subject代表使用者存取伺服器的一些操作:比做登入、登出,查看角色/權限、
#同時可取得session如:subject.getSession(),該接品,如果之前不存在session,則建立session。創建過程大致為:
subject委託SecurityManager創建、SecurityManager委託SessionManager創建,SessionManager透過SessionFactory工廠創建。由此可見,shiro創建的過程分工明確。
建立過程分析如下。
(1)在DelegatingSubject類別中可以取得Session:
public Session getSession(boolean create) {
.......
SessionContext sessionContext = createSessionContext();
//创建Session上下文,context有个backMap,存放创建Session时所需的数据
Session session = this.securityManager.start(sessionContext);
this.session = decorate(session);//创建代理session,当session.stop()调用时,清空subject的session
.......
return this.session;//返回代理session
}(2)SecurityManager委託sessionManager(DefaultSessionManage)處理Session的建立:
1 public Session start(SessionContext context) throws AuthorizationException {
2 return this.sessionManager.start(context);
3 }*注意:DefaultSessionManage的內部架構為:
(3)AbstractNativeSessionManager建立Session並管理Session:
public Session start(SessionContext context) {
Session session = createSession(context);//通过模板模式,子类实现通过上下仍创建Session
applyGlobalSessionTimeout(session);//更新sessionDAO的sessions(map<String,session>)
onStart(session, context);//一个槽点,待子类实现
notifyStart(session);//注册的监听器开始执行
//Don't expose the EIS-tier Session object to the client-tier:
return createExposedSession(session, context);//创建暴露的Session
}##(4)到此Session的建立完成,及細節程式碼如下:AbstractNativeSessionManager交給AbstractValidatingSessionManager處理:
protected Session createSession(SessionContext context) throws AuthorizationException {
enableSessionValidationIfNecessary();
//创建Session之前,先起一个Session自动定时任务的线程去执行,校验sessionDAO的sessions是否过期。
return doCreateSession(context);
}
//
private void enableSessionValidationIfNecessary() {
SessionValidationScheduler scheduler = getSessionValidationScheduler();
if (isSessionValidationSchedulerEnabled() && (scheduler == null || !scheduler.isEnabled())) {
enableSessionValidation();
}
}
//
protected void enableSessionValidation() {
SessionValidationScheduler scheduler = getSessionValidationScheduler();
if (scheduler == null) {
scheduler = createSessionValidationScheduler();
//scheduler = new ExecutorServiceSessionValidationScheduler(this);scheduler.setInterval(getSessionValidationInterval());
setSessionValidationScheduler(scheduler);
}
if (log.isInfoEnabled()) {
log.info("Enabling session validation scheduler...");
}
scheduler.enableSessionValidation();//自动任务启动执行
afterSessionValidationEnabled();//一个槽点,待子类实现
}(5)ExecutorServiceSessionValidationScheduler驗證Session的過期:
/**
* Creates a single thread {@link ScheduledExecutorService} to validate sessions at fixed intervals
* and enables this scheduler. The executor is created as a daemon thread to allow JVM to shut down
*/
//TODO Implement an integration test to test for jvm exit as part of the standalone example
// (so we don't have to change the unit test execution model for the core module)
public void enableSessionValidation() {
if (this.interval > 0l) {
this.service = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() {
public Thread newThread(Runnable r) {
Thread thread = new Thread(r);
thread.setDaemon(true);
return thread;
}
});
this.service.scheduleAtFixedRate(this, interval, interval, TimeUnit.MILLISECONDS);
this.enabled = true;
}
}
public void run() {
if (log.isDebugEnabled()) {
log.debug("Executing session validation...");
}
long startTime = System.currentTimeMillis();
this.sessionManager.validateSessions();//ExecutorServiceSessionValidationSchedule的在被SessionManager创建里,
long stopTime = System.currentTimeMillis();
if (log.isDebugEnabled()) {
log.debug("Session validation completed successfully in " + (stopTime - startTime) + " milliseconds.");
}
}(6)AbstractValidatingSession的過期:
/**
* @see ValidatingSessionManager#validateSessions()
*/
public void validateSessions() {
if (log.isInfoEnabled()) {
log.info("Validating all active sessions...");
}
int invalidCount = 0;
Collection<Session> activeSessions = getActiveSessions();//获取取保存的Session
if (activeSessions != null && !activeSessions.isEmpty()) {
for (Session s : activeSessions) {
try {
//simulate a lookup key to satisfy the method signature.
