功能描述:
当用户退出(主动)或者关闭浏览器(session超时)的时候,利用本次登录Ip更新上次登录IP。有人可能要问,你在用户登录的时候记录不就行了。可是我有两个字段,一个为本次登录IP,另外一个为上次登录IP。当用户退出的时候,本次登录IP也就成了上次登录IP。
首先解决的问题是:在Listener里面访问Service。
因为是基于注解开发,将Listener扫描和将Service成员变量注解@Autowired是不能解决问题的。运行起来会报空指针。
public class UserLeaveListener implements HttpSessionListener { private UserService userService; @Override public void sessionCreated(HttpSessionEvent arg0) { // 记录访问日志:IP } @Override public void sessionDestroyed(HttpSessionEvent arg0) { System.out.println("---SessionListener---"); //调用 session.invalidate(); 后,在这个方法里仍然可以获取到属性值 ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext( arg0.getSession().getServletContext()); userService = applicationContext.getBean(UserService.class); HttpSession session = arg0.getSession(); User user = (User) session.getAttribute("user"); System.out.println("user:" + user); //如果user不为空,代表超时退出。否则是主动退出 if(user != null){ System.out.println("用户超时退出:" + user.getUserName()); userService.updatePreIp(user.getUserId(), user.getUserCurIP()); }else{ System.out.println("用户已经退出"); } } }
核心代码便是
ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext( arg0.getSession().getServletContext()); userService = applicationContext.getBean(UserService.class);
第二个问题:在我的登出Controller方法中,我调用
session.invalidate();
后的确能够进入listener,也成功执行了service方法,但是却爆了错。这个错不影响什么,但是看起来难受
严重: Servlet.service() for servlet [springDispatcherServlet] in context with path [/target] threw exception [org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated] with root cause java.lang.IllegalStateException: getAttribute: Session already invalidated at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1190) at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:103) at org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149) at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSubjectPrincipal(ShiroHttpServletRequest.java:96) at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getUserPrincipal(ShiroHttpServletRequest.java:112) at org.springframework.web.servlet.FrameworkServlet.getUsernameForRequest(FrameworkServlet.java:1091) at org.springframework.web.servlet.FrameworkServlet.publishRequestHandledEvent(FrameworkServlet.java:1077) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
看这句:
[org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated]
可以知道这个shiro啊,他想找这个session玩,但是session已经不在了。经过查阅我猜整合了shiro之后,就得考虑shiro的感受了。那么shiro有没有退出的方法呢?
SecurityUtils.getSubject().logout();
原来有啊,我就在controller方法中把它也加上了。
运行成功之后,又报错了。
java.lang.IllegalStateException: invalidate: Session already invalidated
我很怀疑用了shiro之后,shiro就霸占了session。所以我就把session.invalidate去掉了
果然运行之后啥错误都没有了。
客户端地址:0:0:0:0:0:0:0:1 user:User [userId=14962441362734L7V7MF, userName=博美, ...] 用户主动退出:博美 ---SessionListener--- user:User [userId=14962441362734L7V7MF, userName=博美, ...] 用户超时退出:博美 ---SessionListener--- user:null 用户已经退出
这里说一下,虽然我们调用了让session失效的方法,但是等到session超时时间一到,会再次进入sessionListener中