Session No 14

hibernate深度学习游离状态HQL当我学完这个之后我仿佛都懂了 = =或许这就是 hibernate的⼒量吧.操纵持久化对象（Session）1.1. 在hibernate中java对象的状态Hibernate 把对象分为 4 种状态:¨ 持久化状态,¨ 临时状态,¨ 游离状态,¨ 删除状态.Session 的特定⽅法能使对象从⼀个状态转换到另⼀个状态1.2. 临时对象(transient)¨ 在使⽤代理主键的情况下, OID 通常为 null¨ 不处于 Session 的缓存中¨ 在数据库中没有对应的记录1.2.1. 删除对象(Removed)¨ OID 不为 null¨ 从⼀个 Session实例的缓存中删除¨ Session 已经计划将其从数据库删除, Session 在清理缓存时, 会执⾏ SQL delete 语句, 删除数据库中的对应记录¨ ⼀般情况下, 应⽤程序不该再使⽤被删除的对象1.2.2. 持久化对象(也叫”托管”)（Persist）1.2.3.¨ OID 不为 null¨ 位于 Session 缓存中¨ 持久化对象和数据库中的相关记录对应¨ Session 在清理缓存时, 会根据持久化对象的属性变化, 来同步更新数据库¨ 在同⼀个 Session 实例的缓存中, 数据库表中的每条记录只对应唯⼀的持久化对象1.2.4. 游离对象(也叫”脱管”)(Detached)¨ OID 不为 null¨ 不再处于 Session 的缓存中¨ ⼀般情况需下, 游离对象是由持久化对象转变过来的, 因此在数据库中可能还存在与它对应的记录1.2.5. 对象的状态转换说明（图）对象的状态转换图测试hibernate中java对象的状态程序代码⽣命周期状态tx = session.beginTransaction();开始⽣命周期临时状态Customer c = new Customer);Session.save(c)处于⽣命周期中转变为持久化状态Long id=c.getId();处于⽣命周期中处于持久化状态c = null;Customer c2 =(Customer)session.load(Customer.class,id);mit();session.close();处于⽣命周期中转变为游离态c2.getName();处于⽣命周期中处于游离态c2 = null;结束⽣命周期结束⽣命周期1.2.6. 对象的状态总结Session缓存存在对应的记录数据中存在对应的记录临时态no no持久态yes可能有也可能没有游离态no可能有(数据没有删除)也可能没有1.2.7. 操纵持久化对象的⽅法（Session中）1.2.8. save()Session 的 save() ⽅法使⼀个临时对象转变为持久化对象。

"maximum number of sessions reached"通常表示你的系统已经达到了它允许的最大会话数。

在大多数Linux系统中，这个限制是由`ulimit`命令设置的。

如果你想更改这个限制，你可以使用`ulimit`命令。

首先，你需要以root用户身份登录。

然后，你可以运行以下命令来更改最大会话数：
```bash
ulimit -u <新的最大会话数>
```
这里的`<新的最大会话数>`应该被替换为你希望设置的新限制。

例如，如果你想将最大会话数设置为2000，你应该运行：
```bash
ulimit -u 2000
```
这将会在你的当前会话中更改限制。

如果你希望永久更改这个限制，你需要将这个命令添加到
`/etc/security/limits.conf`文件中。

这可以通过以下命令完成：
```bash
echo "soft nofile <新的最大会话数>" >> /etc/security/limits.conf
echo "hard nofile <新的最大会话数>" >> /etc/security/limits.conf
```
请注意，对于一些系统，最大会话数可能会受到系统资源的限制，例如文件描述符的数量。

在这种情况下，你可能需要增加其他限制，如`nofile`，以允许更多的会话。

Thereisnosessionwithidsession多⼈使⽤⼀个账号1.问题场景：在dev和test环境开发时候，分配的账号是多⼈共⽤的，当⼀个⼈修改权限后，调⽤shiro的清楚服务器sesionId后，当其他⼈再次修改权限信息时候，由于服务器的sessionId已经被全部清空，就会报 There is no session with id "XXX"的问题2.解决⽅式:⽹上说的⼀般是由于SESSIONID和⽐如tomcat/jetty等使⽤的sessionId同名导致的，这个是⼀个原因。

不过我的原因是由于服务器所有的sessionId被清空了导致的，所以做了限制：当⼀个⽤户登录时候，我会先清空这个账号的所有缓存信息，这样不会导致⼀个账号在多个地⽅登录。