//this could probably stand to be cleaned up in future versions:
SessionKey key = new DefaultSessionKey(s.getId());
validate(s, key);
} catch (InvalidSessionException e) {
if (log.isDebugEnabled()) {
boolean expired = (e instanceof ExpiredSessionException);
String msg = "Invalidated session with id [" + s.getId() + "]" +
(expired ? " (expired)" : " (stopped)");
log.debug(msg);
}
invalidCount++;
}
}
}
if (log.isInfoEnabled()) {
String msg = "Finished session validation.";
if (invalidCount > 0) {
msg += " [" + invalidCount + "] sessions were stopped.";
} else {
msg += " No sessions were stopped.";
}
log.info(msg);
}
}
//类DefaultSessionManager实现getActiveSessions接口
protected abstract Collection<Session> getActiveSessions();
protected Collection<Session> getActiveSessions() {
Collection<Session> active = sessionDAO.getActiveSessions();
return active != null ? active : Collections.<Session>emptySet();
}(6)AbstractValidatingSessionManager的過期:
protected Session doCreateSession(SessionContext context) {
Session s = newSessionInstance(context);
if (log.isTraceEnabled()) {
log.trace("Creating session for host {}", s.getHost());
}
create(s);
return s;
}
protected Session newSessionInstance(SessionContext context) {
return getSessionFactory().createSession(context);
}
protected void create(Session session) {
if (log.isDebugEnabled()) {
log.debug("Creating new EIS record for new session instance [" + session + "]");
}
sessionDAO.create(session);
}(6)AbstractValidatingSessionManageralion的過期:驗證的校驗完成,接下來是DefaultSessionManager進行Session的建立:
protected Serializable doCreate(Session session) {
Serializable sessionId = generateSessionId(session);
assignSessionId(session, sessionId);
storeSession(sessionId, session);
return sessionId;
}
protected Session storeSession(Serializable id, Session session) {
if (id == null) {
throw new NullPointerException("id argument cannot be null.");
}
return sessions.putIfAbsent(id, session);
}(8)DefaultSessionManager委託Session(MemorySessionDAO)維護Session:
protected void notifyStart(Session session) {
2 for (SessionListener listener : this.listeners) {
3 listener.onStart(session);
4 }
5 }(9) 建立並維護Session交給註冊好的監聽器,監聽器呼叫啟動onStart介面
protected Session createExposedSession(Session session, SessionContext context) {
return new DelegatingSession(this, new DefaultSessionKey(session.getId()));
}(10)最後建立委託Session,
protected Session decorate(Session session) {
if (session == null) {
throw new IllegalArgumentException("session cannot be null");
}
return new StoppingAwareProxiedSession(session, this);
}
private class StoppingAwareProxiedSession extends ProxiedSession {
private final DelegatingSubject owner;
private StoppingAwareProxiedSession(Session target, DelegatingSubject owningSubject) {
super(target);
owner = owningSubject;
}
16 public void stop() throws InvalidSessionException {
super.stop();
owner.sessionStopped();
}
}(11)最後Subject建立自己的代理Session,主要用來攔截stop方法:
rrreee總結:Session(SimpleSession)在DefaultSessionManage中創建時,被封裝在DelegatingSession中,在subject中又被裝飾為代理session(StoppingAwareProxiedSession),原始的資料很好的保存,使的客戶端不可隨意修改原始的Session
........
以上是關於shiro的源碼學習之Session session = getSession()的實例分析的詳細內容。更多資訊請關注PHP中文網其他相關文章!
