堆栈内存溢出
  简体   繁体   English

缓存无效在Shiro中无效

[英]Cache Invalidate not working in Shiro

 原文  2013-07-15 14:56:57       java/ jsp/ shiro

问题描述

We are using Apache Shiro for managing auth in our app. 我们正在使用Apache Shiro在我们的应用程序中管理auth。 When using Permission I am using out of the box memory based caching and here is my shiro.ini. 使用权限时,我使用开箱即用的基于内存的缓存,这是我的shiro.ini。

In my JSP I am using shiro:taglib to check for hasPerimission and lacksPemrissons tags. 在我的JSP中,我使用shiro:taglib来检查hasPerimission和lacksPemrissons标签。 If I update user role in database (hence so corresponding permissions), and when user logs-out his permissions are updated. 如果我更新数据库中的用户角色 (因此相应的权限),并且当用户注销时,他的权限会更新。 I see unauthorized page as expected. 我按预期看到未经授权的页面。 However, the links are still rendered, which should not. 但是,链接仍然呈现,不应该。 These links are rendered using following syntax. 使用以下语法呈现这些链接。 (note: these links are part of common header.jsp , and included in all pages) (注意:这些链接是常见header.jsp一部分,并包含在所有页面中) 

<shiro:hasPermission name="admin:viewPage">
        <a href="/pages/admin.jsp">Admin</a>
</shiro:hasPermission>

My class JNDIAwareJDBCRealm inherits JdbcRealm which inherits CacheManagerAware . 我的类JNDIAwareJDBCRealm继承了继承CacheManagerAware JdbcRealm It seems that CacheManagerAware.onLogout() clears cache. 似乎CacheManagerAware.onLogout()清除了缓存。

Is it tag library doing some caching? 标签库是否正在进行缓存? Am I missing some implementation with caching? 我错过了缓存的一些实现吗?

My Shiro.ini file: 我的Shiro.ini文件: 

[main] 
jndiJdbcRealm=com.my.domian.JNDIAwareJDBCRealm
jndiJdbcRealm.jndiDataSourceName=jdbc/mySQLConnection 
jndiJdbcRealm.authenticationQuery = select password FROM users where email_id=?
jndiJdbcRealm.userRolesQuery= select role from user_roles, user where user.email_id =? AND user.id = user_roles.user_id 
jndiJdbcRealm.permissionsQuery= SELECT permission FROM role_permission WHERE role=? jndiJdbcRealm.permissionsLookupEnabled=true

bcryptCredentialsMatcher=com.my.domain.BCryptCredentialsMatcher
jndiJdbcRealm.credentialsMatcher = $bcryptCredentialsMatcher

securityManager.realms = $jndiJdbcRealm builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $builtInCacheManager

# unauthorized page
perms.unauthorizedUrl = /pages/unauthorized.jsp

(Realized that Shiro has very less documentation.) (意识到Shiro的文档很少。)

1 个解决方案

解决方案1
 2 已采纳  2013-07-17 06:07:15

I got it working. 我搞定了。 Logout workflow was wrongly using session.invalidate() in our code. 注销工作流错误地在我们的代码中使用session.invalidate() So two things I required are 所以我需要的两件事是

  1. Use correct logout workflow by invoking SecurityUtils.getSubject().logout() instead of session.invalidate(). 通过调用SecurityUtils.getSubject().logout()而不是session.invalidate()来使用正确的注销工作流程。
  2. On login clear cache as follows: 登录时清除缓存如下:

. 

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     throws AuthenticationException {
    ...
    SimplePrincipalCollection principals = new SimplePrincipalCollection(username, "jndiJdbcRealm");
    super.doClearCache(principals);

    ...
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 @RequiresRoles批注在shiro中不起作用 - @RequiresRoles annotation not working in shiro Shiro会话注销不起作用 - Shiro Session logout not working Shiro URL过滤器不起作用 - Shiro URL filter not working OpenEntityManagerInViewFilter不能与Shiro一起使用 - OpenEntityManagerInViewFilter not working with shiro 通过密钥部分使Guava缓存无效 - Invalidate Guava cache by the part of the key Java Grpc:使 dns 缓存无效 - Java Grpc: invalidate dns cache Apache Shiro角色和权限不起作用 - Apache Shiro roles and permissions not working Shiro 1.2无法与Guice(和Vaadin)一起使用 - Shiro 1.2 not working with Guice (and Vaadin) 如何使用Java SDK使Cloudfront中的缓存无效 - How to invalidate cache in Cloudfront using Java SDK 如何在预定时间使番石榴缓存失效? - How to invalidate guava cache at scheduled time?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM