强制登出所有用户,每次升级之前强制用户重新登录No SecurityManager accessible to the calling code, either bound to the org.ap

拼搏现实的明天。 2023-01-03 04:13 113阅读 0赞

异常信息:

  1. 2021-01-07 09:39:16.299|ERROR|main|212|c.h.j.rpc.t2.util.ServiceDefinitionUtil :解析接口方法异常: method:queryTagsByCategory
  2. 2021-01-07 09:39:16.332|ERROR|main|212|c.h.j.rpc.t2.util.ServiceDefinitionUtil :解析接口方法异常: method:queryTagsByTagValue
  3. 2021-01-07 09:39:16.345|ERROR|main|212|c.h.j.rpc.t2.util.ServiceDefinitionUtil :解析接口方法异常: method:registerTags
  4. 2021-01-07 09:39:51.590|ERROR|main|212|c.h.j.rpc.t2.util.ServiceDefinitionUtil :解析接口方法异常: method:queryConditionList
  5. 2021-01-07 09:40:24.033|ERROR|main|845|o.s.boot.SpringApplication              :Application run failed
  6. java.lang.IllegalStateException: Failed to execute CommandLineRunner
  7.     at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:803)
  8.     at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:784)
  9.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:338)
  10.     at org.gil.three.admin.ThreeAdminApplication.main(ThreeAdminApplication.java:35)
  11. Caused by: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
  12.     at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
  13.     at org.gil.three.admin.util.ShiroUtil.kickOutAllUsers(ShiroUtil.java:109)
  14.     at org.gil.three.admin.runner.RedisFlushCommandLineRunner.run(RedisFlushCommandLineRunner.java:42)
  15.     at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:800)
  16.     ... 3 common frames omitted
  17. java.lang.IllegalStateException: Failed to execute CommandLineRunner
  18.     at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:803)
  19.     at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:784)
  20.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:338)
  21.     at org.gil.three.admin.ThreeAdminApplication.main(ThreeAdminApplication.java:35)
  22. Caused by: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
  23.     at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
  24.     at org.gil.three.admin.util.ShiroUtil.kickOutAllUsers(ShiroUtil.java:109)
  25.     at org.gil.three.admin.runner.RedisFlushCommandLineRunner.run(RedisFlushCommandLineRunner.java:42)
  26.     at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:800)
  27.     ... 3 more
  28. Disconnected from the target VM, address: '127.0.0.1:12507', transport: 'socket'
  30. Process finished with exit code -1

错误信息:

watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3UwMTE0ODgwMDk_size_16_color_FFFFFF_t_70

文字描述:

Caused by: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.gil.three.admin.util.ShiroUtil.kickOutAllUsers(ShiroUtil.java:109)
at org.gil.three.admin.runner.RedisFlushCommandLineRunner.run(RedisFlushCommandLineRunner.java:42)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:800)
… 3 common frames omitted

主要是类的获取有问题,静态方法没有实例化类,所以获取有问题

  1. import java.util.Collection;
  2. import java.util.Objects;
  4. import org.apache.shiro.SecurityUtils;
  5. import org.apache.shiro.authc.Authenticator;
  6. import org.apache.shiro.authc.LogoutAware;
  7. import org.apache.shiro.session.Session;
  8. import org.apache.shiro.subject.SimplePrincipalCollection;
  9. import org.apache.shiro.subject.support.DefaultSubjectContext;
  10. import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
  11. import org.crazycake.shiro.RedisSessionDAO;
  12. import org.gil.three.admin.model.vo.SessionUser;
  14. public class ShiroUtil {
  16.     private static RedisSessionDAO redisSessionDAO = SpringUtil
  17.         .getBean(RedisSessionDAO.class);
  19.     private ShiroUtil() {
  20.     }
  22.     /**
  23.      * 获取指定用户名的Session
  24.      * @param username
  25.      * @return
  26.      */
  27.     private static Session getSessionByUsername(String username) {
  28.         Collection<Session> sessions = redisSessionDAO.getActiveSessions();
  29.         SessionUser user;
  30.         Object attribute;
  31.         for (Session session : sessions) {
  32.             attribute = session
  33.                 .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
  34.             if (attribute == null) {
  35.                 continue;
  36.             }
  37.             user = (SessionUser) ((SimplePrincipalCollection) attribute)
  38.                 .getPrimaryPrincipal();
  39.             if (user == null) {
  40.                 continue;
  41.             }
  42.             if (Objects.equals(user.getUserName(), username)) {
  43.                 return session;
  44.             }
  45.         }
  46.         return null;
  47.     }
  49.     /**
  50.      * 删除用户缓存信息
  51.      * @param username 用户名
  52.      * @param isRemoveSession 是否删除session,删除后用户需重新登录
  53.      */
  54.     public static void kickOutUser(String username, boolean isRemoveSession) {
  55.         Session session = getSessionByUsername(username);
  56.         if (session == null) {
  57.             return;
  58.         }
  60.         Object attribute = session
  61.             .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
  62.         if (attribute == null) {
  63.             return;
  64.         }
  66.         SessionUser user = (SessionUser) ((SimplePrincipalCollection) attribute)
  67.             .getPrimaryPrincipal();
  68.         if (!username.equals(user.getUserName())) {
  69.             return;
  70.         }
  72.         // 删除session
  73.         if (isRemoveSession) {
  74.             redisSessionDAO.delete(session);
  75.         }
  76.         DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) SecurityUtils
  77.             .getSecurityManager();
  78.         Authenticator authc = securityManager.getAuthenticator();
  79.         // 删除cache,在访问受限接口时会重新授权
  80.         ((LogoutAware) authc).onLogout((SimplePrincipalCollection) attribute);
  81.     }
  83. }