JVM性能與其他語言May 14, 2025 am 12:16 AMJVM'SperformanceIsCompetitiveWithOtherRuntimes,operingabalanceOfspeed,安全性和生產性。 1)JVMUSESJITCOMPILATIONFORDYNAMICOPTIMIZAIZATIONS.2)c提供NativePernativePerformanceButlanceButlactsjvm'ssafetyFeatures.3)
Java平台獨立性:使用示例May 14, 2025 am 12:14 AMJavaachievesPlatFormIndependencEthroughTheJavavIrtualMachine(JVM),允許CodeTorunonAnyPlatFormWithAjvm.1)codeisscompiledIntobytecode,notmachine-specificodificcode.2)bytecodeisisteredbytheybytheybytheybythejvm,enablingcross-platerssectectectectectross-eenablingcrossectectectectectection.2)
JVM架構:深入研究Java虛擬機May 14, 2025 am 12:12 AMTheJVMisanabstractcomputingmachinecrucialforrunningJavaprogramsduetoitsplatform-independentarchitecture.Itincludes:1)ClassLoaderforloadingclasses,2)RuntimeDataAreafordatastorage,3)ExecutionEnginewithInterpreter,JITCompiler,andGarbageCollectorforbytec
JVM:JVM與操作系統有關嗎?May 14, 2025 am 12:11 AMJVMhasacloserelationshipwiththeOSasittranslatesJavabytecodeintomachine-specificinstructions,managesmemory,andhandlesgarbagecollection.ThisrelationshipallowsJavatorunonvariousOSenvironments,butitalsopresentschallengeslikedifferentJVMbehaviorsandOS-spe
Java:寫一次,在任何地方跑步(WORA) - 深入了解平台獨立性May 14, 2025 am 12:05 AMJava實現“一次編寫,到處運行”通過編譯成字節碼並在Java虛擬機(JVM)上運行。 1)編寫Java代碼並編譯成字節碼。 2)字節碼在任何安裝了JVM的平台上運行。 3)使用Java原生接口(JNI)處理平台特定功能。儘管存在挑戰,如JVM一致性和平台特定庫的使用,但WORA大大提高了開發效率和部署靈活性。
Java平台獨立性:與不同的操作系統的兼容性May 13, 2025 am 12:11 AMJavaachievesPlatFormIndependencethroughTheJavavIrtualMachine(JVM),允許Codetorunondifferentoperatingsystemsswithoutmodification.thejvmcompilesjavacodeintoplatform-interploplatform-interpectentbybyteentbytybyteentbybytecode,whatittheninternterninterpretsandectectececutesoneonthepecificos,atrafficteyos,Afferctinginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginginging
什麼功能使Java仍然強大May 13, 2025 am 12:05 AMJavaispoperfulduetoitsplatFormitiondence,對象與偏見,RichstandardLibrary,PerformanceCapabilities和StrongsecurityFeatures.1)Platform-dimplighandependectionceallowsenceallowsenceallowsenceallowsencationSapplicationStornanyDevicesupportingJava.2)
頂級Java功能:開發人員的綜合指南May 13, 2025 am 12:04 AMJava的頂級功能包括:1)面向對象編程,支持多態性,提升代碼的靈活性和可維護性;2)異常處理機制,通過try-catch-finally塊提高代碼的魯棒性;3)垃圾回收,簡化內存管理;4)泛型,增強類型安全性;5)ambda表達式和函數式編程,使代碼更簡潔和表達性強;6)豐富的標準庫,提供優化過的數據結構和算法。
熱AI工具
Undresser.AI Undress
人工智慧驅動的應用程序,用於創建逼真的裸體照片
AI Clothes Remover
用於從照片中去除衣服的線上人工智慧工具。
Undress AI Tool
免費脫衣圖片
Clothoff.io
AI脫衣器
Video Face Swap
使用我們完全免費的人工智慧換臉工具,輕鬆在任何影片中換臉!
熱門文章
熱工具
Atom編輯器mac版下載
最受歡迎的的開源編輯器
SublimeText3 英文版
推薦:為Win版本,支援程式碼提示!
禪工作室 13.0.1
強大的PHP整合開發環境
mPDF
mPDF是一個PHP庫,可以從UTF-8編碼的HTML產生PDF檔案。原作者Ian Back編寫mPDF以從他的網站上「即時」輸出PDF文件,並處理不同的語言。與原始腳本如HTML2FPDF相比,它的速度較慢,並且在使用Unicode字體時產生的檔案較大,但支援CSS樣式等,並進行了大量增強。支援幾乎所有語言,包括RTL(阿拉伯語和希伯來語)和CJK(中日韓)。支援嵌套的區塊級元素(如P、DIV),
Dreamweaver Mac版
視覺化網頁開發工具
