springboot前后端分离解决无法识别同一用户问题
自己在写东西的时候发现登陆成功后其他网页访问服务端被shiro拦截,无法使用登陆用户进行操作,下面是我找的可行的方法
- 登陆成功后返回当前用户的sessionId,以后每次请求都带上sessionId
@RequestMapping(value = "/login")
@ResponseBody
public <T> T login(@RequestBody Map map) throws Exception {
String username = (String) map.get("username");
String password = (String) map.get("password");
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
} catch (UnknownAccountException e) {
throw new LoginException("用户名不存在!");
} catch (IncorrectCredentialsException e) {
throw new LoginException("密码错误!");
} catch (LockedAccountException e) {
throw new LoginException("账号被锁定!");
}
SysRole role = sysUserService.findRoleByUsername(username);
String sessionId = (String) subject.getSession().getId();
Map result = new HashMap();
result.put("role", role.getRoleName());//返回角色
result.put("token", sessionId);//将sessionID传给前端 放在header里
return (T) result;
}
- 自己编写一个sessionManager 继承DefaultWebSessionManager
package com.z.common;
import org.apa