Shiro为每个getSession创建一个新会话()
问题描述:
我在挂毯应用程序中使用shiro(1.2.0)。现在我只想用它来进行会话管理。虽然默认的会话管理(使用ServletContainerSessionManager)的作品,当我尝试切换到本地会话四郎停止跟踪其中的一部分:Shiro为每个getSession创建一个新会话()
public static WebSecurityManager decorateWebSecurityManager(WebSecurityManager manager) {
if(manager instanceof TapestryRealmSecurityManager) {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
MemorySessionDAO sessionDAO = new MemorySessionDAO();
sessionManager.setSessionDAO(sessionDAO);
((TapestryRealmSecurityManager) manager).setSessionManager(sessionManager);
}
return null;
}
调试输出:
07-08-12 17:47:57:339 - {TRACE} util.ThreadContext Thread [[email protected]]; Bound value of type [$WebSecurityManager_19518d48138a] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [[email protected]]
07-08-12 17:47:57:339 - {TRACE} mgt.DefaultSecurityManager Thread [[email protected]]; Context already contains a SecurityManager instance. Returning.
07-08-12 17:47:57:339 - {TRACE} mgt.AbstractValidatingSessionManager Thread [[email protected]]; Attempting to retrieve session with key [email protected]
07-08-12 17:47:57:339 - {DEBUG} servlet.SimpleCookie Thread [[email protected]]; Found 'JSESSIONID' cookie value [sbrxl74ij1v8]
07-08-12 17:47:57:339 - {DEBUG} mgt.DefaultSecurityManager Thread [[email protected]]; Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [sbrxl74ij1v8]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
答
的问题是,我忘了删除@Persist注释,它默认使用会话来存储数据。这导致tapestry用自己的值覆盖shiro的JSESSIONID cookie。