\\pageCache"/&gt; &lt;cacheManagerEventListenerFactory class="" properties=""/&gt; &lt;defaultCache maxElementsInMemory="1000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="true" maxElementsOnDisk="10000" diskSpoolBufferSizeMB="30" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" memoryStoreEvictionPolicy="LRU" statistics="false" /&gt; &lt;cache name="PageCacheFilter" maxElementsInMemory="1000" maxElementsOnDisk="10000" eternal="false" overflowToDisk="true" diskSpoolBufferSizeMB="20" timeToIdleSeconds="300" timeToLiveSeconds="600" memoryStoreEvictionPolicy="LFU" transactionalMode="off" /&gt; &lt;/ehcache&gt;</pre> <p> 麻烦大神们看看哪里有问题?</p> <p> </p> </div>

Shiro鉴权登陆成功后 authc网页还是没法访问

具体就是Shiro鉴权登陆成功后 authc网页还是没办法进行访问,还是会被拦截到默认的anon 网页, # 在测试服务器的tomcat上没问题,但是在生产服务器上就是不能访问 是因为生产https访问的缘故?。 ```<!-- 自定义Realm --> <bean id="loginRealm" class="com.webserver.controller.LoginRealm"> <property name="authenticationCachingEnabled" value="true"></property> </bean> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="loginRealm" /> <property name="cacheManager" ref="cacheManager"></property> </bean> <!-- 启用缓存 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:resources/spring/ehcache.xml"></property> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/" /> <property name="unauthorizedUrl" value="/login.html" /> <property name="filterChainDefinitions"> <value> /pages/login.html=anon /pages/index.html=authc /pages/data-info.html=authc /*.*=anon </value> </property> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" /> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> </beans> ```

shiro 不执行授权方法 doGetAuthorizationInfo()

# ShiroDbRealm.java 代码如下 ``` public class ShiroDbRealm extends AuthorizingRealm { @Resource private UserService userService; /** * 认证回调函数,登录时调用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; User currentUser = userService.findByUserName(token.getUsername()); if (currentUser != null) { if (currentUser.getStatus()==User.STATUS_DISABLED) { throw new DisabledAccountException("用户已注销"); }else if(currentUser.getStatus()==User.STATUS_NOT_ACTIVE){ throw new DisabledAccountException("用户未激活");//这里需要编写一个用户未激活异常 } return new SimpleAuthenticationInfo(currentUser.getUsername(),currentUser.getUserpwd(), ""); } return null; } /** * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */ @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { // Cache<Object, AuthenticationInfo> authenticationCache = // getAuthenticationCache(); String primaryPrincipal = (String) principals.getPrimaryPrincipal(); System.out.println("-----------*************************------------>"+ primaryPrincipal); List<String> roles = new ArrayList<String>(); List<String> permissions = new ArrayList<String>(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); User user = userService.findByUserName(primaryPrincipal); if(user != null){ for (Role role : user.getRoles()) { roles.add(role.getName()); for (Permission p : role.getPermissions()) { permissions.add(p.getPrivilege()); } } }else{ throw new AuthorizationException(); } //给当前用户设置角色 info.addRoles(roles); //给当前用户设置权限 info.addStringPermissions(permissions); return info; } } ``` # applicationContext-shiro.xml配置 ``` <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> <description>Shiro安全配置</description> <!-- Shiro's main business-tier object for web-enabled applications --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="shiroDbRealm"/> <property name="cacheManager" ref="shiroEhcacheManager"/> </bean> <!-- 項目自定义的Realm --> <bean id="shiroDbRealm" class="com.wsq.app.service.common.ShiroDbRealm"> <!-- <property name="userService" ref="userService"/> 这里我在项目中只用了注解注入--> </bean> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 这个属性是必须的 --> <property name="securityManager" ref="securityManager"/> <!-- 没有登录的用户请求需要登录的页面时自动跳转到登录页面,不是必须的属性,不输入地址的话会自动寻找项目web项目的根目录下的”/login.jsp”页面 --> <property name="loginUrl" value="/login"/> <!-- 登录成功默认跳转页面,不配置则跳转至”/”。如果登陆前点击的一个需要登录的页面,则在登录自动跳转到那个需要登录的页面。不跳转到此 --> <property name="successUrl" value="/"/> <!-- 没有权限默认跳转的页面 --> <property name="unauthorizedUrl" value=""/> <!-- 就是需要验证的地址的列表,常用的包含anon、authc、perms、roles、user、logout。 --> <property name="filterChainDefinitions"> <value> /static/** = anon /login = anon /login/** = anon /logout = user /** = authc </value> </property> </bean> <!-- 用户授权信息Cache, 采用EhCache --> <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:resource/ehcache-shiro.xml"/> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- AOP式方法级权限检查 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true"/> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> </beans> ``` # web.xml配置 ``` <!-- Shiro Security filter --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ``` 集成以后,项目可以正常启动,登陆时也可以正常调用登录验证,可就是在验证授权时,不掉用。求解答~也没分了,不好意思。