不过有些简单package mon.shiro.realm;import mon.collect.Maps;import com.sq.transportmanage.gateway.dao.entity.driverspark.CarAdmUser;import com.sq.transportmanage.gateway.dao.entity.driverspark.SaasPermission;import com.sq.transportmanage.gateway.dao.mapper.driverspark.ex.SaasPermissionExMapper;import com.sq.transportmanage.gateway.dao.mapper.driverspark.ex.SaasRoleExMapper;import com.sq.transportmanage.gateway.service.auth.MyDataSourceService;import mon.constants.Constants;import mon.constants.SaasConst;import mon.dto.SaasPermissionDTO;import mon.shiro.session.RedisSessionDAO;import com.sq.transportmanage.gateway.service.util.BeanUtil;import com.sq.transportmanage.gateway.service.util.MD5Utils;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.session.Session;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.SimplePrincipalCollection;import org.apache.shiro.subject.support.DefaultSubjectContext;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import ponent;import org.springframework.util.CollectionUtils;import java.security.NoSuchAlgorithmException;import java.util.*;/**认证与权限 **//*** 这个就是shiro SSOLogin 的⽤户获取的属性配置*/@Componentpublic class UsernamePasswordRealm extends AuthorizingRealm {private static final Logger logger = LoggerFactory.getLogger(UsernamePasswordRealm.class);@Autowiredprivate MyDataSourceService myDataSourceService;@Autowiredprivate SaasPermissionExMapper saasPermissionExMapper;@Autowiredprivate SaasRoleExMapper saasRoleExMapper;@Autowired@Qualifier("sessionDAO")private RedisSessionDAO redisSessionDAO;/**重写：获取⽤户的⾝份认证信息**/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException{( "[获取⽤户的⾝份认证信息开始]authenticationToken="+authenticationToken);try {UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;CarAdmUser adMUser = myDataSourceService.queryByAccount(token.getUsername());//处理session 防⽌⼀个账号多处登录try {redisSessionDAO.clearRelativeSession(null,null,adMUser.getUserId());} catch (Exception e) {("=========清除session异常============");}SSOLoginUser loginUser = new SSOLoginUser();loginUser.setId( adMUser.getUserId() );loginUser.setLoginName( adMUser.getAccount() );loginUser.setMobile( adMUser.getPhone() );loginUser.setName( adMUser.getUserName() );loginUser.setEmail(adMUser.getEmail());loginUser.setType(null); //loginUser.setStatus( adMUser.getStatus() );loginUser.setAccountType( adMUser.getAccountType() );loginUser.setLevel(adMUser.getLevel());loginUser.setMerchantId(adMUser.getMerchantId());loginUser.setSupplierIds(adMUser.getSuppliers());String md5= null;try {md5 = MD5Utils.getMD5DigestBase64(loginUser.getMerchantId().toString());} catch (NoSuchAlgorithmException e) {("sign error" + e);}if(Constants.MANAGE_MD5.equals(md5)){loginUser.setSuper(true);}else {loginUser.setSuper(false);}List<String> menuUrlList = saasPermissionExMapper.queryPermissionMenussOfUser(adMUser.getUserId());loginUser.setMenuUrlList(menuUrlList);/**当前⽤户所拥有的菜单权限**/List<Integer> permissionIds = saasPermissionExMapper.queryPermissionIdsOfUser(adMUser.getUserId());List<Byte> permissionTypes = Arrays.asList( new Byte[] { SaasConst.PermissionType.MENU });Map<Integer,List<SaasPermissionDTO>> mapPermission = Maps.newHashMap();/**查询所有的⼀级菜单**/if(!CollectionUtils.isEmpty(permissionIds)){List<SaasPermission> permissionList = saasPermissionExMapper.queryModularPermissions(permissionIds);Map<Integer,String> map = Maps.newHashMap();permissionList.forEach(list ->{map.put(list.getPermissionId(),list.getPermissionName());//查询所有⼀级菜单下的⼦菜单以树形结果返回List<SaasPermissionDTO> menuPerms = this.getChildren( permissionIds , list.getPermissionId(), permissionTypes);mapPermission.put(list.getPermissionId(),menuPerms);});loginUser.setMenuPermissionMap(map);loginUser.setMapPermission(mapPermission);}////---------------------------------------------------------------------------------------------------------数据权限BEGIN( "[获取⽤户的⾝份认证信息]="+loginUser);return new SimpleAuthenticationInfo(loginUser, authenticationToken.getCredentials() , this.getName() );} catch (Exception e) {logger.error("获取⽤户的⾝份认证信息异常",e);return null;}}/*** 查询每个⼀级菜单下的⼦菜单* @param permissionIds* @param parentPermissionId* @param permissionTypes tree 树形，list 列表* @return*/private List<SaasPermissionDTO> getChildren( List<Integer> permissionIds, Integer parentPermissionId, List<Byte> permissionTypes ){List<SaasPermission> childrenPos = saasPermissionExMapper.queryPermissions(permissionIds, parentPermissionId, null, permissionTypes, null, null);if(childrenPos==null || childrenPos.size()==0) {return