参考:
https://blog.csdn.net/woshiyeguiren/article/details/79194003 [spingmvc + ajax]
前端所有请求使用fetch提交:
https://blog.51cto.com/zhuxianzhong/2125523?utm_source=oschina-app
注意:要改为确保浏览器不在请求中包含凭据,请使用credentials: ‘omit’,如果只使用默认值(不设置omit),可能在请求里面还是包含cookie提交和响应。
fetch在requestheader里面统一添加后端口的sessionId,我们用token。
重写shiro的SessionManager:主要是getSessionId方法实现从header里面取得sessionId,这样后台可以方便的使用shiro的session进行登录管理。这个方法由于不需要使用cookie,跨过了浏览器的同源策略,可以方便的支撑前后端分离,包括跨域的支撑。
SessionManager核心代码如下:
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.Serializable;
import java.util.Collection;
import java.util.Date;
/**
* 自定义WEB会话管理类
*/
public class SessionManager extends DefaultWebSessionManager {
public SessionManager() {
super();
}
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
// 如果参数中包含“__sid”参数,则使用此sid会话。 例如:http://localhost/project?__sid=xxx&__cookie=true
String sid = request.getParameter("__sid");
/* HttpServletRequest httpRequest = (HttpServletRequest) request;
Cookie[] cookies=httpRequest.getCookies();
for(Cookie coo:cookies){
if(coo.getName().equals("_JSESSIONID")){
sid=coo.getValue();
}
}*/
if (StringUtils.isNotBlank(sid)) {
// 是否将sid保存到cookie,浏览器模式下使用此参数。
if (WebUtils.isTrue(request, "__cookie")){
HttpServletRequest rq = (HttpServletRequest)request;
HttpServletResponse rs = (HttpServletResponse)response;
org.apache.shiro.web.servlet.Cookie template = getSessionIdCookie();
SimpleCookie cookie = new SimpleCookie(template);
cookie.setValue(sid); cookie.saveTo(rq, rs);
}
// 设置当前session状态
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); // session来源与url
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sid);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
return sid;
}else{
HttpServletRequest rq = (HttpServletRequest)request;
String token=rq.getHeader("token");
if(com.leimingtech.core.common.StringUtils.isNotEmpty(token)){
return token;
}
return super.getSessionId(request, response);
}
}
@Override
public void validateSessions() {
super.validateSessions();
}
protected Session retrieveSession(SessionKey sessionKey) {
try{
return super.retrieveSession(sessionKey);
}catch (UnknownSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public Date getStartTimestamp(SessionKey key) {
try{
return super.getStartTimestamp(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public Date getLastAccessTime(SessionKey key) {
try{
return super.getLastAccessTime(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public long getTimeout(SessionKey key){
try{
return super.getTimeout(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return 0;
}
}
public void setTimeout(SessionKey key, long maxIdleTimeInMillis) {
try{
super.setTimeout(key, maxIdleTimeInMillis);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
}
}
public void touch(SessionKey key) {
try{
super.touch(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
}
}
public String getHost(SessionKey key) {
try{
return super.getHost(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public Collection<Object> getAttributeKeys(SessionKey key) {
try{
return super.getAttributeKeys(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public Object getAttribute(SessionKey sessionKey, Object attributeKey) {
try{
return super.getAttribute(sessionKey, attributeKey);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public void setAttribute(SessionKey sessionKey, Object attributeKey, Object value) {
try{
super.setAttribute(sessionKey, attributeKey, value);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
}
}
public Object removeAttribute(SessionKey sessionKey, Object attributeKey) {
try{
return super.removeAttribute(sessionKey, attributeKey);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
return null;
}
}
public void stop(SessionKey key) {
try{
super.stop(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
}
}
public void checkValid(SessionKey key) {
try{
super.checkValid(key);
}catch (InvalidSessionException e) {
// 获取不到SESSION不抛出异常
}
}
@Override
protected Session doCreateSession(SessionContext context) {
try{
return super.doCreateSession(context);
}catch (IllegalStateException e) {
return null;
}
}
@Override
protected Session newSessionInstance(SessionContext context) {
Session session = super.newSessionInstance(context);
session.setTimeout(getGlobalSessionTimeout());
return session;
}
@Override
public Session start(SessionContext context) {
try{
return super.start(context);
}catch (NullPointerException e) {
SimpleSession session = new SimpleSession();
session.setId(0);
return session;
}
}
}