shiro +cas 整合单点登录页面重定向的问题 后台是jeesite框架

访问系统的时候页面进入cas的登录页,输入用户名密码之后就进入了重定向了,不知道该怎么配这个配置文件了。大神能给我分析分析问题出在哪了么 ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd" default-lazy-init="true"> <description>Shiro Configuration</description> <!-- 加载配置属性文件 --> <context:property-placeholder ignore-unresolvable="true" location="classpath:jeesite.properties" /> <!-- Shiro权限过滤过滤器定义 --> <bean name="shiroFilterChainDefinitions" class="java.lang.String"> <constructor-arg> <value> /static/** = anon /api/test = anon /api/userRegist = anon ${adminPath}/userApi/userRegist = anon /api/** = anon /userfiles/** = anon ${adminPath}/upload = anon ${adminPath}/cas = cas ${adminPath}/login = authc ${adminPath}/logout = logoutFilter <!-- ${adminPath}/** = user --> /shiro-cas = cas <!-- /logout = logoutFilter --> /a/** = user /a/sys/hlApi = anon ${adminPath}/sys/hlApi/form = anon /act/rest/service/editor/** = perms[act:model:edit] /act/rest/service/model/** = perms[act:model:edit] /act/rest/service/** = user /ReportServer/** = user </value> </constructor-arg> </bean> <!-- 安全认证过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /><!-- <property name="loginUrl" value="${cas.server.url}?service=${cas.project.url}${adminPath}/cas" /> --> <!-- <property name="loginUrl" value="${adminPath}/login" /> <property name="successUrl" value="${adminPath}?login" /> --> <property name="loginUrl" value="${loginUrl}" /> <property name="filters"> <map> <entry key="cas" value-ref="casFilter"/> <entry key="authc" value-ref="formAuthenticationFilter"/> <entry key="logoutFilter" value-ref="logoutFilter"/> </map> </property> <property name="filterChainDefinitions"> <ref bean="shiroFilterChainDefinitions"/> </property> </bean> <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <!-- 配置验证错误时的失败页面 --> <property name="redirectUrl" value="${logoutUrl}" /> </bean> <!-- CAS认证过滤器 --> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <property name="failureUrl" value="${loginFailedUrl}"/> <property name="successUrl" value="${loginSuccessUrl}" /> </bean> <!-- 定义Shiro安全管理配置 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="subjectFactory" ref="casSubjectFactory"></property> <property name="realm" ref="UserRealm" /> <!-- <property name="realm" ref="systemAuthorizingRealm" /> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="shiroCacheManager" /> --> </bean> <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"></bean> <bean id="UserRealm" class="com.thinkgem.jeesite.modules.sys.security.UserRealm" depends-on="userDao,roleDao,menuDao"> <property name="defaultRoles" value="ROLE_USER" /> <property name="casServerUrlPrefix" value="${shiro.cas.serverUrlPrefix}" /> <property name="casService" value="${shiro.cas.service}" /> </bean> <!-- 自定义会话管理配置 --> <bean id="sessionManager" class="com.thinkgem.jeesite.common.security.shiro.session.SessionManager"> <property name="sessionDAO" ref="sessionDAO"/> <!-- 会话超时时间,单位:毫秒 --> <property name="globalSessionTimeout" value="${session.sessionTimeout}"/> <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话 --> <property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/> <!-- <property name="sessionValidationSchedulerEnabled" value="false"/> --> <property name="sessionValidationSchedulerEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> <property name="sessionIdCookieEnabled" value="true"/> </bean> <!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID, 当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg name="name" value="jeesite.session.id"/> </bean> <!-- 自定义Session存储容器 --> <bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.JedisSessionDAO"> <property name="sessionIdGenerator" ref="idGen" /> <property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> </bean> <!--<bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.CacheSessionDAO"> <property name="sessionIdGenerator" ref="idGen" /> <property name="activeSessionsCacheName" value="activeSessionsCache" /> <property name="cacheManager" ref="shiroCacheManager" /> </bean>--> <!-- 定义授权缓存管理器 --> <bean id="shiroCacheManager" class="com.thinkgem.jeesite.common.security.shiro.cache.SessionCacheManager" /> <!--<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="cacheManager"/> </bean> --> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- AOP式方法级权限检查 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> </beans> ``` shiro.cas.service=127.0.0.1:8181/a/login shiro.cas.serverUrlPrefix=127.0.0.1:8081/cas/login loginUrl=http://127.0.0.1:8081/cas/login?service=http://127.0.0.1:8181/a/login logoutUrl=http://127.0.0.1:8081/cas/logout?service=http://127.0.0.1:8181/a/ loginSuccessUrl=127.0.0.1:8181/a/upload.jsp loginFailedUrl=/a/login

