private void applySessionManagerToSessionStorageEvaluatorIfPossible() { SubjectDAO subjectDAO = getSubjectDAO(); if (subjectDAO instanceof DefaultSubjectDAO) { SessionStorageEvaluator evaluator = ((DefaultSubjectDAO)subjectDAO).getSessionStorageEvaluator(); if (evaluator instanceof DefaultWebSessionStorageEvaluator) { ((DefaultWebSessionStorageEvaluator)evaluator).setSessionManager(getSessionManager()); } } }
@Bean public SecurityManager securityManager(@Autowired JWTRealm realm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); DefaultSubjectDAO subjectDAO = (DefaultSubjectDAO) securityManager.getSubjectDAO(); DefaultSessionStorageEvaluator evaluator = (DefaultSessionStorageEvaluator) subjectDAO.getSessionStorageEvaluator(); /* * 关闭shiro自带的session * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29 */ evaluator.setSessionStorageEnabled(false); securityManager.setSubjectDAO(subjectDAO); securityManager.setRealm(realm); return securityManager; }
@Bean public SecurityManager securityManager(RedisCacheManager RedisCacheManager){ DefaultWebSecurityManager manager = new DefaultWebSecurityManager(); manager.setRealm(myRealm()); manager.setCacheManager(RedisCacheManager); /* * 关闭session存储,禁用Session作为存储策略的实现, * 但它没有完全地禁用Session所以需要配合SubjectFactory中的context.setSessionCreationEnabled(false) */ //manager.setSessionManager(sessionManager()); ((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO)manager.getSubjectDAO()) .getSessionStorageEvaluator()).setSessionStorageEnabled(false); manager.setSubjectFactory(new AgileSubjectFactory()); return manager; }
@Bean public SecurityManager securityManager(RealmManager realmManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setAuthenticator(new AModularRealmAuthenticator()); securityManager.setRealms(realmManager.initGetRealm()); // 无状态subjectFactory设置 DefaultSessionStorageEvaluator evaluator = (DefaultSessionStorageEvaluator)((DefaultSubjectDAO) securityManager.getSubjectDAO()).getSessionStorageEvaluator(); evaluator.setSessionStorageEnabled(Boolean.FALSE); StatelessWebSubjectFactory subjectFactory = new StatelessWebSubjectFactory(); securityManager.setSubjectFactory(subjectFactory); SecurityUtils.setSecurityManager(securityManager); return securityManager; }