HttpShiroRequest 接管session

标签：

简单分析完jetty的请求处理过程：http://my.oschina.net/u/782865/blog/505533

来看看shiro是怎么接管session的；我们知道web容器都实现有session管理；要把这个容器默认实现屏蔽掉，就需要改变request的getSession方法的默认实现；

shiro是这样实现的：封装普通的request成一个wrap,即是ShiroHttpServletRequest;

通过拦截器拦截request并封装为ShiroHttpServletRequest;具体如下

shiro的AbstractShiroFilter

protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)
            throws ServletException, IOException {

        Throwable t = null;

        try {
            final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);//执行封装
            final ServletResponse response = prepareServletResponse(request, servletResponse, chain);

            final Subject subject = createSubject(request, response);

            //noinspection unchecked
            subject.execute(new Callable() {
                public Object call() throws Exception {
                    updateSessionLastAccessTime(request, response);
                    executeChain(request, response, chain);
                    return null;
                }
            });...

@SuppressWarnings({"UnusedDeclaration"})
    protected ServletRequest prepareServletRequest(ServletRequest request, ServletResponse response, FilterChain chain) {
        ServletRequest toUse = request;
        if (request instanceof HttpServletRequest) {
            HttpServletRequest http = (HttpServletRequest) request;
            toUse = wrapServletRequest(http);
        }
        return toUse;
    }

protected ServletRequest wrapServletRequest(HttpServletRequest orig) {
        return new ShiroHttpServletRequest(orig, getServletContext(), isHttpSessions());
    }

默认不用容器的session实现；

再来看看ShiroHttpServletRequest的getSession方法；

public HttpSession getSession() {
        return getSession(true);
    }

public HttpSession getSession(boolean create) {

        HttpSession httpSession;

        if (isHttpSessions()) {//默认是flase;
            httpSession = super.getSession(false);
            if (httpSession == null && create) {
                //Shiro 1.2: assert that creation is enabled (SHIRO-266):
                if (WebUtils._isSessionCreationEnabled(this)) {
                    httpSession = super.getSession(create);
                } else {
                    throw newNoSessionCreationException();
                }
            }
        } else {//这里是shiro实现的session
            if (this.session == null) {

                boolean existing = getSubject().getSession(false) != null;

                Session shiroSession = getSubject().getSession(create);
                if (shiroSession != null) {
                    this.session = new ShiroHttpSession(shiroSession, this, this.servletContext);
                    if (!existing) {
                        setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
                    }
                }
            }
            httpSession = this.session;
        }

        return httpSession;
    }

那么实现shiro的sessionDao接口就可以想存哪就存哪了；

HttpShiroRequest 接管session

标签：

原文地址：http://my.oschina.net/u/782865/blog/505560