首页 > 代码库 > shiro 退出 清除缓存

shiro 退出 清除缓存

shiro是一个被广泛使用的安全层框架,通过xml配置方式与spring无缝对接,用户的登陆/退出/权限控制/Cookie等管理系统基础功能交给shiro来管理。

  一般,在JavaWEB管理平台系统时,用户退出系统之前没需要清除用户数据和关闭连接,防止垃圾数据堆积,shiro提供了LogoutFilter过滤器,我们可以通过LogoutFilter的preHandle方法,实现清除缓存功能。

页面代码:

<div class="item" style="float:right;cursor:pointer;">
     <@shiro.guest>
          <a href="${base}/u/zhuti/ztzx"><span style="font-weight:bold">登录</span>&nbsp;&nbsp;&nbsp;&nbsp;|</a>
     </@shiro.guest>
     <@shiro.user>
          <a href="${base}/b/logout">退出</a>
     </@shiro.user>
</div>

shiro配置文件:applicationContext-shiro.xml

先贴出整个配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jee="http://www.springframework.org/schema/jee"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                            http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
                            http://www.springframework.org/schema/jee 
                            http://www.springframework.org/schema/jee/spring-jee-4.0.xsd 
                            http://www.springframework.org/schema/context 
                            http://www.springframework.org/schema/context/spring-context-4.0.xsd
                            http://www.springframework.org/schema/aop
                            http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
                            http://www.springframework.org/schema/tx
                            http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">


    <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />
    </bean>

    <!-- <bean id="myRealm" class="cn.com.zhulong.app.security.shiro.MyRealm" /> -->
    
    <!-- <bean id="casRealm" class="org.apache.shiro.cas.CasRealm">  -->
    <bean id="casRealm" class="cn.com.zhulong.app.security.shiro.MyCasRealm">   
    </bean>

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!-- <property name="sessionMode" value="http://www.mamicode.com/native"/> -->
        <property name="realm" ref="casRealm" />
        <property name="cacheManager" ref="shiroCacheManager" />
        <property name="sessionManager" ref="sessionManager"/>
        <property name="subjectFactory" ref="casSubjectFactory" />
    </bean>
    
    <!-- 如果要实现cas的remember me的功能,需要用到下面这个bean,并设置到securityManager的subjectFactory中 -->  
    <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>
    
    <!-- 单点登录配置 -->
    <!-- <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> -->
    <bean id="casFilter" class="cn.com.zhulong.app.security.shiro.CasFilter">
        <!--配置验证错误时的失败页面(Ticket 校验不通过时展示的错误页面) -->
        <property name="failureUrl" value="/error" />
    </bean>

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <!-- <bean id="shiroFilter" class="cn.com.zhulong.app.security.shiro.MyShiroFilterFactoryBean"> -->
        <property name="securityManager" ref="securityManager" />
        
        <!--没有单点登录下的配置:没有权限或者失败后跳转的页面 -->
        <property name="loginUrl" value="/login" />
        <!--有单点登录的配置:登录 CAS 服务端地址,参数 service 为服务端的返回地址 --> 
        <!-- <property name="loginUrl" value="http://www.mamicode.com/${cas.shiro.loginUrl}" /> -->
        
        <property name="successUrl" value="/" />
        
        <property name="unauthorizedUrl" value="/unauthorized" />
        <property name="filters">
            <map>
                <entry key="casFilter" value-ref="casFilter"></entry>
                <entry key="myperms">
                    <bean class="cn.com.zhulong.common.web.shiro.MyPermissionsAuthorizationFilter">
                    </bean>
                </entry>
                <entry key="touSuAuthc">
                    <bean class="cn.com.zhulong.app.security.shiro.TouSuFormAuthenticationFilter">
                    </bean>
                </entry>
                <!--退出过滤器-->
                <entry key="logout" value-ref="logoutFilter" />
            </map>
        </property>
        <!-- 先注释掉,先不要权限判断,只要登陆验证就可以访问,测试方便 <property name="filterChainDefinitions">
            <value>
                /logout=logoutFilter
                /enum_js=anon
                /admin/**=authc,myperms
                /admin/**=authc
                /admin/** = authc
                
                /jyzk/toZycdAdd**  = authc
                /jyzk/zycdAdd**  = authc
            </value>
        </property> -->
        <property name="filterChainDefinitions">
            <value>
                /authentication* = casFilter
                /res/** = anon
                /enum_js = anon
                 /b/logout = logout
                /admin/** = authc
                /u/zbxmts/** = touSuAuthc
                /u/** = authc
                /open/**  = authc
                /jyzk/toZycdAdd**  = authc
                /jyzk/zycdAdd**  = authc
            </value>
        </property>
    </bean>


    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

    <!-- 会话ID生成器 -->
    <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
    
    <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
        <property name="redirectUrl" value="/login" />
    </bean>
    
    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod"
            value="org.apache.shiro.SecurityUtils.setSecurityManager" />
        <property name="arguments" ref="securityManager" />
    </bean>
    
    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <property name="globalSessionTimeout" value="1800000" />
        <property name="deleteInvalidSessions" value="true" />
        <property name="sessionValidationSchedulerEnabled" value="true" />
        <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
        <property name="sessionDAO" ref="sessionDAO" />
        <property name="sessionIdCookieEnabled" value="true" />
        <!-- <property name="sessionIdCookie.path" value="http://www.mamicode.com/365-mfgg-adminweb/" /> -->
    </bean>

    <!-- 会话验证调度器 -->
    <bean id="sessionValidationScheduler"
        class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
        <!-- 30分钟 单位为毫秒 -->
        <property name="interval" value="1800000" />
        <property name="sessionManager" ref="sessionManager" />
    </bean>


    <bean id="sessionDAO" class="cn.com.zhulong.common.web.shiro.dao.CustomShiroSessionDAO">
        <property name="shiroSessionRepository" ref="memcachedShiroSessionRepository" />
    </bean>

    <bean id="memcachedShiroSessionRepository" class="cn.com.zhulong.common.web.shiro.dao.MemcachedShiroSessionRepository" />
    
</beans>  

首先页面点击退出时:拦截/b/logout找到对应logout

<property name="filterChainDefinitions">
            <value>
                /authentication* = casFilter
                /res/** = anon
                /enum_js = anon
                 /b/logout = logout
                /admin/** = authc
                /u/zbxmts/** = touSuAuthc
                /u/** = authc
                /open/**  = authc
                /jyzk/toZycdAdd**  = authc
                /jyzk/zycdAdd**  = authc
            </value>
        </property>

再根据logout找到对应退出过滤器:

        <property name="filters">
            <map>
                <entry key="casFilter" value-ref="casFilter"></entry>
                <entry key="myperms">
                    <bean class="cn.com.zhulong.common.web.shiro.MyPermissionsAuthorizationFilter">
                    </bean>
                </entry>
                <entry key="touSuAuthc">
                    <bean class="cn.com.zhulong.app.security.shiro.TouSuFormAuthenticationFilter">
                    </bean>
                </entry>
                <!--退出过滤器-->
                <entry key="logout" value-ref="logoutFilter" />
            </map>
        </property>

再根据logoutFilter找到此配置

    <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
        <property name="redirectUrl" value="/login" />
    </bean>

此处先执行LogoutFilter的退出清空缓存操作,然后重定向,value为重定向的地址

shiro 退出 清除缓存