null;}//递归List<SaasPermissionDTO> childrenDtos = BeanUtil.copyList(childrenPos, SaasPermissionDTO.class);Iterator<SaasPermissionDTO> iterator = childrenDtos.iterator();while (iterator.hasNext()) {SaasPermissionDTO childrenDto = iterator.next();List<SaasPermissionDTO> childs = this.getChildren( permissionIds, childrenDto.getPermissionId() , permissionTypes );childrenDto.setChildPermissions(childs);}return childrenDtos;}/*** 查询⾓⾊登录进来所拥有的菜单时候shiro实现* @param principalCollection* @return*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {SSOLoginUser loginUser = (SSOLoginUser) principalCollection.getPrimaryPrincipal();String account = loginUser.getLoginName(); //登录名List<String> perms_string = saasPermissionExMapper.queryPermissionCodesOfUser( loginUser.getId() ); List<String> roles_string = saasRoleExMapper.queryRoleCodesOfUser( loginUser.getId() );SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();Set<String> roles = new HashSet<String>( roles_string );authorizationInfo.setRoles( roles );( "[获取⽤户授权信息(⾓⾊)] "+account+"="+roles);Set<String> perms = new HashSet<String>( perms_string );authorizationInfo.setStringPermissions(perms);( "[获取⽤户授权信息(权限)] "+account+"="+perms);return authorizationInfo;}@Overridepublic Object getAuthorizationCacheKey(PrincipalCollection principals) {SSOLoginUser loginUser = (SSOLoginUser) principals.getPrimaryPrincipal();String account = loginUser.getLoginName(); //登录名return"-AuthInfo-"+account;}@Overridepublic void clearCachedAuthorizationInfo(PrincipalCollection principals) {super.clearCachedAuthorizationInfo(principals);}@Overridepublic void clearCachedAuthenticationInfo(PrincipalCollection principals) {super.clearCachedAuthenticationInfo(principals);}@Overridepublic void clearCache(PrincipalCollection principals) {super.clearCache(principals);}}/**⼆、当权限信息、⾓⾊信息、⽤户信息发⽣变化时，同时清理与之相关联的会话**/@MyDataSource(value = DataSourceType.DRIVERSPARK_MASTER)public void clearRelativeSession( final Integer permissionId, final Integer roleId, final Integer userId ) {final Cache<Serializable, Session> cache = super.getActiveSessionsCache();//final Cache<Serializable, Session> cache = activeSessions;new Thread(new Runnable() {@SuppressWarnings("unchecked")@Overridepublic void run() {try{//A：如果当权限发⽣变化时，查询所关联的全部⾓⾊IDList<Integer> roleIds = new ArrayList<Integer>();if( permissionId!=null ) {roleIds = myDataSourceService.queryRoleIdsOfPermission( permissionId );}//B：如果当⾓⾊发⽣变化时，查询所关联的⽤户IDif( roleId !=null ) {roleIds.add(roleId);}List<Integer> userIds = new ArrayList<Integer>();if( roleIds.size()>0 ) {userIds = myDataSourceService.queryUserIdsOfRole( roleIds );}//C：如果当⽤户发⽣变化时，查询出这些⽤户的登录账户名称if( userId != null ) {("当⽤户发⽣变化时清除缓存userId={}",userId);userIds.add(userId);}List<String> accounts = new ArrayList<String>();if(userIds.size()>0) {accounts = myDataSourceService.queryAccountsOfUsers(userIds);}//D：汇总需要清理的REDIS KEY 和 sessionIdif(accounts.size() ==0) {return;}Set<String> redisKeysNeedDelete = new HashSet<String>();//这是需要清除的所有REDIS KEYSet<String> allSessionIds = new HashSet<String>();//这是需要清除的所有的sessionIdfor( String account : accounts) {redisKeysNeedDelete.add( KEY_PREFIX_OF_SESSIONID + account );Set<String> sessionIds = (Set<String>) redisTemplate.opsForValue().get(KEY_PREFIX_OF_SESSIONID+account);if(sessionIds!=null && sessionIds.size()>0) {allSessionIds.addAll(sessionIds);}}//E1：执⾏清除执久化的会话(这⾥是保存在REDIS中的)for( String sessionId : allSessionIds) {("执⾏清除REDIS的会话缓存sessionId={}",sessionId);redisKeysNeedDelete.add( KEY_PREFIX_OF_SESSION + sessionId );}redisTemplate.delete(redisKeysNeedDelete);//E2：执⾏清理shiro会话缓存if(cache!=null) {for(String sessionId : allSessionIds ){SimpleSession session = (SimpleSession)cache.get(sessionId);if(session!=null) {session.setExpired(true);}("执⾏清理shiro会话缓存sessionId={}",sessionId);cache.remove(sessionId);}}//E3：执⾏清理shiro 认证与授权缓存for( String account : accounts) {("执⾏清理shiro 认证与授权缓存account={}",account);//todo 此处不合理,应该⽤下⾯的代码这个是临时⽅案:执⾏退出的操作相当于⼿动点击退出这个触发条件太⼴泛了要加很多逻辑判断那些⼈需要退出/*Subject subject = SecurityUtils.getSubject();if(subject.isAuthenticated()) {subject.logout();}*/SSOLoginUser principal = new SSOLoginUser();principal.setLoginName( account );SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection( );simplePrincipalCollection.add(principal, authorizingRealm.getName() );((UsernamePasswordRealm)authorizingRealm).clearCache( simplePrincipalCollection );}}catch(Exception ex) {logger.error("清除缓存异常",ex);}finally {//DynamicRoutingDataSource.setDefault("mdbcarmanage-DataSource");}}}).start();}。

session测试的测试点session测试的测试点1.session的创建时间点是打开浏览器访问开始创建session?还是⽤户登陆时开始创建session? 还是其它情况下创建的2.session的删除时间点过期⽂件是否删除，关闭浏览器时，session是否会删除？当有多个窗⼝时，是全部关掉还是关掉⼀个会删除session?3.session超时基于Session原理，需要验证系统session是否有超时机制，还需要验证session超时后功能是否还能继续⾛下去测试⽅法：1）打开⼀个页⾯，等着10分钟session超时时间到了，然后对页⾯进⾏操作，查看效果。

2）多TAB浏览器，在两个TAB页中都保留的是⽤户A的session记录，然后在其中⼀个TAB页执⾏退出操作，马上在另外⼀个页⾯进⾏要验证的操作，查看是能继续到下⼀步还是到登录页⾯。

4.session互窜即是⽤户A的操作被⽤户B执⾏：测试⽅法：多TAB浏览器，在两个TAB页中都保留的是⽤户A的session记录，然后在其中⼀个TAB页执⾏退出操作，登陆⽤户B，此时两个TAB页都是B的session，然后在另⼀个A的页⾯执⾏操作，查看是否能成功。

预期结果：有权限控制的操作，B不能执⾏A页⾯的操作，应该报错，没有权限控制的操作，B执⾏了A页⾯操作后，数据记录是B的⽽不是A的5.Session垃圾回收6.关闭浏览器同时关闭session7.Session 销毁8.session丢失代码问题9.不同浏览器Session的共享机制不⼀致IE中，所有打开的IE窗⼝（IE 进程）共享⼀个session。

