shiro登陆后，去掉URL中的jsessionId

今天搭建了spring + shiro 的一个系统，在成功登录后，跳转的URL中，始终有jsessionId。网上查资料，怎么去掉。

主要执行以下步骤：

1、重写 ShiroHttpServletResponse

[code="java"][code="java"]public class MyShiroHttpServletResponse extends ShiroHttpServletResponse

{

    public MyShiroHttpServletResponse(HttpServletResponse wrapped,ServletContext context, ShiroHttpServletRequest request) {

        super(wrapped, context, request);

    }  

    @Override

    protected String toEncoded(String url, String sessionId) {

        if ((url == null) || (sessionId == null))

            return (url);

        String path = url;

        String query = "";

        String anchor = "";

        int question = url.indexOf('?');

        if (question >= 0) {

            path = url.substring(0, question);

            query = url.substring(question);

        }

        int pound = path.indexOf('#');

        if (pound >= 0) {

            anchor = path.substring(pound);

            path = path.substring(0, pound);

        }

        StringBuilder sb = new StringBuilder(path);

        //重写toEncoded方法，注释掉这几行代码就不会再生成JESSIONID了。

//        if (sb.length() > 0) { // session id param can't be first.

//            sb.append(";");

//            sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);

//            sb.append("=");

//            sb.append(sessionId);

//        }

        sb.append(anchor);

        sb.append(query);

        return (sb.toString());

    }

}

[/code][/code]


2、重写ShiroFilterFactoryBean

public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean
{
    @Override
    public Class getObjectType()
    {
        return MySpringShiroFilter.class;
    }

    @Override
    protected AbstractShiroFilter createInstance() throws Exception
    {

        org.apache.shiro.web.mgt.DefaultWebSecurityManager securityManager = (org.apache.shiro.web.mgt.DefaultWebSecurityManager) getSecurityManager();
        if (securityManager == null)
        {
            String msg = "SecurityManager property must be set.";
            throw new BeanInitializationException(msg);
        }

        if (!(securityManager instanceof WebSecurityManager))
        {
            String msg = "The security manager does not implement the WebSecurityManager interface.";
            throw new BeanInitializationException(msg);
        }
        FilterChainManager manager = createFilterChainManager();

        PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
        chainResolver.setFilterChainManager(manager);

        return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
    }

    private static final class MySpringShiroFilter extends AbstractShiroFilter
    {

        protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver)
        {
            super();
            if (webSecurityManager == null)
            {
                throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
            }
            setSecurityManager(webSecurityManager);
            if (resolver != null)
            {
                setFilterChainResolver(resolver);
            }
        }

        @Override
        protected ServletResponse wrapServletResponse(HttpServletResponse orig,
            ShiroHttpServletRequest request)
        {
            return new MyShiroHttpServletResponse(orig, getServletContext(), request);
        }
    }
}

3、修改shiro.xml 配置文件

<bean id="shiroFilter" class="com.fritt.core.shiro.MyShiroFilterFactoryBean">
		<!-- Shiro的核心安全接口，这个属性是必须的 -->
		<property name="securityManager" ref="securityManager"></property>
		<!-- 要求登录时的链接(登录页面地址) -->
		<property name="loginUrl" value="/login"></property>
		<!-- 登录成功后要跳转的连接-->
		<property name="successUrl" value="/" ></property> 
		<!-- 用户访问未对其授权的资源时，所显示的连接 -->
		<property name="filters">

然后，就解决了jsessionId的问题