shiro + cas前后端分离遇到的奇怪问题
记录@Value的奇怪问题
项目背景
shiro + cas前后端分离项目
先看一下代码
package com.jsong.wiki.backend.filter;
import com.alibaba.fastjson.JSON;
import lombok.extern.log4j.Log4j2;
import org.apache.shiro.cas.CasFilter;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.util.SavedRequest;
import org.apache.shiro.web.util.WebUtils;
import org.mockito.internal.util.StringUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* casfilter过滤器
* @Author: Jsong
* @Date: 2020/2/27 21:58
* @Description:
*/
//@Component
@Log4j2
public class MyAuthenticationFilter extends CasFilter {
@Value("${front.baseUrl}")
private String frontBaseUrl;
@Value("{shiro.loginUrl}")
private String loginUrl;
@Value("${front.uri}")
private String frontUri;
@Value("${api.uri}")
private String apiUri;
private String test = "http://127.0.0.1:28080/#";
// @Autowired
// private MyFormAuthenticationFilter myFormAuthenticationFilter;
@Override
protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
String originalUrl = ((ShiroHttpServletRequest) request).getHeader(apiUri);
// SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
if (originalUrl == null || "".equals(originalUrl)) {
// 重cookie中获取上次请求的地址,并且重定向到前端
Cookie[] cookies = ((ShiroHttpServletRequest) request).getCookies();
for (Cookie cookie : cookies) {
if(frontUri.equals(cookie.getName())){
// 神奇的问题
// originalUrl = frontBaseUrl+ cookie.getValue();
// originalUrl = "http://127.0.0.1:28080/#"+ cookie.getValue();
originalUrl = frontBaseUrl + "/blog-edit";
// originalUrl = test + cookie.getValue();
// originalUrl = "http://127.0.0.1:28080/#/";
log.info("originalUrl:"+originalUrl);
}
}
}
// String requestUri = savedRequest.getRequestURI();
// String redirectUrl = null;
// String[] requestArray = requestUri.split("/blog-backend");
// if(requestArray!=null&&requestArray.length>1){
// redirectUrl = requestArray[1];
// }
log.info(originalUrl);
WebUtils.redirectToSavedRequest(request, response, originalUrl);
}
// @Override
// protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
//
// return myOnAccessDenied(request, response);
// }
//
// protected boolean myOnAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
// return myFormAuthenticationFilter.onAccessDenied(request, response);
// }
}
上面的代码是重写casFilter过滤器,用于过滤cas登录校验
我的代码要达到的目的就是在cas登录成功后,在cookie中获取登录前前端的请求地址
达到登录后重定向到前端。
但是发现一个奇怪的问题
当我使用@Value的 frontBaseUrl 值时,发现登录成功,再次请求接口时,发现是否认证是false,需要在次去cas服务获取tgc,获取st,认证后在走接口。
originalUrl = frontBaseUrl+ cookie.getValue();
当我直接使用 字符串时,登录成功后,再次请求接口,认证就是成功的,不需要再次去cas服务换取st
originalUrl = “http://127.0.0.1:28080/#”+ cookie.getValue();
很神奇 懵逼