除⾮，⽤户通过菜单 File > New session 打开新窗⼝，或者使⽤命令⾏参数iexplore.exe -nomerge 来打开IE。

另外，当所有IE窗⼝被关闭后，session 结束。

10.服务器端是否设置了最⼤并发session数量防⽌由于登录⼈数过多，造成服务器内存被消耗殆尽或服务器⽆响应的情况。

wlan ssid-profile "default"wpa-passphrase 1234567890 ---tkip设置provision-ap copy-provisioning-params ip-addr 192.168.102.250 provision-ap no ipaddrprovision-ap a-ant-gain 2provision-ap g-ant-gain 2provision-ap a-antenna 1provision-ap g-antenna 1provision-ap external-antennaprovision-ap master 192.168.102.100provision-ap server-ip 192.168.102.100provision-ap ap-group "default"provision-ap ap-name "00:0b:86:cb:bd:62"provision-ap no syslocationprovision-ap fqln ""provision-ap reprovision ip-addr 192.168.102.250interface loopback ip address "192.168.30.200"apboot> helpboot - run bootcmd or boot AP image or elf file or from flashcd - cfg register displaycw - cfg register writedis - disassemble instructionsdhcp - invoke DHCP client to obtain IP/boot paramseloop - loopback received ethernet framesflash - FLASH sub-systemgo - start application at address 'addr'help - print online helpmc - memory copymd - memory displaymii - MII sub-systemmtest - simple RAM testnetstat - net statisticsmw - memory writeping - ping net hostprintenv - env displaypurgeenv - purge envregs - display various regsreset - reset processorrun - run commands in an environment variablesaveenv - save environment variables to persistent storagesetenv - set variable in env (ipaddr/netmask/gatewayip/master/serverip) setenv ipaddr x.x.x.xsetenv netmask x.x.x.xsetenv gatewayip x.x.x.xsetenv serverip x.x.x.xsetenv master x.x.x.xtcpdump - dump received packetstcpsend - send TCP packettftpboot - boot via tftptlb - dump TLBtrace - dump trace bufferversion - print monitor versionwdog - stop refreshing watchdog timerapboot>No spanning-tree 关闭spanning-treeAdp discover disable 关闭ADPAdp imgp-join disable 关闭im-j一、WEB页面认证1、wlan ssid-profile (staff-ssid-profile) ：定义ssid配置文件1.1 essid staff ：定义ssid下的essid—显示出来的ssid2、wlan virtual-ap (staff-vap-profile) ：定义virtual-ap的配置文件2.1 ssid-profile (staff-ssid-profile) :在virtual-ap下引用定义过SSID2.2 vlan ID aa，bb :把virtual-ap加入到要ssid所属VLAN3、aaa profile staff-aaa-profile ：定义AAA认证配置文件4、aaa server-group (staff-servergroup) ：定义server-group配置文件4.1 auth-server internal ：定义认证服务器为本地认证4.2 set role condition role value-of 设置角色set role condition <condition> set-value <role> position <number>5、aaa authentication captive-portal (staff-auth-profile) ：captive-portal配置5.1 server-group staff-servergroup ：在下面引用定义过的server-group6、user-role staff-logon ：定义用户登陆前权限的配文件6.1 access-list session logon-control position 1定义用户登陆前的权限--位置16.2 access-list session captiveportal position 2 定义用户登陆前的权限--26.3 Captive-Portal staff-auth-profile position 3定义过captive-portalRe-authentication interval 480 再次认证间隔480秒默认3600秒7、user-role vip-role ：定义用户成功登陆后的配置文件7.1session-acl allowall 赋予所有允许权限session-acl http-acl 只有http8、wlan virtual-ap staff-vap-profile ：进入定义过的virtual-ap配置文件8.1 aaa-profile staff-aaa-profile ：引用定义过的AAA配置文件9、ap-group default ：定义ap-group，最好用默认的9.1 virtual-ap staff-vap-profile ：引用定义过的Virtual-ap配置文件10、aaa profile staff-aaa-profile ：进入定义过的AAA配置文件10.1 initial-role staff-logon ：把initial-role改为定义过用户登陆前配置11、aaa authentication-server internal use-local-switch ：定义认证SERVER为本地交换机12、local-userdb add username staff password 123456 role vip-role :定义用户的登陆的用户名和密码及权限二、MAC 地址认证配置1、wlan ssid-profile (staff-ssid-profile) ：定义ssid配置文件1.1 essid staff ：定义ssid下的essid2、wlan virtual-ap (staff-vap-profile) ：定义virtual-ap的配置文件2.1 ssid-profile (staff-ssid-profile) :virtual-ap下引用定义过的SSID配置文件2.2 vlan ID :把virtual-ap加入到要ssid所属的VLAN3、aaa profile staff-aaa-mac-profile ：定义AAA认证配置文件4、aaa authentication mac staff-mac-profile :定义mac配置文件4.1 Delimiter dash ：定义mac地址的格式4.2 Case upper （upper/lower）：定义mac地址的大/小写备注：aaa authentication mac staff-mac-profileclone <profile>delimiter {colon|dash|none}max-authentication-failures 数字aaa authentication mac mac-blacklist MAC黑名单max-authentication-failures 5 最多认证失败次数5、aaa server-group (staff-macservergroup) ：定义server-group配置文件5.1 auth-server internal ：定义认证服务器为本地认证5.2 set role condition role value-of6、user-role staff-logon ：定义用户登陆前权限的配文件6.1 access-list session logon-control ：定义用户登陆前的权限6.2 access-list session captiveportal ：定义用户登陆前的权限7、user-role vip-role ：定义用户成功登陆后的配置文件7.1session-acl allowall ：赋予权限8、wlan virtual-ap staff-vap-profile ：进入定义过的virtual-ap配置文件8.1 aaa-profile staff-aaa-mac-profile ：引用定义过的AAA配置文件9、ap-group default ：定义ap-group，最好用默认的9.1 virtual-ap staff-vap-profile ：引用定义过的Virtual-ap配置文件10、aaa profile staff-aaa-mac-profile ：进入定义过的AAA配置文件10.1 initial-role staff-logon ：把initial-role改为定义过的用户登陆前的配置文件10.2 authentication-mac staff-mac-profile :把定义的authentication mac文件引用10.3 mac-server-group staff-macservergroup :把定义的servergroup加入11、aaa authentication-server internal use-local-switch ：定义认证SERVER为本地交换机12、local-userdb add username mac地址password mac地址 role vip-role :定义用户的登陆的用户名和密码及权限注意：如果是有线直接连在端口上的话要进行认证必须把连接口设为UNTRUSTED.同时在设定：进入aaa authentication wired 后设定：profile (staff-aaa-profile) 为你设定认证的AAA profileBlacklist：5次错误就拒绝访问show aaa authentication captive-portal default：Max authentication failures 改为5次show aaa authentication dot1x default：Max authentication failures 改为5次1、aaa bandwidth-contract "256" kbits "256"2、aaa bandwidth-contract "256" kbits 256ip access-list session "pass"any any any permit queue low!user-role "ap512"access-list "pass" position 1bw-contract "256" per-user upstreambw-contract "256" per-user downstreamaaa bandwidth-contract "2M-BW" mbits "2" 带宽2M控制aaa bandwidth-contract 128_up kbits 128 带宽128k控制aaa bandwidth-contract 512 kbits 512aaa bandwidth-contract 64 kbits 64aaa bandwidth-contract 256 kbits 256aaa bandwidth-contract 1 mbits 1 带宽1M控制aaa bandwidth-contract 128_up kbits 128user-role 128bw-contract 128_up per-user upstreamuser-role ap-rolesession-acl controlsession-acl ap-acl!user-role pre-employeesession-acl allowallMaster mobility controller