When shiro is used to cache user information and permissions, my idea is to modify the user’s permissions. It is not necessary for the user to log out and renew the user’s permissions. After modifying the permissions, the background will directly delete the permissions cache.
I read a lot of blogs online, and most of them are the same:
public static void reloadAuthorizing(ShiroRealm shiroRealm, String username){ Subject subject = SecurityUtils.getSubject(); String realmName = subject.getPrincipals().getRealmNames().iterator().next(); / / the first parameter to the user name, the second parameter for realmName SimplePrincipalCollection principals = new SimplePrincipalCollection (username, realmName); subject.runAs(principals); shiroRealm.getAuthorizationCache().remove(subject.getPrincipals()); subject.releaseRunAs(); }Copy the codeIt is not possible to use it locally. I changed my mind, because its data is stored in Redis, so I can directly operate redis, and see the generated key in REIDS
/ * * * demoAuthCache is set myself, just know how to set up online * 123, is my user name, shiro storage is the default user id * can in redisCacheManager setPrincipalIdFieldName (" tel "); Setting their own * / shiro: cache: demoAuthCache: 123Copy the codeThen the redis operation (see the redis package, the main is to delete the key
Shiro: cache: demoAuthCache: 123)
public static void clearPowerInfo(String username){
RedisUtil redis = ApplicationContextUtils.popBean(RedisUtil.class);
redis.del("shiro:cache:" + POWER_REALM_CACHE + ":" + username);
}
Copy the code