SptringBoot在整合Shiro在设定登录url(shiroFilterFactoryBean.setLoginUrl("/login"))时发现,一直在登录里面循环调用/login。
@RequestMapping(value = "/login")
public String login(HttpServletRequest request, ModelMap map) {
String exception = (String) request.getAttribute("shiroLoginFailure");
String msg = "";
if (exception != null) {
if (UnknownAccountException.class.getName().equals(exception)) {
System.out.println("UnknownAccountException -- > 账号不存在:");
msg = "UnknownAccountException -- > 账号不存在:";
} else if (IncorrectCredentialsException.class.getName().equals(exception)) {
System.out.println("IncorrectCredentialsException -- > 密码不正确:");
msg = "IncorrectCredentialsException -- > 密码不正确:";
} else if ("kaptchaValidateFailed".equals(exception)) {
System.out.println("kaptchaValidateFailed -- > 验证码错误");
msg = "kaptchaValidateFailed -- > 验证码错误";
} else {
msg = "else >> " + exception;
System.out.println("else -- >" + exception);
}
}
map.put("msg", msg);
return "login";
}
主要原因是因为:filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/images/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/json/**", "anon");
静态资源没有设定为可匿名访问。而前端页面中
<div class="login_face"><img src="${pageContext.request.contextPath}/images/face.jpg" class="userAvatar"></div>
所有涉及到引用静态资源的地方,都会验证失败,失败就会再次进入/login,造成了重复调用/login的现象。