spring mvc+shiro+cas 实现cas client功能 跳转回来404

http://securitycenter.com:8080/gtsys/cas?ticket=ST-14-HEDhc1GVQt0UYdiZpi7R-cas 返回这个地址 404 ![图片说明](https://img-ask.csdn.net/upload/201510/09/1444404164_27274.png) ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:task="http://www.springframework.org/schema/task" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-4.1.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.1.xsd" > <!-- 定时器开关 开始 --> <task:annotation-driven /> <!-- 标注类型 的事务配置 如果使用注解事务。就放开 <tx:annotation-driven />--> <!-- 统一异常处理方式 --> <bean id="exceptionHandler" class="com.lanyuan.exception.MyExceptionHandler"/> <!-- 初始化数据 --> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" > <property name ="locations"> <list> <value>classpath:jdbc.properties</value> </list> </property> <property name="ignoreUnresolvablePlaceholders" value="true" /> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="url" value="${jdbc.url}" /> <property name="username" value="${jdbc.username}" /> <property name="password" value="${jdbc.password}" /> <property name="driverClassName" value="${jdbc.driverClass}" /> </bean> <bean id="pagePlugin" class="com.lanyuan.plugin.PagePlugin"> <property name="properties"> <props> <prop key="dialect">mysql</prop> <prop key="pageSqlId">.*query.*</prop> </props> </property> </bean> <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"> <property name="dataSource" ref="dataSource" /> <!-- 自动匹配Mapper映射文件 --> <property name="mapperLocations" value="classpath:mappings/*-mapper.xml"/> <property name="typeAliasesPackage" value="com.lanyuan.entity"/> <property name="plugins"> <array> <ref bean="pagePlugin" /> </array> </property> </bean> <!-- 通过扫描的模式,扫描目录在com.lanyuan.mapper目录下,所有的mapper都继承SqlMapper接口的接口, 这样一个bean就可以了 --> <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"> <property name="basePackage" value="com.lanyuan.mapper" /> </bean> <!-- 事务配置 --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource" /> </bean> <!-- <aop:config> <aop:pointcut expression="execution(public * com.lanyuan.controller.*(..))" id="pointcut" /> <aop:advisor advice-ref="txAdvice" pointcut-ref="pointcut" /> </aop:config> <tx:advice id="txAdvice" transaction-manager="transactionManager"> <tx:attributes> <tx:method name="query*" propagation="REQUIRED" read-only="true" /> <tx:method name="find*" propagation="REQUIRED" read-only="true" /> <tx:method name="save*" propagation="REQUIRED" /> <tx:method name="delete*" propagation="REQUIRED" /> <tx:method name="add*" propagation="REQUIRED" /> <tx:method name="modify*" propagation="REQUIRED" /> <tx:method name="logicDelById" propagation="REQUIRED" /> </tx:attributes> </tx:advice> --> <!-- <aop:aspectj-autoproxy proxy-target-class="true"/> <bean id="log4jHandlerAOP" class="com.lanyuan.logAop.LogAopAction"></bean> <aop:config proxy-target-class="true"> <aop:aspect id="logAspect" ref="log4jHandlerAOP"> <aop:pointcut id="logPointCut" expression="execution(* org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(..))" /> <aop:around method="logAll" pointcut-ref="logPointCut" /> </aop:aspect> </aop:config> --> <!-- 使用Spring组件扫描的方式来实现自动注入bean --> <context:component-scan base-package="com.lanyuan.task" /> <!-- 隐式地向 Spring 容器注册 --> <context:annotation-config /> </beans> spring-application.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.1.xsd" > <tx:annotation-driven /> <context:component-scan base-package="com.lanyuan.controller" /> <context:component-scan base-package="com.lanyuan.logAop" /> <!-- 启动对@AspectJ注解的支持 --> <!--通知spring使用cglib而不是jdk的来生成代理方法 AOP可以拦截到Controller--> <aop:aspectj-autoproxy proxy-target-class="true"/> <!-- 注解支持 --> <context:annotation-config/> <!--避免IE执行AJAX时,返回JSON出现下载文件 --> <bean id="mappingJackson2HttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"> <property name="supportedMediaTypes"> <list> <value>text/html;charset=UTF-8</value> <value>text/json;charset=UTF-8</value> <value>application/json;charset=UTF-8</value> </list> </property> </bean> <!-- 采用SpringMVC自带的JSON转换工具,支持@ResponseBody注解 --> <bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter"> <property name="messageConverters"> <list> <ref bean="mappingJackson2HttpMessageConverter" /> <!-- JSON转换器 --> </list> </property> </bean> <!-- 对模型视图名称的解析,即在模型视图名称添加前后缀 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" /> <property name="prefix" value="/"></property> <property name="suffix" value=".jsp"></property> </bean> <mvc:annotation-driven> <!-- 处理responseBody 里面日期类型 --> <mvc:message-converters> <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"> <property name="objectMapper"> <bean class="com.fasterxml.jackson.databind.ObjectMapper"> <property name="dateFormat"> <bean class="java.text.SimpleDateFormat"> <constructor-arg type="java.lang.String" value="yyyy-MM-dd HH:mm:ss" /> </bean> </property> </bean> </property> </bean> </mvc:message-converters> </mvc:annotation-driven> <!-- 配置文件上传,如果没有使用文件上传可以不用配置,当然如果不配,那么配置文件中也不必引入上传组件包 --> <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> <!-- 默认编码 --> <property name="defaultEncoding" value="utf-8" /> <!-- 文件大小最大值 --> <property name="maxUploadSize" value="10485760000" /> <!-- 内存中的最大值 --> <property name="maxInMemorySize" value="40960" /> </bean> <import resource="spring-mvc-shiro.xml"/> </beans> spring-mvc.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" > <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" > <property name ="locations"> <list> <value>classpath:jdbc.properties</value> </list> </property> <property name="ignoreUnresolvablePlaceholders" value="true" /> </bean> <bean id="credentialsMatcher" class="com.lanyuan.shiro.credentials.RetryLimitHashedCredentialsMatcher"> <!-- hashAlgorithmName必须的,没有默认值。可以有MD5或者SHA-1,如果对密码安全有更高要求可以用SHA-256或者更高。 这里使用MD5 storedCredentialsHexEncoded默认是true,此时用的是密码加密用的是Hex编码;false时用Base64编码 hashIterations迭代次数,默认值是1。 --> <constructor-arg ref="cacheManager" /> <property name="hashAlgorithmName" value="md5" /> <!--<property name="hashIterations" value="2" />--> <!--<property name="storedCredentialsHexEncoded" value="true" />--> </bean> <!-- 会话Cookie模板 --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <!