項目使用springboot+shiro來驗證用戶，shiro原本是用MemorySessionDAO（shiro默認(rèn)）來存儲的，整個項目都沒有問題，近期我將sessionDao調(diào)整成redisSessionDao（代碼見下）之后，session可以存入的redis，登錄驗證也可以驗證成功，在獲取用戶信息的時候確獲取不到用戶信息,例如SecurityUtils.getSubject().getPrincipal()為null，SecurityUtils.getSubject().isAuthenticated()為false，當(dāng)sessionDao更改為MemorySessionDAO就一切都正常了，試了好長時間，沒有解決，請大牛解答？ redisSessionDao代碼如下： public class RedisSessionDAO extends AbstractSessionDAO{ private Logger logger = LoggerFactory.getLogger(this.getClass()); // session 在redis過期時間是30分鐘30*60 private static int expireTime = 1800; private static String redisPrefix = "shiro-redis-session:"; @Autowired private RedisTemplate<String, Object> redisTemplate; private String getKey(String originalKey) { return redisPrefix + originalKey; } // 創(chuàng)建session，保存到數(shù)據(jù)庫 @Override protected Serializable doCreate(Session session) throws UnknownSessionException { Serializable sessionId = generateSessionId(session); assignSessionId(session, sessionId); logger.debug("createSession:{}", session.getId().toString()); try { redisTemplate.opsForValue().set(getKey(session.getId().toString()), session); }catch (Exception e){ e.printStackTrace(); logger.error(e.getMessage(),e); } return sessionId; } // 獲取session @Override protected Session doReadSession(Serializable sessionId) { logger.debug("readSession:{}", sessionId.toString()); // 先從緩存中獲取session，如果沒有再去數(shù)據(jù)庫中獲取 Session session = null ; try { session = (Session) redisTemplate.opsForValue().get(getKey(sessionId.toString())); }catch (Exception e){ e.printStackTrace(); logger.error(e.getMessage(),e); } return session; } // 更新session的最后一次訪問時間 @Override public void update(Session session) { logger.debug("updateSession:{}", session.getId().toString()); String key = getKey(session.getId().toString()); if (!redisTemplate.hasKey(key)) { redisTemplate.opsForValue().set(key, session); } redisTemplate.expire(key, expireTime, TimeUnit.SECONDS); } // 刪除session @Override public void delete(Session session) { logger.debug("delSession:{}", session.getId()); redisTemplate.delete(getKey(session.getId().toString())); } @Override public Collection<Session> getActiveSessions() { logger.debug("activeSession"); return Collections.emptySet(); } } shiroConfig配置代碼 @Bean(name = "redisSessionDAO") public RedisSessionDAO sessionDAO(){ return new RedisSessionDAO(); } /** * @see DefaultWebSessionManager * @return */ @Bean(name="sessionManager") public DefaultWebSessionManager defaultWebSessionManager() { System.out.println("ShiroConfiguration.defaultWebSessionManager()"); DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); > sessionManager.setSessionDAO(sessionDAO());//此行代碼注釋項目即可正常 sessionManager.setCacheManager(ehCacheManager()); sessionManager.setSessionValidationInterval(3600000*12); sessionManager.setGlobalSessionTimeout(3600000*12); sessionManager.setDeleteInvalidSessions(true); sessionManager.setSessionValidationSchedulerEnabled(true); Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); cookie.setHttpOnly(true); sessionManager.setSessionIdCookie(cookie); return sessionManager; }