云易保客户服务系统
blame | 历史 | 原始文档
k94314517
2025-05-19 cdd6551b190b981b807a3b95e9635c559ccc769d 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

package com.doumee.config.shiro;


 


import lombok.extern.slf4j.Slf4j;


import org.apache.shiro.session.Session;


import org.apache.shiro.session.mgt.DefaultSessionManager;


import org.apache.shiro.session.mgt.SessionContext;


import org.apache.shiro.session.mgt.SessionKey;


import org.apache.shiro.web.servlet.Cookie;


import org.apache.shiro.web.servlet.ShiroHttpServletRequest;


import org.apache.shiro.web.servlet.SimpleCookie;


import org.apache.shiro.web.session.mgt.WebSessionManager;


import org.apache.shiro.web.util.WebUtils;


 


import javax.servlet.ServletRequest;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.Serializable;


 


/**


 * 自定义会话管理器


 * @author Eva.Caesar Liu


 * @date 2023/04/17 12:11


 */


@Slf4j


public class ShiroSessionManager extends DefaultSessionManager implements WebSessionManager {


 


    public static   String AUTH_TOKEN = "";


 


    @Override


    protected void onStart(Session session, SessionContext context) {


        super.onStart(session, context);


        if (!WebUtils.isHttp(context)) {


            log.debug("SessionContext argument is not Http compatible or does not have an Http request/response pair. No session ID cookie will be set.");


            return;


        }


        HttpServletRequest request = WebUtils.getHttpRequest(context);


        HttpServletResponse response = WebUtils.getHttpResponse(context);


        Serializable sessionId = session.getId();


        this.storeSessionId(sessionId, request, response);


        request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);


        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);


    }


 


    @Override


    public Serializable getSessionId(SessionKey key) {


        Serializable sessionId = super.getSessionId(key);


        if (sessionId == null && WebUtils.isWeb(key)) {


            ServletRequest servletRequest = WebUtils.getRequest(key);


            if (!(servletRequest instanceof HttpServletRequest)) {


                log.trace("Can not get sessionId from header, the request is not HttpServletRequest");


                return null;


            }


            HttpServletRequest request = (HttpServletRequest) servletRequest;


            // 从cookie中获取认证


            javax.servlet.http.Cookie[] cookies = request.getCookies();


            if (cookies != null) {


                for (javax.servlet.http.Cookie cookie : cookies) {


                    if (AUTH_TOKEN.equals(cookie.getName())) {


                        return cookie.getValue();


                    }


                }


            }


            // 从header中获取认证


            return request.getHeader(AUTH_TOKEN);


        }


        return sessionId;


    }


    @Override


    public boolean isServletContainerSessions() {


        return false;


    }


 


    private void storeSessionId(Serializable currentId, HttpServletRequest request, HttpServletResponse response) {


        if (currentId == null) {


            String msg = "sessionId cannot be null when persisting for subsequent requests.";


            throw new IllegalArgumentException(msg);


        }


        Cookie cookie = new SimpleCookie(AUTH_TOKEN);


        cookie.setHttpOnly(false);


        String idString = currentId.toString();


        cookie.setValue(idString);


        cookie.saveTo(request, response);


        log.trace("Set session ID cookie for session with id {}", idString);


    }


}