-- sid如果改为JSESSIONID会导致重定向循环 --> <constructor-arg value="sid"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="-1"/> </bean> <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="rememberMe"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="2592000"/><!-- 30天 --> </bean> <!-- rememberMe管理器 --> <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> <!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)--> <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/> <property name="cookie" ref="rememberMeCookie"/> </bean> <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/> <!-- 凭证匹配器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="casRealm" /> <property name="sessionManager" ref="sessionManager"/> <!-- 使用下面配置的缓存管理器 --> <property name="cacheManager" ref="cacheManager" /> <property name="rememberMeManager" ref="rememberMeManager"/> <property name="subjectFactory" ref="casSubjectFactory"/> </bean> <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/> <property name="arguments" ref="securityManager"/> </bean> <!--自定义Realm --> <!-- <bean id="myRealm" class="com.lanyuan.shiro.MyRealm"> <property name="credentialsMatcher" ref="credentialsMatcher" /> <property name="cachingEnabled" value="false" /> --> <!-- 如需要自定义缓存时间放开以下.修改 ehcache.xml--> <!--<property name="authenticationCachingEnabled" value="true"/>--> <!--<property name="authenticationCacheName" value="authenticationCache"/>--> <!--<property name="authorizationCachingEnabled" value="true"/>--> <!--<property name="authorizationCacheName" value="authorizationCache"/>--> <!-- </bean> --> <!-- <property name="userService" ref="userService"/> --> <bean id="casRealm" class="com.lanyuan.shiro.MyCasRealm"> <property name="cachingEnabled" value="true"/> <property name="authenticationCachingEnabled" value="true"/> <property name="authenticationCacheName" value="authenticationCache"/> <property name="authorizationCachingEnabled" value="true"/> <property name="authorizationCacheName" value="authorizationCache"/> <!--该地址为cas server地址 --> <property name="casServerUrlPrefix" value="${shiro.casServer.url}"/> <!-- 该地址为是当前应用 CAS 服务 URL,即用于接收并处理登录成功后的 Ticket 的, 必须和loginUrl中的service参数保持一致,否则服务器会判断service不匹配--> <property name="casService" value="${shiro.client.cas}"/> </bean> <bean id="sysUserFilter" class="com.lanyuan.shiro.filter.SysUserFilter"/> <bean id="kickoutSessionControlFilter" class="com.lanyuan.shiro.filter.KickoutSessionControlFilter"> <property name="cacheManager" ref="cacheManager"/> <property name="sessionManager" ref="sessionManager"/> <property name="kickoutAfter" value="false"/> <property name="maxSession" value="1"/> <property name="kickoutUrl" value="/login.shtml"/> </bean> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <!--配置验证错误时的失败页面(Ticket 校验不通过时展示的错误页面) --> <property name="failureUrl" value="${shiro.failureUrl}"/> </bean> <bean id="casLogoutFilter" class="io.github.howiefh.cas.session.CasLogoutFilter"> <property name="sessionManager" ref="sessionManager"/> </bean> <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <property name="redirectUrl" value="${shiro.logout.url}"/> </bean> <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- <property name="loginUrl" value="/login.shtml" /> <property name="successUrl" value="/index.shtml" /> --> <property name="loginUrl" value="${shiro.login.url}"/> <property name="successUrl" value="${shiro.login.success.url}"/> <property name="unauthorizedUrl" value="/denied.jsp" /> <!-- 自定义权限配置 --> <property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" /> <property name="filters"> <util:map> <entry key="cas" value-ref="casFilter"/> <entry key="logout" value-ref="logoutFilter" /> <entry key="casLogout" value-ref="casLogoutFilter" /> <entry key="sysUser" value-ref="sysUserFilter"/> <entry key="kickout" value-ref="kickoutSessionControlFilter"/> </util:map> </property> </bean> <!--自定义filterChainDefinitionMap --> <bean id="chainDefinitionSectionMetaSource" class="com.lanyuan.shiro.ChainDefinitionSectionMetaSource"> <property name="filterChainDefinitions"> <value> /casFailure.jsp = anon /cas = casLogout,cas /logout = logout /favicon.ico = anon /admin_files/** = anon /fonts/** = anon /404/** = anon /error.jsp = anon /js/** = anon /layer-v1.9.2/** = anon /notebook/** = anon /login.shtml = anon /denied.jsp = anon /install.shtml = anon /lanyuan.shtml = anon /** = casLogout,user </value> </property> </bean> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/> <!-- 会话DAO --> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/> <property name="sessionIdGenerator" ref="sessionIdGenerator"/> </bean> <!-- 会话验证调度器 --> <!-- 全局的会话信息检测扫描信息间隔30分钟--> <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> <property name="sessionValidationInterval" value="1800000"/> <property name="sessionManager" ref="sessionManager"/> </bean> <!-- 会话管理器 --> <!-- 全局的会话信息设置成30分钟,sessionValidationSchedulerEnabled参数就是是否开启扫描 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="1800000"/> <property name="deleteInvalidSessions" value="true"/> <property name="sessionValidationSchedulerEnabled" value="true"/> <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/> <property name="sessionDAO" ref="sessionDAO"/> <property name="sessionIdCookieEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> </bean> <!--shiro缓存管理器 --> <bean id="cacheManager" class="com.lanyuan.shiro.spring.SpringCacheManagerWrapper" > <property name="cacheManager" ref="springCacheManager"/> </bean> <bean id="springCacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager"> <property name="cacheManager" ref="ehcacheManager"/> </bean> <!--ehcache--> <bean id="ehcacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> <property name="configLocation" value="classpath:ehcache.xml"/> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> </beans> spring-shiro.xml <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" metadata-complete="false"> <display-name>gtsys</display-name> <!-- 单点登出 --> <!-- <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-shiro.xml,classpath:spring-application.