在web工程(最普通的Servlet&JSP)中使用shiro,却发现每次请求Servlet时,通过shiro获得的session id都是新的(都不一样),不知为什么?
新建了一个普通的Java Web工程,自定义了Reaml,编写一个Servlet,每次请求这个Servlet时,打印subject的Session ID,可是每次都得到不同的Session ID?为什么呢?代码哪里写错了吗?代码如下:shiro.ini[users]
zhang=123,admin
[roles]
admin=user:*
自定义realmpublic class MyRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 先不管认证
return new SimpleAuthenticationInfo("zhang", "123", this.getName());
} @Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 先不管授权
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
return authorizationInfo;
}
}
上下文启动时,创建了SecurityManager@WebListener
public class MyServletContextListener implements ServletContextListener { public void contextDestroyed(ServletContextEvent arg0) {
System.out.println("destroyed");
} public void contextInitialized(ServletContextEvent arg0) {
System.out.println("initialized"); // Cookie
SimpleCookie sessionIdCookie = new SimpleCookie();
sessionIdCookie.setName("sid"); // SessionManager
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionIdCookie(sessionIdCookie); // SecurityManager
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setSessionManager(sessionManager);
securityManager.setRealm(new MyRealm()); SecurityUtils.setSecurityManager(securityManager);
}
}
Servlet@WebServlet(name = "myServlet", urlPatterns = "/login")
public class MyServlet extends HttpServlet{
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Subject subject = SecurityUtils.getSubject();
System.out.println("Session ID:"+subject.getSession().getId().toString());
}
}
在浏览器输入:localhost:8080/test/login,回车,再刷新2次,控制台输出了3个不同的Session ID?这是为什么呢?Session ID:b9e3faa1-55d4-4b9d-8276-50e717f179c0
Session ID:21e14dff-1079-403d-bc9b-76bde9edbc70
Session ID:90728816-9f3c-4ead-8aee-db2644635fa9
新建了一个普通的Java Web工程,自定义了Reaml,编写一个Servlet,每次请求这个Servlet时,打印subject的Session ID,可是每次都得到不同的Session ID?为什么呢?代码哪里写错了吗?代码如下:shiro.ini[users]
zhang=123,admin
[roles]
admin=user:*
自定义realmpublic class MyRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 先不管认证
return new SimpleAuthenticationInfo("zhang", "123", this.getName());
} @Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 先不管授权
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
return authorizationInfo;
}
}
上下文启动时,创建了SecurityManager@WebListener
public class MyServletContextListener implements ServletContextListener { public void contextDestroyed(ServletContextEvent arg0) {
System.out.println("destroyed");
} public void contextInitialized(ServletContextEvent arg0) {
System.out.println("initialized"); // Cookie
SimpleCookie sessionIdCookie = new SimpleCookie();
sessionIdCookie.setName("sid"); // SessionManager
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionIdCookie(sessionIdCookie); // SecurityManager
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setSessionManager(sessionManager);
securityManager.setRealm(new MyRealm()); SecurityUtils.setSecurityManager(securityManager);
}
}
Servlet@WebServlet(name = "myServlet", urlPatterns = "/login")
public class MyServlet extends HttpServlet{
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Subject subject = SecurityUtils.getSubject();
System.out.println("Session ID:"+subject.getSession().getId().toString());
}
}
在浏览器输入:localhost:8080/test/login,回车,再刷新2次,控制台输出了3个不同的Session ID?这是为什么呢?Session ID:b9e3faa1-55d4-4b9d-8276-50e717f179c0
Session ID:21e14dff-1079-403d-bc9b-76bde9edbc70
Session ID:90728816-9f3c-4ead-8aee-db2644635fa9
解决方案 »
- jsp虚拟主机,为什么输入域名,会进入欢迎使用jsp空间页面?
- jsp网页想实现一种效果,请各位大侠进来看看
- fileupload文件上传
- hibernate配置问题
- 动态获取一个类的实例并且是转换过的
- session.getAttribute()的问题 请人帮忙一下...
- 帮忙看一下为什么老报Stream close()的异常阿?谢谢!
- SSH框架结合时遇到问题
- Jsp文件为什么用UltraEdit打不开??右键直接UltraEdit可以,但选择程序选UE便打不开!
- PrintWriter out = new PrintWriter(new GZIPOutputStream(out1),false);不理解是什么意思。
- 点击链接直接下载pdf,浏览器不会打开弹窗确认下载
- 百度编辑器上传视频超过20M就报 上传失败,请重试,求大神们帮忙!
希望能看懂!