1.前言
当决定前端与后端代码分开部署时,发现shiro自带的session不起作用了。
然后通过对请求head的分析,然后在网上查找一部分解决方案。
最终就是,登录成功之后,前端接收到后端传回来的sessionId,存入cookie当中。
之后,前端向后端发送请求时,请求Head中都会带上这个sessionid。
后端代码通过对这个sessionid的解析,拿到正确的session。
2.代码改造
(1)后端代码改造
添加CustomSessionManager.java
-
/** -
* 类的详细说明 -
* -
* @author 郭广明 -
* @version 1.0 -
* @Date 2018/11/3014:56 -
*/ -
public class CustomSessionManager extends DefaultWebSessionManager { -
-
/** -
* 获取请求头中key为“Authorization”的value == sessionId -
*/ -
private static final String AUTHORIZATION ="Authorization"; -
-
private static final String REFERENCED_SESSION_ID_SOURCE = "cookie"; -
-
/** -
* @Description shiro框架 自定义session获取方式<br/> -
* 可自定义session获取规则。这里采用ajax请求头 {@link AUTHORIZATION}携带sessionId的方式 -
*/ -
@Override -
protected Serializable getSessionId(ServletRequest request, ServletResponse response) { -
// TODO Auto-generated method stub -
String sessionId = WebUtils.toHttp(request).getHeader(AUTHORIZATION); -
if (StringUtils.isNotEmpty(sessionId)) { -
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE); -
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId); -
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); -
return sessionId; -
} -
return super.getSessionId(request, response); -
} -
-
}
-
改造ShiroConfig.java
-
@Configuration -
public class ShiroConfig { -
-
@Autowired -
private UserService userService; -
-
@Bean -
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { -
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); -
-
// 必须设置 SecurityManager -
shiroFilterFactoryBean.setSecurityManager(securityManager); -
-
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面 -
shiroFilterFactoryBean.setLoginUrl("/login"); -
-
// 拦截器. -
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); -
// 配置不会被拦截的链接 顺序判断 -
filterChainDefinitionMap.put("/static/**", "anon"); -
filterChainDefinitionMap.put("/doLogin", "anon"); -
filterChainDefinitionMap.put("/swagger-resources", "anon"); -
filterChainDefinitionMap.put("/v2/api-docs", "anon"); -
filterChainDefinitionMap.put("/webjars/**", "anon"); -
filterChainDefinitionMap.put("/swagger-ui.html", "anon"); -
-
// <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了; -
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问--> -
filterChainDefinitionMap.put("/**", "anon"); -
-
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); -
System.out.println("Shiro拦截器工厂类注入成功"); -
return shiroFilterFactoryBean; -
} -
-
/** -
* 注入MyRealm -
* @return -
*/ -
@Bean -
public SecurityManager securityManager() { -
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); -
// 设置realm. -
securityManager.setSessionManager(sessionManager()); -
securityManager.setRealm(myShiroRealm()); -
return securityManager; -
} -
-
/** -
* 配置注解 -
* @param securityManager -
* @return -
*/ -
@Bean -
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { -
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor -
= new AuthorizationAttributeSourceAdvisor(); -
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); -
return authorizationAttributeSourceAdvisor; -
} -
-
@Bean -
public MyRealm myShiroRealm() { -
return new MyRealm(userService); -
} -
-
@Bean("sessionManager") -
public SessionManager sessionManager(){ -
CustomSessionManager manager = new CustomSessionManager(); -
/*使用了shiro自带缓存, -
如果设置 redis为缓存需要重写CacheManager(其中需要重写Cache) -
manager.setCacheManager(this.RedisCacheManager());*/ -
-
manager.setSessionDAO(new EnterpriseCacheSessionDAO()); -
return manager; -
} -
-
}
-
(2)前端代码改造
添加CookieUtil.js
-
export default { -
setCookie: (name,value,days) =>{ -
var d = new Date; -
d.setTime(d.getTime() + 24*60*60*1000*days); -
window.document.cookie = name + "=" + value + ";path=/;expires=" + d.toGMTString(); -
}, -
getCookie: name =>{ -
var v = window.document.cookie.match('(^|;) ?' + name + '=([^;]*)(;|$)'); -
return v ? v[2] : null; -
}, -
delCookie: name =>{ -
this.setCookie(name, '', -1); //将时间设置为过去时,立即删除cookie -
} -
-
}
-
改造HttpUtil.js
-
import axios from 'axios' -
import doCookie from '@/util/cookieUtil' -
-
axios.defaults.headers.common['Authorization'] = doCookie.getCookie("SESSIONID") -
axios.defaults.baseURL = 'http://127.0.0.1:8080' -
-
-
/** -
* Get请求 -
*/ -
export function get(url, callback){ -
axios.get(url) -
.then(function (response) { -
if(response.data.length==0 || response.data==null) { -
callback(null,true) -
} else { -
callback(response.data,true) -
} -
}) -
.catch(function (error) { -
callback(null,false) -
}) -
} -
-
export function remove(url, callback){ -
axios.delete(url) -
.then(function (response) { -
if(response.data.length==0 || response.data==null) { -
callback(null,true) -
} else { -
callback(response.data,true) -
} -
}) -
.catch(function (error) { -
callback(null,false) -
}) -
} -
-
export function post(url, data, callback){ -
axios.post(url,data) -
.then(function (response) { -
if(response.data.length==0 || response.data==null) { -
callback(null,true) -
} else { -
callback(response.data,true) -
} -
}) -
.catch(function (error) { -
callback(null,false) -
}) -
} -
-
export function put(url, data, callback){ -
axios.put(url,data) -
.then(function (response) { -
if(response.data.length==0 || response.data==null) { -
callback(null,true) -
} else { -
callback(response.data,true) -
} -
}) -
.catch(function (error) { -
callback(null,false) -
}) -
} -
-
-
export default { -
get, -
post, -
put, -
remove, -
}
-
539
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