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <listener> <listener-class> org.springframework.web.context.request.RequestContextListener </listener-class> </listener> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <async-supported>true</async-supported> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>*.shtml</url-pattern> </servlet-mapping> <filter> <filter-name>encoding</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encoding</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping> --> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.eot</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.ttf</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.css</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.xml</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.swf</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.zip</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.gif</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.jpg</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.png</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.js</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.woff</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>login.shtml</welcome-file> </welcome-file-list> </web-app> web.xml ## shiro shiro.session.timeout=1800000 shiro.session.validate.timespan=1800000 # cas\u767B\u5F55URL shiro.login.url=https://localhost:8443/cas-server/login?service=http://securitycenter.com:8080/gtsys/cas # cas logout shiro.logout.url=https://localhost:8443/cas-server/logout?service=http://securitycenter.com:8080/gtsys # cas\u767B\u5F55\u6210\u529F\u8DF3\u8F6CURL shiro.login.success.url=http://securitycenter.com:8080/gtsys/index.shtml # cas\u670D\u52A1\u5668URL shiro.casServer.url=https://localhost:8443/cas-server # \u5BA2\u6237\u7AEFCAS\u767B\u5F55URL shiro.client.cas=http://securitycenter.com:8080/gtsys/cas # \u5BA2\u6237\u7AEFCAS\u9A8C\u8BC1\u5931\u8D25\u8DF3\u8F6CURL shiro.failureUrl=/casFailure.jsp ## dataSource dataSource.driver=com.mysql.jdbc.Driver dataSource.url=jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf-8 dataSource.username=root dataSource.password=1234 properties文件 <?xml version="1.0" encoding="UTF-8"?> <ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="true" monitoring="autodetect" dynamicConfig="true"> <diskStore path="java.io.tmpdir"/> <!-- <diskStore>==========当内存缓存中对象数量超过maxElementsInMemory时,将缓存对象写到磁盘缓存中(需对象实现序列化接口) * <diskStore path="">==用来配置磁盘缓存使用的物理路径,Ehcache磁盘缓存使用的文件后缀名是*.data和*.index * name=================缓存名称,cache的唯一标识(ehcache会把这个cache放到HashMap里) * maxElementsOnDisk====磁盘缓存中最多可以存放的元素数量,0表示无穷大 * maxElementsInMemory==内存缓存中最多可以存放的元素数量,若放入Cache中的元素超过这个数值,则有以下两种情况 * 1)若overflowToDisk=true,则会将Cache中多出的元素放入磁盘文件中 * 2)若overflowToDisk=false,则根据memoryStoreEvictionPolicy策略替换Cache中原有的元素 * eternal==============缓存中对象是否永久有效,即是否永驻内存,true时将忽略timeToIdleSeconds和timeToLiveSeconds * timeToIdleSeconds====缓存数据在失效前的允许闲置时间(单位:秒),仅当eternal=false时使用,默认值是0表示可闲置时间无穷大,此为可选属性 * 即访问这个cache中元素的最大间隔时间,若超过这个时间没有访问此Cache中的某个元素,那么此元素将被从Cache中清除 * timeToLiveSeconds====缓存数据在失效前的允许存活时间(单位:秒),仅当eternal=false时使用,默认值是0表示可存活时间无穷大 * 即Cache中的某元素从创建到清楚的生存时间,也就是说从创建开始计时,当超过这个时间时,此元素将从Cache中清除 * overflowToDisk=======内存不足时,是否启用磁盘缓存(即内存中对象数量达到maxElementsInMemory时,Ehcache会将对象写到磁盘中) * 会根据标签中path值查找对应的属性值,写入磁盘的文件会放在path文件夹下,文件的名称是cache的名称,后缀名是data * diskPersistent=======是否持久化磁盘缓存,当这个属性的值为true时,系统在初始化时会在磁盘中查找文件名为cache名称,后缀名为index的文件 * 这个文件中存放了已经持久化在磁盘中的cache的index,找到后会把cache加载到内存 * 要想把cache真正持久化到磁盘,写程序时注意执行net.sf.ehcache.Cache.put(Element element)后要调用flush()方法 * diskExpiryThreadIntervalSeconds==磁盘缓存的清理线程运行间隔,默认是120秒 * diskSpoolBufferSizeMB============设置DiskStore(磁盘缓存)的缓存区大小,默认是30MB * memoryStoreEvictionPolicy========内存存储与释放策略,即达到maxElementsInMemory限制时,Ehcache会根据指定策略清理内存 * 共有三种策略,分别为LRU(最近最少使用)、LFU(最常用的)、FIFO(先进先出) --> <!-- 注意,以下缓存是永久有效,是系统初始化数据到缓存中,如果不需要永久有效,请另写,或在 --> <cache name="cache" maxEntriesLocalHeap="10000" maxEntriesLocalDisk="1000" eternal="true" diskSpoolBufferSizeMB="20" timeToIdleSeconds="0" timeToLiveSeconds="0" memoryStoreEvictionPolicy="LFU" transactionalMode="off"> </cache> <!-- 登录记录缓存 锁定10分钟 --> <cache name="passwordRetryCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <!-- <cache name="authorizationCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="authenticationCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> --> <cache name="shiro-activeSessionCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="shiro-kickout-session" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> </ehcache> ehcache.xml package com.lanyuan.shiro; //import com.github.zhangkaitao.shiro.chapter15.service.UserService; import java.util.List; import javax.inject.Inject; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cas.CasRealm; import org.apache.shiro.subject.PrincipalCollection; import com.lanyuan.entity.ResFormMap; import com.lanyuan.mapper.ResourcesMapper; import com.lanyuan.mapper.UserMapper; /** * <p>User: Zhang Kaitao * <p>Date: 14-2-13 * <p>Version: 1.0 */ public class MyCasRealm extends CasRealm { // private UserService userService; // // public void setUserService(UserService userService) { // this.userService = userService; // } @Inject private ResourcesMapper resourcesMapper; @Inject private UserMapper userMapper; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String username = (String)principals.getPrimaryPrincipal(); // PathMatchingFilterChainResolver SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); //authorizationInfo.setRoles(userService.findRoles(username)); // authorizationInfo.setStringPermissions(userService.findPermissions(username)); String userId = SecurityUtils.getSubject().getSession().getAttribute("userSessionId").toString(); List<ResFormMap> rs = resourcesMapper.findUserResourcess(userId); for (ResFormMap resources : rs) { authorizationInfo.addStringPermission(resources.get("resKey").toString()); } return authorizationInfo; } } MyCasRealm.java ``` ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> <aop:config proxy-target-class="true"></aop:config> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> </beans> spring-mvc-shiro.xml ``` 这个是更改 网上的蓝缘系统的 cas server 和cas client参考的 http://howiefh.github.io/2015/05/19/shiro-cas-single-sign-on/?utm_source=tuicool 不知道为什么会返回404

