先说结论:
项目中定制了spring 的redisTemplate,而这个template没有使用我自定义的Jackson ObjectMapper。所以不生效。
下面是详细过程:
起因是spring boot项目加入了shiro,我打算使用redis去存储shiro的会话,方便以后横向扩展。
参考了网上的实现后,决定通过扩展org.apache.shiro.session.mgt.eis.AbstractSessionDAO来实现。
以下是实现代码:
package com.ceiec.baseplatform.config; import com.ceiec.baseplatform.redis.StringKeyRedisTemplate;
import org.apache.commons.collections.CollectionUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import java.io.Serializable;
import java.util.Collection;
import java.util.concurrent.TimeUnit; @Component
public class RedisSessionDAO extends AbstractSessionDAO {
private static Logger logger = LoggerFactory.getLogger(RedisSessionDAO.class); @SuppressWarnings("rawtypes")
@Autowired
private StringKeyRedisTemplate<String, Object> redisTemplate; private static final String DEFAULT_SESSION_KEY_PREFIX = "shirosession:"; private String keyPrefix = DEFAULT_SESSION_KEY_PREFIX; private long expireTime = 120000; public RedisSessionDAO() {
super();
} public RedisSessionDAO(long expireTime) {
super();
this.expireTime = expireTime;
} @Override // 更新session
public void update(Session session) throws UnknownSessionException {
System.out.println("===============update================");
if (session == null || session.getId() == null) {
return;
}
session.setTimeout(expireTime);
String key = getKey(session);
redisTemplate.opsForValue().set(key, session, expireTime, TimeUnit.MILLISECONDS);
} private String getKey(Session session) {
return this.keyPrefix + String.valueOf(session.getId());
}
private String getSessionIdKey(String sessionId) {
return this.keyPrefix + String.valueOf(sessionId);
} @Override // 删除session
public void delete(Session session) {
System.out.println("===============delete================");
if (null == session) {
return;
}
redisTemplate.opsForValue().getOperations().delete(getKey(session));
} @Override
// 获取活跃的session,可以用来统计在线人数,如果要实现这个功能,可以在将session加入redis时指定一个session前缀,统计的时候则使用keys("session-prefix*")的方式来模糊查找redis中所有的session集合
public Collection<Session> getActiveSessions() {
// System.out.println("==============getActiveSessions=================");
// return redisTemplate.keys("*");
return CollectionUtils.EMPTY_COLLECTION;
} @Override// 加入session
protected Serializable doCreate(Session session) {
System.out.println("===============doCreate================");
Serializable sessionId = this.generateSessionId(session);
this.assignSessionId(session, sessionId); redisTemplate.opsForValue().set(getKey(session), session, expireTime, TimeUnit.MILLISECONDS);
return sessionId;
} @Override// 读取session
protected Session doReadSession(Serializable sessionId) {
System.out.println("==============doReadSession=================");
if (sessionId == null) {
return null;
}
return (Session) redisTemplate.opsForValue().get(getSessionIdKey(String.valueOf(sessionId)));
} public long getExpireTime() {
return expireTime;
} public void setExpireTime(long expireTime) {
this.expireTime = expireTime;
} }
然后将该RedisSessionDao注册到sessionManager等,这个不在本文范围内,有兴趣可搜索相关shiro配置。
@Autowired
private RedisSessionDAO redisSessionDAO; @Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setSessionDAO(redisSessionDAO);
securityManager.setSessionManager(sessionManager);
//设置realm.
securityManager.setRealm(myShiroRealm());
return securityManager;
}
一切看起来不错。运行,登录,然后,报错了。
现在不太能重现那个错误,大概是,登录时,会把org.apache.shiro.session.mgt.SimpleSession的实例写入到redis。
其中有一个方法如下:
/**
* @since 0.9
*/
public boolean isValid() {
return !isStopped() && !isExpired();
}
序列化时,会序列化一个valid:true的属性到json中。
而在后续读会话时,会反序列化session。然后报错,提示不认识valid属性。 于是在网上查询spring boot如何定制objectMapper去忽略不认识的属性,
objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
按照网上说法和文档,如果只要替换ObjectMapper的话,只要按照下面说的这样去定义一个@Bean和@Primary标注的class。
但是在按照上述方法去配置后,发现没有效果。
后边想了很久。。。。突然发现自己的项目中,因为不想用jdk的序列化器,所以自定义了
Spring的RedisTemplate,去使用jackson的序列化器。
而这个template中可能没有使用我自定义的ObjectMapper。 后边发现,果然如此。
然后修改后如下:
package com.ceiec.baseplatform.redis; import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializerProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.DefaultStringRedisConnection;
import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.stereotype.Component; import java.io.IOException; /**
* desc: redis操作类
* @author:
* creat_date: 2018/1/4
* creat_time: 17:18
**/
@Component
public class StringKeyRedisTemplate<K, V> extends RedisTemplate<K, V> { /**
* Constructs a new <code>StringRedisTemplate</code> instance. {@link #setConnectionFactory(RedisConnectionFactory)}
* and {@link #afterPropertiesSet()} still need to be called.
*/
public StringKeyRedisTemplate() { } /**
* Constructs a new <code>StringRedisTemplate</code> instance ready to be used.
*
* @param connectionFactory connection factory for creating new connections
*/
@Autowired
public StringKeyRedisTemplate(RedisConnectionFactory connectionFactory) {
RedisSerializer<String> stringSerializer = new StringRedisSerializer();
//设置key序列化器
setKeySerializer(stringSerializer);
setHashKeySerializer(stringSerializer);
//设置value的序列化器
ObjectMapper mapper = jacksonObjectMapper();
setValueSerializer(new GenericJackson2JsonRedisSerializer(mapper));
setHashValueSerializer(new GenericJackson2JsonRedisSerializer(mapper)); setConnectionFactory(connectionFactory);
afterPropertiesSet();
} @Override
protected RedisConnection preProcessConnection(RedisConnection connection, boolean existingConnection) {
return new DefaultStringRedisConnection(connection);
} public ObjectMapper jacksonObjectMapper() {
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
objectMapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL); objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); logger.info("construct complete! " + objectMapper);
return objectMapper;
}
}