解决办法:

  1. @Autowired
  2. private AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor;
  4. DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) authorizationAttributeSourceAdvisor.getSecurityManager();
  5.   Authenticator authc = securityManager.getAuthenticator();

authorizationAttributeSourceAdvisor在shiroconfig配置的里面声明bean,这里注入,然后直接就可以获取到了

修改之后的实现类:

  1. import lombok.extern.slf4j.Slf4j;
  2. import org.apache.shiro.SecurityUtils;
  3. import org.apache.shiro.authc.Authenticator;
  4. import org.apache.shiro.authc.LogoutAware;
  5. import org.apache.shiro.session.Session;
  6. import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
  7. import org.apache.shiro.subject.SimplePrincipalCollection;
  8. import org.apache.shiro.subject.support.DefaultSubjectContext;
  9. import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
  10. import org.gil.three.admin.config.shiro.ShiroResdisSessionDAO;
  11. import org.gil.three.admin.model.vo.SessionUser;
  12. import org.springframework.beans.factory.annotation.Autowired;
  13. import org.springframework.stereotype.Component;
  15. import java.util.Collection;
  16. import java.util.Objects;
  18. @Component
  19. @Slf4j
  20. public class ShiroUtil {
  22.     @Autowired
  23.     private ShiroResdisSessionDAO shiroResdisSessionDAO;
  25.     @Autowired
  26.     private AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor;
  28.     private ShiroUtil() {
  29.     }
  31.     /**
  32.      * 获取指定用户名的Session
  33.      *
  34.      * @param username
  35.      * @return
  36.      */
  37.     private Session getSessionByUsername(String username) {
  38.         Collection<Session> sessions = shiroResdisSessionDAO.getActiveSessions();
  39.         SessionUser user;
  40.         Object attribute;
  41.         for (Session session : sessions) {
  42.             attribute = session
  43.                     .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
  44.             if (attribute == null) {
  45.                 continue;
  46.             }
  47.             user = (SessionUser) ((SimplePrincipalCollection) attribute)
  48.                     .getPrimaryPrincipal();
  49.             if (user == null) {
  50.                 continue;
  51.             }
  52.             if (Objects.equals(user.getUserName(), username)) {
  53.                 return session;
  54.             }
  55.         }
  56.         return null;
  57.     }
  59.     /**
  60.      * 删除用户缓存信息
  61.      *
  62.      * @param username        用户名
  63.      * @param isRemoveSession 是否删除session,删除后用户需重新登录
  64.      */
  65.     public void kickOutUser(String username, boolean isRemoveSession) {
  66.         Session session = getSessionByUsername(username);
  67.         if (session == null) {
  68.             return;
  69.         }
  71.         Object attribute = session
  72.                 .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
  73.         if (attribute == null) {
  74.             return;
  75.         }
  77.         SessionUser user = (SessionUser) ((SimplePrincipalCollection) attribute)
  78.                 .getPrimaryPrincipal();
  79.         if (!username.equals(user.getUserName())) {
  80.             return;
  81.         }
  83.         // 删除session
  84.         if (isRemoveSession) {
  85.             shiroResdisSessionDAO.delete(session);
  86.         }
  87.         DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) SecurityUtils
  88.                 .getSecurityManager();
  89.         Authenticator authc = securityManager.getAuthenticator();
  90.         // 删除cache,在访问受限接口时会重新授权
  91.         ((LogoutAware) authc).onLogout((SimplePrincipalCollection) attribute);
  92.     }
  94.     public void kickOutAllUsers() {
  95.         Collection<Session> sessions = shiroResdisSessionDAO.getActiveSessions();
  96.         SessionUser user;
  97.         Object attribute;
  98.         for (Session session : sessions) {
  99.             attribute = session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
  100.             if (attribute == null) {
  101.                 continue;
  102.             }
  103.             user = (SessionUser) ((SimplePrincipalCollection) attribute).getPrimaryPrincipal();
  104.             if (user == null) {
  105.                 continue;
  106.             }
  107.             shiroResdisSessionDAO.delete(session);
  108.             DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) authorizationAttributeSourceAdvisor.getSecurityManager();
  109.             Authenticator authc = securityManager.getAuthenticator();
  111.             // 删除cache,在访问受限接口时会重新授权
  112.             ((LogoutAware) authc).onLogout((SimplePrincipalCollection) attribute);
  113.             log.error("用户强制登出,用户名:{},用户id:{}",user.getRealName(),user.getId());
  114.         }
  115.     }
  116. }

发表评论

表情:
评论列表 (有 0 条评论,113人围观)

还没有评论,来说两句吧...

相关阅读