在中国程序员是青春饭吗?

今年,我也32了 ,为了不给大家误导,咨询了猎头、圈内好友,以及年过35岁的几位老程序员……舍了老脸去揭人家伤疤……希望能给大家以帮助,记得帮我点赞哦。 目录: 你以为的人生 一次又一次的伤害 猎头界的真相 如何应对互联网行业的「中年危机」 一、你以为的人生 刚入行时,拿着傲人的工资,想着好好干,以为我们的人生是这样的: 等真到了那一天,你会发现,你的人生很可能是这样的: ...

Java校招入职华为,半年后我跑路了

何来 我,一个双非本科弟弟,有幸在 19 届的秋招中得到前东家华为(以下简称 hw)的赏识,当时秋招签订就业协议,说是入了某 java bg,之后一系列组织架构调整原因等等让人无法理解的神操作,最终毕业前夕,被通知调往其他 bg 做嵌入式开发(纯 C 语言)。 由于已至于校招末尾,之前拿到的其他 offer 又无法再收回,一时感到无力回天,只得默默接受。 毕业后,直接入职开始了嵌入式苦旅,由于从未...

Java基础知识面试题(2020最新版)

文章目录Java概述何为编程什么是Javajdk1.5之后的三大版本JVM、JRE和JDK的关系什么是跨平台性?原理是什么Java语言有哪些特点什么是字节码?采用字节码的最大好处是什么什么是Java程序的主类?应用程序和小程序的主类有何不同?Java应用程序与小程序之间有那些差别?Java和C++的区别Oracle JDK 和 OpenJDK 的对比基础语法数据类型Java有哪些数据类型switc...

