在java web編程中,經常使用shiro來管理session,也確實好用
- shiro來獲取session的方式
SecurityUtils.getSubject().getSession()
其中SecurityUtils的getSubject代碼如下
/**
* Returns the currently accessible {@code Subject} available to the calling code depending on
* runtime environment.
* <p/>
* This method is provided as a way of obtaining a {@code Subject} without having to resort to
* implementation-specific methods. It also allows the Shiro team to change the underlying implementation of
* this method in the future depending on requirements/updates without affecting your code that uses it.
*
* @return the currently accessible {@code Subject} accessible to the calling code.
* @throws IllegalStateException if no {@link Subject Subject} instance or
* {@link SecurityManager SecurityManager} instance is available with which to obtain
* a {@code Subject}, which which is considered an invalid application configuration
* - a Subject should <em>always</em> be available to the caller.
*/
public static Subject getSubject() {
Subject subject = ThreadContext.getSubject();
if (subject == null) {
subject = (new Subject.Builder()).buildSubject();
ThreadContext.bind(subject);
}
return subject;
}
Subject subject = ThreadContext.getSubject();
獲取進程上下文,這個存在了問題,如果在使用線程池,獲取的就是線程池里面的session,如果線程池為配置過期時間,那么線程池里面的線程一直不變,就會出現在線程池里面getsession就會是上一次的session,導致獲取session失敗
線程池原理可參考