参考:https://www.cnblogs.com/zhuxiaojie/p/7809767.html#autoid-2-0-0
方法1、添加参数JSESSIONID
0、修改默认SessionManager
public DefaultWebSecurityManager() {
((DefaultSubjectDAO)this.subjectDAO).setSessionStorageEvaluator(new DefaultWebSessionStorageEvaluator());
this.sessionMode = "http";
this.setSubjectFactory(new DefaultWebSubjectFactory());
this.setRememberMeManager(new CookieRememberMeManager());
this.setSessionManager(new ServletContainerSessionManager());//默认使用ServletContainerSessionManager进行session管理,
}
从上面的构造函数中可以发现默认使用ServletContainerSessionManager进行session管理
可以通过下面修改为DefaultWebSessionManager
securityManager.setSessionManager(new DefaultWebSessionManager());
1、在进行登录的时候讲JSESSIONID进行返回
UsernamePasswordToken toke = new UsernamePasswordCaptchaToken();
toke.setPassword(password.toCharArray());
toke.setUsername(userName);
Subject subject = SecurityUtils.getSubject();
subject.login(toke);
Object sd = subject.getPrincipal();
sessionId = (String) subject.getSession().getId();
return sessionId ;
2、在请求参数中添加JSESSIONID参数为登录时返回的sessionId
查看DefaultWebSessionManager源码
private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {
String id = this.getSessionIdCookieValue(request, response);
if (id != null) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "cookie");
} else {
id = this.getUriPathSegmentParamValue(request, "JSESSIONID");
if (id == null) {
String name = this.getSessionIdName();//得到JSESSIONID参数名称
id = request.getParameter(name);//获取到参数的值
if (id == null) {
id = request.getParameter(name.toLowerCase());
}
}
if (id != null) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
}
}
if (id != null) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
}
request.setAttribute(ShiroHttpServletRequest.SESSION_ID_URL_REWRITING_ENABLED, this.isSessionIdUrlRewritingEnabled());
return id;
}
从上面的代码中看到注释行,英此可以通过在参数中添加JSESSIONID参数进行登录验证