对是否开启spring session增加一个开关

pom.xml

@@ -116,6 +116,7 @@
         <dependency>
             <groupId>org.springframework.session</groupId>
             <artifactId>spring-session</artifactId>
+            <scope>provided</scope><!-- 需要分布式session的话需要改为compile -->
         </dependency>
         <dependency>
             <groupId>com.baomidou</groupId>

src/main/java/com/stylefeng/guns/config/SpringSessionConfig.java

 package com.stylefeng.guns.config;
 
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 
 /**
@@ -9,6 +10,7 @@ import org.springframework.session.data.redis.config.annotation.web.http.EnableR
  * @date 2017-07-13 21:05
  */
 @EnableRedisHttpSession(maxInactiveIntervalInSeconds = 1800)  //session过期时间
+@ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "true")
 public class SpringSessionConfig {
 
 

src/main/java/com/stylefeng/guns/config/properties/GunsProperties.java

@@ -28,6 +28,12 @@ public class GunsProperties {
 
     private Boolean haveCreatePath = false;
 
+    private Boolean springSessionOpen = false;
+
+    private Integer sessionInvalidateTime = 30 * 60;  //session 失效时间（默认为30分钟 单位：秒）
+
+    private Integer sessionValidationInterval = 15 * 60;  //session 验证失效时间（默认为15分钟 单位：秒）
+
     public String getFileUploadPath() {
         //如果没有写文件上传路径,保存到临时目录
         if (isEmpty(fileUploadPath)) {
@@ -67,4 +73,27 @@ public class GunsProperties {
         this.swaggerOpen = swaggerOpen;
     }
 
+    public Boolean getSpringSessionOpen() {
+        return springSessionOpen;
+    }
+
+    public void setSpringSessionOpen(Boolean springSessionOpen) {
+        this.springSessionOpen = springSessionOpen;
+    }
+
+    public Integer getSessionInvalidateTime() {
+        return sessionInvalidateTime;
+    }
+
+    public void setSessionInvalidateTime(Integer sessionInvalidateTime) {
+        this.sessionInvalidateTime = sessionInvalidateTime;
+    }
+
+    public Integer getSessionValidationInterval() {
+        return sessionValidationInterval;
+    }
+
+    public void setSessionValidationInterval(Integer sessionValidationInterval) {
+        this.sessionValidationInterval = sessionValidationInterval;
+    }
 }

src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java

 package com.stylefeng.guns.config.web;
 
+import com.stylefeng.guns.config.properties.GunsProperties;
 import com.stylefeng.guns.core.shiro.ShiroDbRealm;
 import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.cache.ehcache.EhCacheManager;
 import org.apache.shiro.codec.Base64;
+import org.apache.shiro.session.mgt.SessionManager;
 import org.apache.shiro.spring.LifecycleBeanPostProcessor;
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 import org.apache.shiro.web.mgt.CookieRememberMeManager;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.apache.shiro.web.servlet.Cookie;
+import org.apache.shiro.web.servlet.ShiroHttpSession;
 import org.apache.shiro.web.servlet.SimpleCookie;
+import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
 import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
 import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -34,24 +40,45 @@ public class ShiroConfig {
      * 安全管理器
      */
     @Bean
-    public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager, CacheManager cacheShiroManager, ServletContainerSessionManager servletContainerSessionManager) {
+    public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager, CacheManager cacheShiroManager, SessionManager sessionManager) {
         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
         securityManager.setRealm(this.shiroDbRealm());
         securityManager.setCacheManager(cacheShiroManager);
         securityManager.setRememberMeManager(rememberMeManager);
-        securityManager.setSessionManager(servletContainerSessionManager);
+        securityManager.setSessionManager(sessionManager);
         return securityManager;
     }
 
     /**
-     * spring session管理器
+     * spring session管理器（多机环境）
      */
     @Bean
+    @ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "true")
     public ServletContainerSessionManager servletContainerSessionManager() {
         return new ServletContainerSessionManager();
     }
 
     /**
+     * session管理器(单机环境)
+     */
+    @Bean
+    @ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "false")
+    public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager, GunsProperties gunsProperties) {
+        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
+        sessionManager.setCacheManager(cacheShiroManager);
+        sessionManager.setSessionValidationInterval(gunsProperties.getSessionValidationInterval() * 1000);
+        sessionManager.setGlobalSessionTimeout(gunsProperties.getSessionInvalidateTime() * 1000);
+        sessionManager.setDeleteInvalidSessions(true);
+        sessionManager.setSessionValidationSchedulerEnabled(true);
+        Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
+        cookie.setName("shiroCookie");
+        cookie.setHttpOnly(true);
+        sessionManager.setSessionIdCookie(cookie);
+        return sessionManager;
+    }
+
+
+    /**
      * 缓存管理器 使用Ehcache实现
      */
     @Bean

src/main/java/com/stylefeng/guns/core/intercept/SessionTimeoutInterceptor.java

@@ -8,7 +8,6 @@ import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 
 /**
@@ -19,7 +18,6 @@ import org.springframework.stereotype.Component;
  */
 @Aspect
 @Component
-@ConditionalOnProperty(prefix = "guns", name = "session-open", havingValue = "true")
 public class SessionTimeoutInterceptor extends BaseController {
 
     @Pointcut("execution(* com.stylefeng.guns.*..controller.*.*(..))")

src/main/java/com/stylefeng/guns/modular/system/controller/LoginController.java

@@ -2,8 +2,6 @@ package com.stylefeng.guns.modular.system.controller;
 
 import com.google.code.kaptcha.Constants;
 import com.stylefeng.guns.common.controller.BaseController;
-import com.stylefeng.guns.common.exception.BizExceptionEnum;
-import com.stylefeng.guns.common.exception.BussinessException;
 import com.stylefeng.guns.common.exception.InvalidKaptchaException;
 import com.stylefeng.guns.common.node.MenuNode;
 import com.stylefeng.guns.common.persistence.dao.UserMapper;

src/main/resources/application.yml

@@ -9,6 +9,9 @@ guns:
   session-open: false #是否开启session验证 (true/false)
   #file-upload-path: d:/tmp  #文件上传目录(不配置的话为java.io.tmpdir目录)
   muti-datasource-open: false #是否开启多数据源(true/false)
+  spring-session-open: false #是否开启spring session,如果是多机环境需要开启(true/false)
+  session-invalidate-time: 1800 #session失效时间(只在单机环境下生效，多机环境在SpringSessionConfig类中配置) 单位：秒
+  session-validation-interval: 900 #多久检测一次失效的session(只在单机环境下生效) 单位：秒
 
 ###################  项目启动端口  ###################
 server: