Spring集成shiro+nginx 实现访问记录

时间 2019-12-13

标签 spring 集成 shiro+nginx shiro nginx 实现访问记录栏目 Spring 繁體版

原文原文链接

最近公司的网站须要添加用户访问记录功能，因为使用了nginx请求转发直接经过HttpServletRequest没法获取用户真实Iphtml

关于nginx获取真实IP的资料 http://www.javashuo.com/article/p-tvzjkzsk-kr.htmlnginx

获取用户真实IP具体作法：

在nginx.conf配置文件中web

location / {
             proxy_pass  ip; 
            index  ak47.html index.html index.htm;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
            

 # 动态请求的转发
        location ~ \.(jsp|do)$ { 
            proxy_pass http://10.30.100.126:8080; 
            proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

而后在代码中加入如下spring

public final class NetworkUtil {

    public static String getIpAddr(HttpServletRequest request) {
        String fromSource = "X-Real-IP";
        String ip = request.getHeader("X-Real-IP");
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("X-Forwarded-For");
            fromSource = "X-Forwarded-For";
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
            fromSource = "Proxy-Client-IP";
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
            fromSource = "WL-Proxy-Client-IP";
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
            fromSource = "request.getRemoteAddr";
        }
        return ip;
    }

}

用户登陆时间和退出时间

用户登陆时间就是subject.login(token);成功的时间数据库

退出时间就是执行logout的时间，可是shiro封装的很完美，怎么在执行logout以后往数据库中插入退出时间呢apache

shiro执行logout时会调用LogoutFilter，咱们能够写一个继承它就能够进行相关操做了session

@Component
public class SystemLogoutFilter extends LogoutFilter {

    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        //在这里执行退出系统前须要清空的数据
        Subject subject=getSubject(request,response);
        //Session session = subject.getSession();
        

        String redirectUrl=getRedirectUrl(request,response,subject);
        ServletContext context= request.getServletContext();
        try {
            subject.logout();
          
            context.removeAttribute("error");
        }catch (SessionException e){
            e.printStackTrace();
        }
        issueRedirect(request,response,redirectUrl);
        return false;
    }
}

而后在xml配置文件中jsp

<!--Spring整合shiro-->
    <bean id="SystemLogoutFilter" class="com.smart.service.SystemLogoutFilter">
    <property name="redirectUrl" value="/login.do" />
    </bean>
    <!-- 配置shiro的过滤器工厂类，id- shiroFilter要和咱们在web.xml中配置的过滤器一致 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <!-- 调用咱们配置的权限管理器 -->
        <property name="securityManager" ref="securityManager" />
        <!-- 配置咱们的登陆请求地址 -->
        <property name="loginUrl" value="/login.do" />
        <!-- 配置咱们在登陆页登陆成功后的跳转地址，若是你访问的是非/login地址，则跳到您访问的地址 -->
        <property name="successUrl" value="/maSystem.do" />
        <!-- 若是您请求的资源再也不您的权限范围，则跳转到/403请求地址 -->
        <property name="unauthorizedUrl" value="/error.do" />
        <property name="filters">
            <map>
                <entry key="logout" value-ref="SystemLogoutFilter" />
            </map>
        </property>
        <!-- 权限配置 -->
        <property name="filterChainDefinitions">
            <value>
                <!-- anon表示此地址不须要任何权限便可访问 -->
                /error.jsp=anon
                /login.do=anon
                /logout=logout
                <!--全部的请求(除去配置的静态资源请求或请求地址为anon的请求)都要经过登陆验证,若是未登陆则跳到/login -->
                /** = authc
            </value>
        </property>
    </bean>
    <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
        <property name="redirectUrl" value="/login.do" />
    </bean>

用户退出登陆时间都有了，根据sessionId做为惟一标识便可ide