nginx+springboot+shiro+redis实现分布式session共享，同一项目部署多份实现负载均衡

上篇文章写道了基本的keepalived+nginx高可用，用兴趣的伙伴可以参考我上篇文章！

centos7+keepalived+nginx+tomcat+springboot实现nginx+tomcat高可用以及故障邮件通知

一个项目部署多份后，必然会出现session问题，因为每个tomcat的session是独立的，要让他们是一致的，就需要做到session共享，在springboot+shiro项目中tomcat的session是交给shiro管理的，默认情况下,shiro也是在内存中独立处理session，为了实现session共享，需要把Session交给redis来管理，这样所有的项目都连接一个redis的话，那session就是共享的了

这篇文章写得是shiro连接单机版redis，我贴出后来写得shiro连接redis哨兵模式高可用集群的链接

springboot+shiro+redis实现高可用集群，shiro连接哨兵redis集群，springboot配置方法，接上篇文章

说到这里，其他的应用都作了高可用，redis当然也要做，下面的文章我就会把我做redis高可用的方法也贴出来，一步一步往上爬，redis这关攻破之后就是数据库高可用，用的mysql比较多，就用mysql做例子吧

 先说shiro分布式session：pom文件添加依赖如下

            org.springframework.boot
            spring-boot-starter-data-redis
        

            org.crazycake
            shiro-redis
            2.4.2.1-RELEASE
        

其他的普通的包我就不贴了，主要是比一般使用shiro多这两个包

下面是配置项

多一个sessionDao

package com.huohua.common.config;
import java.io.Serializable;
import java.util.Collection;
import java.util.concurrent.TimeUnit;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
@Service
public class RedisSessionDao extends AbstractSessionDAO{
	// Session超时时间，单位为毫秒 
	  private long expireTime = 120000; 
	  
	  @Autowired
	  private RedisTemplate redisTemplate;
	  
	  public RedisSessionDao() { 
	    super(); 
	  } 
	  
	  public RedisSessionDao(long expireTime, RedisTemplate redisTemplate) { 
	    super(); 
	    this.expireTime = expireTime; 
	    this.redisTemplate = redisTemplate; 
	  } 
	  
	  @Override // 更新session 
	  public void update(Session session) throws UnknownSessionException { 
	    System.out.println("===============update================"); 
	    if (session == null || session.getId() == null) { 
	      return; 
	    } 
	    session.setTimeout(expireTime); 
	    redisTemplate.opsForValue().set(session.getId(), session, expireTime, TimeUnit.MILLISECONDS); 
	  } 
	  
	  @Override // 删除session 
	  public void delete(Session session) { 
	    System.out.println("===============delete================"); 
	    if (null == session) { 
	      return; 
	    } 
	    redisTemplate.opsForValue().getOperations().delete(session.getId()); 
	  } 
	  
	  @Override// 获取活跃的session，可以用来统计在线人数，如果要实现这个功能，可以在将session加入redis时指定一个session前缀，统计的时候则使用keys("session-prefix*")的方式来模糊查找redis中所有的session集合 
	  public Collection getActiveSessions() { 
	    System.out.println("==============getActiveSessions================="); 
	    return redisTemplate.keys("*"); 
	  } 
	  
	  @Override// 加入session 
	  protected Serializable doCreate(Session session) { 
	    System.out.println("===============doCreate================"); 
	    Serializable sessionId = this.generateSessionId(session); 
	    this.assignSessionId(session, sessionId); 
	  
	    redisTemplate.opsForValue().set(session.getId(), session, expireTime, TimeUnit.MILLISECONDS); 
	    return sessionId; 
	  } 
	  
	  @Override// 读取session 
	  protected Session doReadSession(Serializable sessionId) { 
	    System.out.println("==============doReadSession================="); 
	    if (sessionId == null) { 
	      return null; 
	    } 
	    return (Session) redisTemplate.opsForValue().get(sessionId); 
	  } 
	  
	  public long getExpireTime() { 
	    return expireTime; 
	  } 
	  
	  public void setExpireTime(long expireTime) { 
	    this.expireTime = expireTime; 
	  } 
	  
	  public RedisTemplate getRedisTemplate() { 
	    return redisTemplate; 
	  } 
	  
	  public void setRedisTemplate(RedisTemplate redisTemplate) { 
	    this.redisTemplate = redisTemplate; 
	  } 
}

shiroConfig类

package com.huohua.common.config;

import com.huohua.modules.sys.shiro.UserRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * Shiro的配置文件
 */
@Configuration
public class ShiroConfig {

    @Bean
    public DefaultWebSessionManager sessionManager(@Value("${globalSessionTimeout:3600}") long globalSessionTimeout
, RedisManager c){
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setSessionValidationSchedulerEnabled(true);
        sessionManager.setSessionIdUrlRewritingEnabled(false);
        sessionManager.setSessionValidationInterval(globalSessionTimeout * 1000);
        sessionManager.setGlobalSessionTimeout(globalSessionTimeout * 1000);
        sessionManager.setSessionDAO(redisSessionDAO(c));
        return sessionManager;
    }
    @ConfigurationProperties(prefix="spring.redis")
    @Bean
    public RedisManager redisManager() {
        return new RedisManager();
    }
    @Bean
    public RedisSessionDAO redisSessionDAO(RedisManager redisManager) {
        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
        redisSessionDAO.setRedisManager(redisManager);
        return redisSessionDAO;
    }

    @Bean("securityManager")
    public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm);
        securityManager.setSessionManager(sessionManager);
        securityManager.setRememberMeManager(null);

        return securityManager;
    }


    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);
        shiroFilter.setLoginUrl("/login.html");
        shiroFilter.setUnauthorizedUrl("/");

        Map filterMap = new LinkedHashMap<>();
        filterMap.put("/swagger/**", "anon");
        filterMap.put("/v2/api-docs", "anon");
        filterMap.put("/swagger-ui.html", "anon");
        filterMap.put("/webjars/**", "anon");
        filterMap.put("/swagger-resources/**", "anon");

        filterMap.put("/statics/**", "anon");
        filterMap.put("/login.html", "anon");
        filterMap.put("/sys/login", "anon");
        filterMap.put("/favicon.ico", "anon");
        filterMap.put("/captcha.jpg", "anon");
        filterMap.put("/**", "authc");
        shiroFilter.setFilterChainDefinitionMap(filterMap);

        return shiroFilter;
    }

    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}

主要是下面这些地方相比一般使用shiro多了session管理的配置 

注意在application.yml加入redis相关的配置

然后可以启动项目了，使用浏览器访问页面后就会看到session被保存到了redis中

至此shiro分布式session配置完成，下面是redis的高可用，请小伙伴们持续关注哦！