@程序员:GitHub这个项目快薅羊毛

今天下午在朋友圈看到很多人都在发github的羊毛,一时没明白是怎么回事。 后来上百度搜索了一下,原来真有这回事,毕竟资源主义的羊毛不少啊,1000刀刷爆了朋友圈!不知道你们的朋友圈有没有看到类似的消息。 这到底是啥情况? 微软开发者平台GitHub 的一个区块链项目 Handshake ,搞了一个招募新会员的活动,面向GitHub 上前 25万名开发者派送 4,246.99 HNS币,大约价...

再不跳槽,应届毕业生拿的都比我多了!

跳槽几乎是每个人职业生涯的一部分,很多HR说“三年两跳”已经是一个跳槽频繁与否的阈值了,可为什么市面上有很多程序员不到一年就跳槽呢?他们不担心影响履历吗? PayScale之前发布的**《员工最短任期公司排行榜》中,两家码农大厂Amazon和Google**,以1年和1.1年的员工任期中位数分列第二、第四名。 PayScale:员工最短任期公司排行榜 意外的是,任期中位数极小的这两家公司,薪资...

我以为我学懂了数据结构,直到看了这个导图才发现,我错了

数据结构与算法思维导图

技术大佬:我去,你写的 switch 语句也太老土了吧

昨天早上通过远程的方式 review 了两名新来同事的代码,大部分代码都写得很漂亮,严谨的同时注释也很到位,这令我非常满意。但当我看到他们当中有一个人写的 switch 语句时,还是忍不住破口大骂:“我擦,小王,你丫写的 switch 语句也太老土了吧!” 来看看小王写的代码吧,看完不要骂我装逼啊。 private static String createPlayer(PlayerTypes p...

华为初面+综合面试(Java技术面)附上面试题

华为面试整体流程大致分为笔试,性格测试,面试,综合面试,回学校等结果。笔试来说,华为的难度较中等,选择题难度和网易腾讯差不多。最后的代码题,相比下来就简单很多,一共3道题目,前2题很容易就AC,题目已经记不太清楚,不过难度确实不大。最后一题最后提交的代码过了75%的样例,一直没有发现剩下的25%可能存在什么坑。 笔试部分太久远,我就不怎么回忆了。直接将面试。 面试 如果说腾讯的面试是挥金如土...

和黑客斗争的 6 天!

互联网公司工作,很难避免不和黑客们打交道,我呆过的两家互联网公司,几乎每月每天每分钟都有黑客在公司网站上扫描。有的是寻找 Sql 注入的缺口,有的是寻找线上服务器可能存在的漏洞,大部分都...

讲一个程序员如何副业月赚三万的真实故事

loonggg读完需要3分钟速读仅需 1 分钟大家好,我是你们的校长。我之前讲过,这年头,只要肯动脑,肯行动,程序员凭借自己的技术,赚钱的方式还是有很多种的。仅仅靠在公司出卖自己的劳动时...

win10暴力查看wifi密码

刚才邻居打了个电话说:喂小灰,你家wifi的密码是多少,我怎么连不上了。 我。。。 我也忘了哎,就找到了一个好办法,分享给大家: 第一种情况:已经连接上的wifi,怎么知道密码? 打开:控制面板\网络和 Internet\网络连接 然后右击wifi连接的无线网卡,选择状态 然后像下图一样: 第二种情况:前提是我不知道啊,但是我以前知道密码。 此时可以利用dos命令了 1、利用netsh wlan...

上班一个月,后悔当初着急入职的选择了

最近有个老铁,告诉我说,上班一个月,后悔当初着急入职现在公司了。他之前在美图做手机研发,今年美图那边今年也有一波组织优化调整,他是其中一个,在协商离职后,当时捉急找工作上班,因为有房贷供着,不能没有收入来源。所以匆忙选了一家公司,实际上是一个大型外包公司,主要派遣给其他手机厂商做外包项目。**当时承诺待遇还不错,所以就立马入职去上班了。但是后面入职后,发现薪酬待遇这块并不是HR所说那样,那个HR自...

女程序员,为什么比男程序员少???

昨天看到一档综艺节目,讨论了两个话题:(1)中国学生的数学成绩,平均下来看,会比国外好?为什么?(2)男生的数学成绩,平均下来看,会比女生好?为什么?同时,我又联想到了一个技术圈经常讨...

总结了 150 余个神奇网站,你不来瞅瞅吗?

原博客再更新,可能就没了,之后将持续更新本篇博客。

副业收入是我做程序媛的3倍,工作外的B面人生是怎样的?

提到“程序员”,多数人脑海里首先想到的大约是:为人木讷、薪水超高、工作枯燥…… 然而,当离开工作岗位,撕去层层标签,脱下“程序员”这身外套,有的人生动又有趣,马上展现出了完全不同的A/B面人生! 不论是简单的爱好,还是正经的副业,他们都干得同样出色。偶尔,还能和程序员的特质结合,产生奇妙的“化学反应”。 @Charlotte:平日素颜示人,周末美妆博主 大家都以为程序媛也个个不修边幅,但我们也许...