configuration1Initial setup of Aruba-master2Core VLAN configuration and IP addressing3Core VLAN port assignment4Loopback IP address ----- interface loopback ip address 设置环回地址Deploy APs5配置AP VLAN6配置 AP VLAN DHCP Server7Connect Aruba APs8Provisioning Aruba APs(Aruba-master) (config-if)#write mSaving Configuration...ip dhcp pool "userpool" 定义pool的名字default-router 192.168.11.254 定义默认路由网关—loopback地址dns-server 192.168.11.254---202.106.0.20 定义DNS网关lease 8 0 0network 192.168.11.0 255.255.255.0service dhcp 启动dhcpinterface gigabitethernet 1/1no muxportswitchport mode trunkip default-gateway 192.168.0.254interface vlan 1no ip addressno ip igmpinterface gigabitethernet 1/1no switchport access vlaninterface loopback ip address "192.168.0.100"(Aruba800-4) (config) # show ip interface briefInterface IP Address / IP Netmask Admin Protocolvlan 1 172.16.0.254 / 255.255.255.0 up upvlan 10 192.168.0.1 / 255.255.255.0 up upvlan 30 192.168.30.200 / 255.255.255.0 up uploopback unassigned / unassigned up up(Aruba800-4) (config) # rf arm-profile default ----------关闭ARM后调整channel---ok (Aruba800-4) (Adaptive Radio Management (ARM) profile "default") #assignment disable (Aruba800-4) (Adaptive Radio Management (ARM) profile "default") #no scan(Aruba800-4) (Adaptive Radio Management (ARM) profile "default") #write memoryrf dot11g-radio-profile "default"tx-power 20 ------------------------发射功率调整rf dot11g-radio-profile "default"channel 11 ------------------------调整AP信道interface vlan 20ip address 192.168.0.1 255.255.255.0ip nat insideno ip igmp存配置：24 (Aruba2400) #configure t25(Aruba2400) (config) #copy tftp: 172.16.0.100 aruba2400-0904.cfg flash: 2400.bak 26(Aruba2400) (config) #copy flash: 2400.bak flash: 2400.cfg27(Aruba2400) # copy running-config tftp: 192.168.4.100 aruba2400-0904.cfgRadius配置：aaa authentication-server radius Radius1host <ipaddr>key <key>enableaaa server-group corpnetauth-server Radius1dot1x配置：aaa authentication dot1x corpnetaaa profile corpnetauthentication-dot1x corpnetdot1x-default-role employeedot1x-server-group corpnetvirtual AP:wlan ssid-profile corpnetessid Corpnetopmode wpa2-aeswlan virtual-ap corpnetvlan 1aaa-profile corpnetssid-profile corpnetap-group defaultvirtual-ap corpnet时间设定：time-range workhours periodic周期weekday 09:00 to 17:00ip access-list session restricted 受限制any any svc-http permit time-range workhoursany any svc-https permit time-range workhoursuser-role guestsession-acl restrictedmesh设置：ap mesh-radio-profile <profile-name>11a-portal-channel <11a-portal-channel>11g-portal-channel <11g-portal-channel>a-tx-rates [6|9|12|18|24|36|48|54]beacon-period <beacon-period>children <children>clone <source-profile-name>g-tx-rates [1|2|5|6|9|11|12|18|24|36|48|54]heartbeat-threshold <count>hop-count <hop-count>link-threshold <count>max-retries <max-retries>metric-algorithm {best-link-rssi|distributed-tree-rssimpv <vlan-id>rts-threshold <rts-threshold>tx-power <tx-power>ap mesh-radio-profile <profile-name>clone <source-profile-name>ap-group <group>mesh-radio-profile <profile-name>ap-name <name>mesh-radio-profile <profile-name>wlan ssid-profile <profile>essid <name>opmode <method> 方式wpa-passphrase <string> (if necessary)wlan virtual-ap <name>ssid-profile <profile>vlan <vlan>forward-mode bridgeaaa-profile <name>rap-operation {always|backup|persistent}ap-group <name>virtual-ap <name># ip access-list session "Employee-Policy"any any any permit queue lowRemote AP配置The firewall must be configured to pass NAT-T traffic (UDP port 4500) to the controller.)1、Configure a public IP address for the controller.2、Configure the VPN server on the controller. The remote AP will be a VPN client to the server.3、Configure the remote AP role.4、Configure the authentication server that will validate the username and password for the remote AP.5、Provision the AP with IPSec settings, including the username and passwordfor the AP, before you install it at the remote location.1、Cli：vlan <id>interface fastethernet <slot>/<port>switchport access vlan <id>interface vlan <id>ip address <ipaddr> <mask>2、Using the CLI to configure VPN server:vpdn group l2tpppp authentication PAPip local pool <pool> <start-ipaddr> <end-ipaddr>crypto isakmp key <key> address <ipaddr> netmask <mask>3、Using the CLI to configure the user role:(table1) (config) # user-role remote(table1) (config-role) #session-acl allowallip access-list session <policy>any any svc-papi permitany any svc-gre permitany any svc-l2tp permitany alias mswitch svc-tftp permitany alias mswitch svc-ftp permit4、Using the CLI to configure the VPN authentication profile:4.1 aaa server-group <group>auth-server <server>4.2 aaa authentication vp ndefault-role <role>server-group <group>5、Using the CLI to enable double encryption:ap system-profile <profile>double-encryptap-name <name> 需要插上远端AP后配置ap-system-profile <profile>Using the CLI to enable double encryption:ap system-profile <profile>double-encryptap-name <name>ap-system-profile <profile>Using the CLI to configure the AAA profile:aaa profile <name>initial-role <role>authentication-dot1x <dot1x-profile>dot1x-default-role <role>dot1x-server-group <group>Using the CLI to define the backup configuration in the virtual AP profile: wlan ssid-profile <profile>essid <name>opmode <method>wpa-passphrase <string> (if necessary)wlan virtual-ap <name>ssid-profile <profile>vlan <vlan>forward-mode bridgeaaa-profile <name>rap-operation {always|backup|persistent}ap-group <name>virtual-ap <name>orap-name <name>virtual-ap <name>Using the CLI to configure the DHCP server on the AP:ap system-profile <name>lms-ip <ipaddr>master-ip <ipaddr>rap-dhcp-server-vlan <vlan>wlan virtual-ap <name>ssid-profile <profile>vlan <vlan>forward-mode bridgeaaa-profile <name>rap-operation {always|backup|persistent}ap-group <name>ap-system-profile <name>virtual-ap <name>orap-name <name>ap-system-profile <name> virtual-ap <name>。

