转载博客:
Shiro 狂神说(学习记录)
1.问题:首次登陆url中携带JSESSIONID
一个配置解决 Shiro 登录 URL 中带 JSESSIONID 的问题
shrio中去掉 login;JSESSIONID
地址栏JSESSIONID问题
页面跳转路径出现;JSESSIONID=XXX的问题【前端VUE+后端JAVA】
shrio中去掉 login;JSESSIONID
解决方法
参考:Springboot+Shiro 去除JSESSIONID
@Bean("sessionManager")
public DefaultWebSessionManager defaultWebSessionManager(){
DefaultWebSessionManager manager = new DefaultWebSessionManager();
// 去掉shiro登录时url里的JSESSIONID
manager.setSessionIdUrlRewritingEnabled(false);
return manager;
}
@Bean
public SecurityManager securityManager(UserReaalm userReaalm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userReaalm);
// 注入session的管理
securityManager.setSessionManager(defaultWebSessionManager());
securityManager.setRememberMeManager(null);
return securityManager;
}
2.shiro密码加密认证
参考博客:
SpringBoot集成Shiro实现密码加密,解密
RandomStringUtils
3.shiro实现记住我功能
参考博客:
springboot整合shiro-配置记住我(四)
使用SpringBoot+Shiro实现记住我功能
springboot集成shiro——登陆记住我
User实体类未序列化报错:
o.a.shiro.mgt.DefaultSecurityManager : Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during onSuccessfulLogin. RememberMe services will not be performed for account [com.sfn.bms.system.model.User@86fc436].
org.apache.shiro.io.SerializationException: Unable to serialize object [com.sfn.bms.system.model.User@86fc436]. In order for the DefaultSerializer to serialize this object, the [org.apache.shiro.subject.SimplePrincipalCollection] class must implement java.io.Serializable.
实现序列化即可
public class User implements Serializable {
private static final long serialVersionUID = 1L;
private int id;
private String userName;
private String passWord;
private String perm;
private Integer permID;
private String salt;
private String originPassWord;
}
shiro授权
参考博客:
springboot+shiro实现授权和认证
Springboot集成Shiro完成认证授权
Spring Boot使用Shiro实现登录授权认证
springboot+shiro+mybatis实现角色权限控制
spring boot + shiro 实现角色权限控制