MySQL数据库面试题(2020最新版)

文章目录数据库基础知识为什么要使用数据库什么是SQL?什么是MySQL?数据库三大范式是什么mysql有关权限的表都有哪几个MySQL的binlog有有几种录入格式?分别有什么区别?数据类型mysql有哪些数据类型引擎MySQL存储引擎MyISAM与InnoDB区别MyISAM索引与InnoDB索引的区别?InnoDB引擎的4大特性存储引擎选择索引什么是索引?索引有哪些优缺点?索引使用场景(重点)...

如果你是老板,你会不会踢了这样的员工?

有个好朋友ZS,是技术总监,昨天问我:“有一个老下属,跟了我很多年,做事勤勤恳恳,主动性也很好。但随着公司的发展,他的进步速度,跟不上团队的步伐了,有点...

我入职阿里后,才知道原来简历这么写

私下里,有不少读者问我:“二哥,如何才能写出一份专业的技术简历呢?我总感觉自己写的简历太烂了,所以投了无数份,都石沉大海了。”说实话,我自己好多年没有写过简历了,但我认识的一个同行,他在阿里,给我说了一些他当年写简历的方法论,我感觉太牛逼了,实在是忍不住,就分享了出来,希望能够帮助到你。 01、简历的本质 作为简历的撰写者,你必须要搞清楚一点,简历的本质是什么,它就是为了来销售你的价值主张的。往深...

程序员写出这样的代码,能不挨骂吗?

当你换槽填坑时,面对一个新的环境。能够快速熟练,上手实现业务需求是关键。但是,哪些因素会影响你快速上手呢?是原有代码写的不够好?还是注释写的不够好?昨夜...

!大部分程序员只会写3年代码

如果世界上都是这种不思进取的软件公司,那别说大部分程序员只会写 3 年代码,恐怕就没有程序员这种职业。

离职半年了,老东家又发 offer,回不回?

有小伙伴问松哥这个问题,他在上海某公司,在离职了几个月后,前公司的领导联系到他,希望他能够返聘回去,他很纠结要不要回去? 俗话说好马不吃回头草,但是这个小伙伴既然感到纠结了,我觉得至少说明了两个问题:1.曾经的公司还不错;2.现在的日子也不是很如意。否则应该就不会纠结了。 老实说,松哥之前也有过类似的经历,今天就来和小伙伴们聊聊回头草到底吃不吃。 首先一个基本观点,就是离职了也没必要和老东家弄的苦...

HTTP与HTTPS的区别

面试官问HTTP与HTTPS的区别,我这样回答让他竖起大拇指!

男生更看重女生的身材脸蛋,还是思想?

往往,我们看不进去大段大段的逻辑。深刻的哲理,往往短而精悍,一阵见血。问:产品经理挺漂亮的,有点心动,但不知道合不合得来。男生更看重女生的身材脸蛋,还是...

程序员为什么千万不要瞎努力?

本文作者用对比非常鲜明的两个开发团队的故事,讲解了敏捷开发之道 —— 如果你的团队缺乏统一标准的环境,那么即使勤劳努力,不仅会极其耗时而且成果甚微,使用...

为什么程序员做外包会被瞧不起?

二哥,有个事想询问下您的意见,您觉得应届生值得去外包吗?公司虽然挺大的,中xx,但待遇感觉挺低,马上要报到,挺纠结的。

当HR压你价,说你只值7K,你该怎么回答?

当HR压你价,说你只值7K时,你可以流畅地回答,记住,是流畅,不能犹豫。 礼貌地说:“7K是吗?了解了。嗯~其实我对贵司的面试官印象很好。只不过,现在我的手头上已经有一份11K的offer。来面试,主要也是自己对贵司挺有兴趣的,所以过来看看……”(未完) 这段话主要是陪HR互诈的同时,从公司兴趣,公司职员印象上,都给予对方正面的肯定,既能提升HR的好感度,又能让谈判气氛融洽,为后面的发挥留足空间。...

面试:第十六章:Java中级开发(16k)

HashMap底层实现原理,红黑树,B+树,B树的结构原理 Spring的AOP和IOC是什么?它们常见的使用场景有哪些?Spring事务,事务的属性,传播行为,数据库隔离级别 Spring和SpringMVC,MyBatis以及SpringBoot的注解分别有哪些?SpringMVC的工作原理,SpringBoot框架的优点,MyBatis框架的优点 SpringCould组件有哪些,他们...

面试阿里p7,被按在地上摩擦,鬼知道我经历了什么?

面试阿里p7被问到的问题(当时我只知道第一个):@Conditional是做什么的?@Conditional多个条件是什么逻辑关系?条件判断在什么时候执...

终于懂了TCP和UDP协议区别

终于懂了TCP和UDP协议区别

Python爬虫,高清美图我全都要(彼岸桌面壁纸)

爬取彼岸桌面网站较为简单,用到了requests、lxml、Beautiful Soup4

立即提问
相关内容推荐