Spring + Shiro 项目 + HttpSessionListener 【调用springService问题】&【Session失效问题】

功能描述：

当用户退出（主动）或者关闭浏览器（session超时）的时候，利用本次登录Ip更新上次登录IP。有人可能要问，你在用户登录的时候记录不就行了。可是我有两个字段，一个为本次登录IP，另外一个为上次登录IP。当用户退出的时候，本次登录IP也就成了上次登录IP。

首先解决的问题是：在Listener里面访问Service。

因为是基于注解开发，将Listener扫描和将Service成员变量注解@Autowired是不能解决问题的。运行起来会报空指针。

public class UserLeaveListener implements HttpSessionListener {

    private UserService userService;
    
    @Override
    public void sessionCreated(HttpSessionEvent arg0) {
        // 记录访问日志：IP
        
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent arg0) {
        System.out.println("---SessionListener---");
        //调用 session.invalidate(); 后，在这个方法里仍然可以获取到属性值
        
        ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(
                arg0.getSession().getServletContext());
        userService = applicationContext.getBean(UserService.class);
        HttpSession session = arg0.getSession();
        User user = (User) session.getAttribute("user");
        System.out.println("user:" + user);
        //如果user不为空，代表超时退出。否则是主动退出
        if(user != null){
            System.out.println("用户超时退出：" + user.getUserName());
            userService.updatePreIp(user.getUserId(), user.getUserCurIP());
        }else{
            System.out.println("用户已经退出");
        }
    }

}

核心代码便是

ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(
                arg0.getSession().getServletContext());
userService = applicationContext.getBean(UserService.class);

第二个问题：在我的登出Controller方法中，我调用

session.invalidate();

后的确能够进入listener，也成功执行了service方法，但是却爆了错。这个错不影响什么，但是看起来难受

严重: Servlet.service() for servlet [springDispatcherServlet] in context with path [/target] threw exception [org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated] with root cause
java.lang.IllegalStateException: getAttribute: Session already invalidated
    at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1190)
    at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:103)
    at org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146)
    at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
    at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
    at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
    at org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149)
    at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSubjectPrincipal(ShiroHttpServletRequest.java:96)
    at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getUserPrincipal(ShiroHttpServletRequest.java:112)
    at org.springframework.web.servlet.FrameworkServlet.getUsernameForRequest(FrameworkServlet.java:1091)
    at org.springframework.web.servlet.FrameworkServlet.publishRequestHandledEvent(FrameworkServlet.java:1077)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
    at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

看这句：

[org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated]

可以知道这个shiro啊，他想找这个session玩，但是session已经不在了。经过查阅我猜整合了shiro之后，就得考虑shiro的感受了。那么shiro有没有退出的方法呢？

SecurityUtils.getSubject().logout();

原来有啊，我就在controller方法中把它也加上了。

运行成功之后，又报错了。

java.lang.IllegalStateException: invalidate: Session already invalidated

我很怀疑用了shiro之后，shiro就霸占了session。所以我就把session.invalidate去掉了

果然运行之后啥错误都没有了。

客户端地址：0:0:0:0:0:0:0:1
user:User [userId=14962441362734L7V7MF, userName=博美, ...]
用户主动退出：博美
---SessionListener---
user:User [userId=14962441362734L7V7MF, userName=博美, ...]
用户超时退出：博美
---SessionListener---
user:null
用户已经退出

这里说一下，虽然我们调用了让session失效的方法，但是等到session超时时间一到，会再次进入sessionListener中