前景提要
HDC调试需求开发(15万预算),能者速来!>>>
使用springmvc整合shiro,使用ehcache做缓存,在服务器上总是报【The shiro-activeSessionCache Cache is not alive (STATUS_SHUTDOWN)】这个错误
ehcache.xml <?xml version="1.0" encoding="UTF-8"?> <ehcache name="shirocache"> <diskStore path="java.io.tmpdir"/> <!-- 登录记录缓存 锁定10分钟 --> <cache name="passwordRetryCache" eternal="false" maxElementsInMemory="1000" overflowToDisk="true" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="600" memoryStoreEvictionPolicy="LRU"> </cache> <cache name="authorizationCache" eternal="false" maxElementsInMemory="1000" overflowToDisk="true" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="600" memoryStoreEvictionPolicy="LRU"> </cache> <cache name="authenticationCache" eternal="false" maxElementsInMemory="1000" overflowToDisk="true" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="600" memoryStoreEvictionPolicy="LRU"> </cache> <cache name="shiro-activeSessionCache" eternal="true" maxElementsInMemory="1000" overflowToDisk="true" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="1800" memoryStoreEvictionPolicy="LRU"> </cache> </ehcache>
applicationContext.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:osgi="http://www.springframework.org/schema/osgi" xmlns:ehcache="http://ehcache-spring-annotations.googlecode.com/svn/schema/ehcache-spring" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi-1.2.xsd http://ehcache-spring-annotations.googlecode.com/svn/schema/ehcache-spring http://ehcache-spring-annotations.googlecode.com/svn/schema/ehcache-spring/ehcache-spring-1.1.xsd"> <context:property-placeholder location="file:///${catalina.base}/configuration/pdri/prms/system-config.properties" /> <!-- <context:property-placeholder location="classpath:/META-INF/properties/system-config.properties" /> --> <!-- spring对ehcache的缓存工厂支持 --> <bean id="ehCacheManagerFactory" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> <property name="configLocation" value="file:///${catalina.base}/configuration/pdri/prms/ehcache.xml" /> <!-- <property name="configLocation" value="classpath:/META-INF/ehcache/ehcache.xml" /> --> <property name="shared" value="false" /> </bean> <bean id="passwordHelper" class="org.pdri.prms.filter.PasswordHelper"> <property name="algorithmName" value="${pdri.prms.passwordhelper.algoname}" /> <property name="hashIterations" value="${pdri.prms.passwordhelper.hashiter}" /> </bean> <!-- 缓存管理器 使用EHcache实现 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="ehCacheManagerFactory" /> </bean> <!-- 凭证匹配器 --> <bean id="credentialsMatcher" class="org.pdri.prms.filter.RetryLimitHashedCredentialsMatcher"> <constructor-arg ref="cacheManager" /> <property name="hashAlgorithmName" value="${pdri.prms.passwordhelper.algoname}" /> <property name="hashIterations" value="${pdri.prms.passwordhelper.hashiter}" /> <property name="storedCredentialsHexEncoded" value="true" /> <property name="retryCount" value="10" /> </bean> <!-- Realm实现 --> <bean id="userRealm" class="org.pdri.prms.filter.UserRealm"> <property name="loadUserURL" value="${pdri.pasc.loadUserURL}"/> <property name="loadRolesURL" value="${pdri.pasc.loadRolesURL}"/> <property name="passwordHelper" ref="passwordHelper" /> <property name="credentialsMatcher" ref="credentialsMatcher" /> <property name="cachingEnabled" value="false" /> <!-- 暂时先关闭用户信息缓存功能 ,避免SP和后台用户认证混合--> <property name="authenticationCachingEnabled" value="true" /> <property name="authenticationCacheName" value="authenticationCache" /> <property name="authorizationCachingEnabled" value="true" /> <property name="authorizationCacheName" value="authorizationCache" /> </bean> <!-- 会话验证调度器 --> <!-- <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> <property name="sessionValidationInterval" value="1800000"/> <property name="sessionManager" ref="sessionManager"/> </bean> --> <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> <!-- 会话ID生成器 --> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" /> <!-- 会话Cookie模板 --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="sid" /> <property name="httpOnly" value="true" /> <property name="maxAge" value="180000" /> </bean> <!-- 会话DAO --> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> <property name="activeSessionsCacheName" value="shiro-activeSessionCache" /> <property name="sessionIdGenerator" ref="sessionIdGenerator" /> </bean> <!-- 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="1800000" /> <property name="deleteInvalidSessions" value="true" /> <!-- <property name="sessionValidationSchedulerEnabled" value="true"/> <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/> --> <property name="sessionDAO" ref="sessionDAO" /> <property name="sessionIdCookieEnabled" value="true" /> <property name="sessionIdCookie" ref="sessionIdCookie" /> </bean> <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="rememberMe" /> <property name="httpOnly" value="true" /> <property name="maxAge" value="2592000" /><!-- 30天 --> </bean> <!-- rememberMe管理器 --> <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> <!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位) --> <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}" /> <property name="cookie" ref="rememberMeCookie" /> </bean> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="userRealm" /> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="cacheManager" /> <property name="rememberMeManager" ref="rememberMeManager" /> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- <property name="successUrl" value="/pdri/prms/openapiindex/v101/" /> <property name="loginUrl" value="/openapiindex/v101/login/unlogin" /> <property name="unauthorizedUrl" value="/openapiindex/v101/login/unauthd" /> --> <property name="filters"> <map> <entry key="anyRoles" value-ref="hasAnyRoles"/> <entry key="sysUser" value-ref="sysUserFilter"/> </map> </property> <!-- 注入URL-拦截器链 --> <property name="filterChainDefinitionMap" ref="securityMetaDataSource"/> </bean> <bean id="hasAnyRoles" class="org.pdri.prms.filter.HasAnyRolesAuthorizationFilter"/> <bean id="sysUserFilter" class="org.pdri.prms.filter.SysUserFilter"/> <bean id="filterChainDefinitionsService" class="org.pdri.prms.filter.impl.FilterChainDefinitionsService"> <property name="initURL" value="${pdri.pasc.initURL}"/> <property name="definitions"> <value> /**/resources/**=anon /openapiindex/v101/head/**=anon /openapiindex/v101/foot/**=anon /openapiindex/v101/login/**=anon </value> </property> </bean> <bean id="securityMetaDataSource" class="org.pdri.prms.filter.ChainDefinitionSectionMetaSource"> <property name="initURL" value="${pdri.pasc.initURL}"/> <property name="filterChainDefinitions"> <value> /**/resources/**=anon /openapiindex/v101/head/**=anon /openapiindex/v101/foot/**=anon /openapiindex/v101/login/**=anon </value> </property> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> </beans>
最开始的现象是,刚登陆进去。下一个请求就提示未登录,报下面这个错。
org.apache.shiro.session.ExpiredSessionException: Session with id [d488fd2b-4e5c-46fd-8af3-2f5953bdd468] has expired. Last access time: 12/3/15 4:40 PM. Current time: 12/3/15 5:12 PM. Session timeout is set to 1800 seconds (30 minutes)
找了一天找不到原因了。。。求解救!