Session的有效期设置⽅式⼀：在web.xml中设置session-config如下：<session-config><session-timeout>2</session-timeout></session-config>即客户端连续两次与服务器交互间隔时间最长为2分钟，2分钟后session.getAttribute()获取的值为空API信息：session.getCreationTime() 获取session的创建时间session.getLastAccessedTime() 获取上次与服务器交互时间session.getMaxInactiveInterval() 获取session最⼤的不活动的间隔时间，以秒为单位120秒。

<!-- 登录状态过滤,可以过滤掉不需要进⾏超时验证的url --><filter><filter-name>loginFilter</filter-name><filter-class>com.software.filter.LoginFilter</filter-class></filter><filter-mapping><filter-name>loginFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!---以上代码指明具体的路径，具体的代码见附录>⽅式⼆：在Tomcat的/conf/web.xml中session-config,默认值为：30分钟<session-config><session-timeout>30</session-timeout></session-config>⽅式三：在Servlet中设置HttpSession session = request.getSession();session.setMaxInactiveInterval(60);//单位为秒说明：1.优先级：Servlet中API设置 > 程序/web.xml设置 > Tomcat/conf/web.xml设置2.若访问服务器session超时（本次访问与上次访问时间间隔⼤于session最⼤的不活动的间隔时间）了，即上次会话结束，但服务器与客户端会产⽣⼀个新的会话，之前的session⾥的属性值全部丢失，产⽣新的sesssionId3.客户端与服务器⼀次有效会话（session没有超时），每次访问sessionId相同，若代码中设置了session.setMaxInactiveInterval()值，那么这个session的最⼤不活动间隔时间将被修改，并被应⽤为新值。

session不及时释放导致内存溢出的功能问题分析背景：做⼀个⽹站的时候，觉察服务器上⼀段⼯夫尤其不安宁，每隔⼀段⼯夫就会报”OutOfMemoryError： PermGen space”讹谬，于是⽹站也就歇菜了.安排环境：windows2003，tomcat6.0，spring mvc2.5帮助分析⼯具：jprofile6,visualvm,mat分析过程：1.⾃我察看阶段。

由于是报perm区失常，我率先想到，系统默认perm区太⼩，想想该当要调剂perm区⼤⼩，敞开catalina.bat，设置了JAVA_OPTS，JAVA_OPTS="-server -Xms512m -Xmx2048m -XX:PermSize=128M -XX:MaxNewSize=256m -XX:MaxPermSize=784m"这么设置后，模仿歇菜时候的情形举⾏压⼒测验，觉察蛮安宁的，未曾揭⽰什么问题，这时⼜精细察看代码，⼤约就未曾揭⽰频繁创⽴不可回收的草芥对象，于是就先这么吧。

过了⼀段⼯夫觉察⼜出问题了，还是perm溢出。

随后我计算下perm区曾经够⼤了，怎么还会报这个失常，此刻极其弥蒙中....2.⼯具帮助分析。

visualvm 利⽤visualvm看看perm区是否真的像传说中说的那样---"perm溢出了"，看来还是恳挚点⽤apache⾃带的⼯具做压⼒测验看看是不是这个地⽅引起的测验⼯具⽤apache⾃带的 ./ab -n 100000 -c 40 http://om/class/kw-童卫⾐.html40个并发的时候perm区在30m处跌停，⼤约坚持0增长。

