功能描述:
當用戶退出(主動)或者關閉瀏覽器(session超時)的時候,利用本次登錄Ip更新上次登錄IP。有人可能要問,你在用戶登錄的時候記錄不就行了。可是我有兩個字段,一個為本次登錄IP,另外一個為上次登錄IP。當用戶退出的時候,本次登錄IP也就成了上次登錄IP。
首先解決的問題是:在Listener里面訪問Service。
因為是基於注解開發,將Listener掃描和將Service成員變量注解@Autowired是不能解決問題的。運行起來會報空指針。
public class UserLeaveListener implements HttpSessionListener { private UserService userService; @Override public void sessionCreated(HttpSessionEvent arg0) { // 記錄訪問日志:IP } @Override public void sessionDestroyed(HttpSessionEvent arg0) { System.out.println("---SessionListener---"); //調用 session.invalidate(); 后,在這個方法里仍然可以獲取到屬性值 ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext( arg0.getSession().getServletContext()); userService = applicationContext.getBean(UserService.class); HttpSession session = arg0.getSession(); User user = (User) session.getAttribute("user"); System.out.println("user:" + user); //如果user不為空,代表超時退出。否則是主動退出 if(user != null){ System.out.println("用戶超時退出:" + user.getUserName()); userService.updatePreIp(user.getUserId(), user.getUserCurIP()); }else{ System.out.println("用戶已經退出"); } } }
核心代碼便是
ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext( arg0.getSession().getServletContext()); userService = applicationContext.getBean(UserService.class);
第二個問題:在我的登出Controller方法中,我調用
session.invalidate();
后的確能夠進入listener,也成功執行了service方法,但是卻爆了錯。這個錯不影響什么,但是看起來難受
嚴重: Servlet.service() for servlet [springDispatcherServlet] in context with path [/target] threw exception [org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated] with root cause java.lang.IllegalStateException: getAttribute: Session already invalidated at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1190) at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:103) at org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149) at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSubjectPrincipal(ShiroHttpServletRequest.java:96) at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getUserPrincipal(ShiroHttpServletRequest.java:112) at org.springframework.web.servlet.FrameworkServlet.getUsernameForRequest(FrameworkServlet.java:1091) at org.springframework.web.servlet.FrameworkServlet.publishRequestHandledEvent(FrameworkServlet.java:1077) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
看這句:
[org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated]
可以知道這個shiro啊,他想找這個session玩,但是session已經不在了。經過查閱我猜整合了shiro之后,就得考慮shiro的感受了。那么shiro有沒有退出的方法呢?
SecurityUtils.getSubject().logout();
原來有啊,我就在controller方法中把它也加上了。
運行成功之后,又報錯了。
java.lang.IllegalStateException: invalidate: Session already invalidated
我很懷疑用了shiro之后,shiro就霸占了session。所以我就把session.invalidate去掉了
果然運行之后啥錯誤都沒有了。
客戶端地址:0:0:0:0:0:0:0:1 user:User [userId=14962441362734L7V7MF, userName=博美, ...] 用戶主動退出:博美 ---SessionListener--- user:User [userId=14962441362734L7V7MF, userName=博美, ...] 用戶超時退出:博美 ---SessionListener--- user:null 用戶已經退出
這里說一下,雖然我們調用了讓session失效的方法,但是等到session超時時間一到,會再次進入sessionListener中