admin管理员组文章数量:1550527
首先此异常是在 (源码解析)(解决方法在最后。。)
org.apache.shiro.session.mgt.eis.AbstractSessionDAO的readSession方法中抛出的异常
public Session readSession(Serializable sessionId) throws UnknownSessionException {
Session s = doReadSession(sessionId);
if (s == null) {
throw new UnknownSessionException("There is no session with id [" + sessionId + "]");
}
return s;
}
readSession方法 中会调用抽象类AbstractSessionDAO的子类RedisSessionDAO中的doReadSession方法,此方法是会先从本地获取session,获取失败后再从redis中获取session,如果redis中session失效,则返回null,导致抛出异常。所以,要避免此异常,则需要在session失效情况下防止此方法被调用。
org.apache.shiro.session.mgt.DefaultSessionManager中
protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException {
Serializable sessionId = getSessionId(sessionKey);
if (sessionId == null) {
log.debug("Unable to resolve session ID from SessionKey [{}]. Returning null to indicate a " +
"session could not be found.", sessionKey);
return null;
}
Session s = retrieveSessionFromDataSource(sessionId);
if (s == null) {
//session ID was provided, meaning one is expected to be found, but we couldn't find one:
String msg = "Could not find session with ID [" + sessionId + "]";
throw new UnknownSessionException(msg);
}
return s;
}
protected Serializable getSessionId(SessionKey sessionKey) {
return sessionKey.getSessionId();
}
protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException {
return sessionDAO.readSession(sessionId);
}
在此处调用了readSession,
因此Serializable sessionId = getSessionId(sessionKey); 这个方法会从sessionKey(shiro核心过滤器传入)获取sessionId
protected Serializable getSessionId(SessionKey sessionKey) {
return sessionKey.getSessionId();
}此方法被org.apache.shiro.web.session.mgt.DefaultWebSessionManager重写
@Override
public Serializable getSessionId(SessionKey key) {
Serializable id = super.getSessionId(key);
if (id == null && WebUtils.isWeb(key)) {
ServletRequest request = WebUtils.getRequest(key);
ServletResponse response = WebUtils.getResponse(key);
id = getSessionId(request, response);
}
return id;
}此方法返回null,说明客户端没有携带cookie,则shiro认为未认证,session失效即认证过期,
id = getSessionId(request, response);
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
return getReferencedSessionId(request, response);
}
解决方法(~~~~~~~~~~~)
重写DefaultWebSessionManager 的 这个方法,代码如下
并在@Configuration 配置中将此类放入SecurityManager,securityManager.setSessionManager(sessionManager());
import org.apache.shiro.session.Session;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
public class ShiroWebSessionManager extends DefaultWebSessionManager {
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
/* 此方法获取客户端cookie的值,如果你的项目将sesssionId放在requestparam中,或者拼接在url中,请查看该方法源码,自行修改*/
String id = super.getSessionIdCookie().readValue(httpRequest, WebUtils.toHttp(response));
if(id != null){
/*此处并非http 的session,是shiro在redis中缓存的session(SimpleSession)*/
/* 此方法是查询redis中的session,笔者在sessionDao中注入了redisManager如果你重写了RedisSessionDAO,则需要更改获取session的方法 */
Session session = /*(Session)redis.get(id)*/;
if(session == null){
return null;
}
}
/* 如果redis中session未过期,此处必须调用父类获取方法 */
return super.getSessionId(request, response);
}
}版权声明:本文标题:Spring Boot+Shiro+redis报UnknownSessionException:There is no session with id(redis中session失效导致异常) 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1727249070a1105007.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论