看来和perm区没联系。

perm区看下heap区觉察问题了 40并发下到尔后⼤约坚持5分钟顺次full gc了，这么开⼼啊，本来heap区出问题了，多个利⽤放在⼀个tomcat⾥的时候，万⼀⼀个利⽤刚好这么了，刚开始的heap，导航仪好像也没什么问题，烦闷了~~~继续弥蒙~~~~只能期待，等着出问题吧...半个⼩时过去了，还是这么....陡然觉察惊喜了。

问卷星八年级下册英语鲁教版第六单元sessionA练习1、Marie is a _______ girl.She always smiles and says hello to others. [单选题] *A. shyB. friendly(正确答案)C. healthyD. crazy2、More than one student_____absent from the class yesterday due to the flu. [单选题] *A.areB.hasC.isD.was(正确答案)3、I shall never forget the days（）we worked on the farm. [单选题] *A. when(正确答案)B. whatC. whichD. on that4、John is fond of playing _____ basketball and Jack is keen on playing _____ piano. [单选题] * A．/…the(正确答案)B．the…/C．/…/D．the…the5、He runs so fast that no one can _______ him. [单选题] *A. keep upB. keep awayC. keep up with(正确答案)D. keep on6、Once you get on the road, here are some traffic _______ to remember. [单选题] *A. problemsB. positionsC. rules(正确答案)D. points7、?I am good at schoolwork. I often help my classmates _______ English. [单选题] *A. atC. inD. with(正确答案)8、Last week they _______ in climbing the Yuelu Mountain. [单选题] *A. succeeded(正确答案)B. succeedC. successD. successful9、--Why are you late for school today?--I’m sorry. I didn’t catch the early bus and I had to _______ the next one. [单选题] *A. wait for(正确答案)B. ask forC. care forD. stand for10、She is a girl, _______ name is Lily. [单选题] *A. whose(正确答案)B. whoC. which11、If you know the answer, _______ your hand, please. [单选题] *A. put up(正确答案)B. put downC. put onD. put in12、17．Joe is a good student and he is busy ______ his studies every day. [单选题] * A．inB．with(正确答案)C．byD．for13、—______ —（）[单选题] *A. How long did you stay there?B. How much did you pay for the dress?C. How many flowers did you buy?(正确答案)D. How often did you visit your grandparents?14、Location is the first thing customers consider when_____to buy a house. [单选题] *A.planning(正确答案)B.plannedC.having plannedD.to plan15、—Look at those purple gloves! Are they ______, Mary?—No, they aren’t. ______ are pink. （）[单选题] *A. you; IB. your; MyC. yours; Mine(正确答案)D. you; Me16、Medicines are to be taken according to the doctor’s advice. [单选题] *A. 发放B. 提取C. 配方D. 服用(正确答案)17、I’m sorry there are ______ apples in the fridge. You must go and buy some right now.（）[单选题] *A. a littleB. littleC. a fewD. few(正确答案)18、She returns home every year to _______ the Spring Festival. [单选题] *A. celebrate(正确答案)B. shareC. watchD. congratulate19、A small village cuts across the river. [单选题] *A. 切B. 穿过(正确答案)C. 划船D. 踢20、Many people prefer the bowls made of steel to the _____ made of plastic. [单选题] *A. itB. ones(正确答案)C. oneD. them21、68．—How ________ apples do you want?—I want two kilos. How ________ are they?—They are 5 yuan. [单选题] *A．much; manyB．many; much(正确答案)C．many; manyD．much; much22、I _______ the job because I couldn’t stand(忍受) the rules. [单选题] *A. gave inB. gave outC. gave backD. gave up(正确答案)23、Don’t _______ to close the door when you leave the classroom. [单选题] *A. missB. loseC. forget(正确答案)D. remember24、Sitting at the back of the room（）a very shy girl with two bright eyes. [单选题] *A. is(正确答案)B. areC. hasD. there was25、Finally he had to break his promise. [单选题] *A. 计划B. 花瓶C. 习惯D. 诺言(正确答案)26、Sometimes Americans are said to be _____. [单选题] *A superficially friendB superficial friendC. superficial friendlyD. superficially friendly(正确答案)27、Tom’s mother will let him _______ traveling if he comes back?in five days. [单选题] *A. to goB. goesC. wentD. go(正确答案)28、_______ your help, I passed the English exam. [单选题] *A. ThanksB. Thanks to(正确答案)C. Thank youD. Thank to29、--Jimmy, you are supposed to?_______ your toys now.--Yes, mom. [单选题] *A. put upB. put onC. put away(正确答案)D. put down30、-We’ve spent too much money recently–well,it isn’t surprising. Our friend and relatives_______around all the time [单选题] *ingB. had comeC. were comingD have been coming(正确答案)。