springboot整合shiro无法获取当前用户session中值为null

maven包

<dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.5.3</version>
        </dependency>

实现AuthorizingRealm接口

//校验权限
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        if (principals == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        }
        User admin = (User) getAvailablePrincipal(principals);
        String roleId  =  userRoleService.findbyUserId(Integer.valueOf(admin.getUserId())).getRoleId();
        Integer[] roleIds = {Integer.valueOf(roleId)};
        Set<String> roles = new HashSet<>();
        roles.add(roleService.selectByPrimaryKey(Integer.valueOf(userRoleService.findbyUserId(admin.getId()).getRoleId())).getName());
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.setRoles(roles);
        return info;
    }

    //校验用户
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername();
        String password = new String(upToken.getPassword());

        if (StringUtils.isEmpty(username)) {
            throw new AccountException("用户名不能为空");
        }
        if (StringUtils.isEmpty(password)) {
            throw new AccountException("密码不能为空");
        }
        UserExample userExample = new UserExample();
        userExample.or().andUsernameEqualTo(username);
        List<User> adminList = userService.selectByExample(userExample);
        Assert.state(adminList.size() < 2, "同一个用户名存在两个账户");
        if (adminList.size() == 0) {
            throw new UnknownAccountException("找不到用户（" + username + "）的帐号信息");
        }
        User user = adminList.get(0);

        if (!MD5Utils.getSaltverifyMD5(password, user.getPassword())) {
            throw new UnknownAccountException("找不到用户（" + username + "）的帐号信息");
        }
        user.setPassword("");
        SecurityUtils.getSubject().getSession().setAttribute("User", user);

        return new SimpleAuthenticationInfo(user, password, getName());
    }

SecurityUtils.getSubject().getSession().setAttribute(“User”, user);//这一句就是把user的信息放session中

然后是接口

 @GetMapping("/info")
    public List getpermissions(){
        User user = (User) SecurityUtils.getSubject().getSession().getAttribute("User");
        if(user == null) {
            throw new Error();
        }
        UserRoleExample userRoleExample = new UserRoleExample();
        userRoleExample.or().andUserIdEqualTo(String.valueOf(user.getUserId()));
        RolePermissionExample rolePermissionExample = new RolePermissionExample();
        rolePermissionExample.or().andRoleIdEqualTo(String.valueOf(userRoleService.selectByExample(userRoleExample).get(0).getRoleId()));
         List<String> list =  rolePermissionService.selectByExample(rolePermissionExample).stream().map(item-> {
             return item.getPermissionId();
         }).collect(Collectors.toList());
        PermissionExample permissionExample= new PermissionExample();
        permissionExample.or().andPermissionIdIn(list);
        return permissionService.selectByExample(permissionExample);
        }

直接这样应该也行不过没试

Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();//使用这个就不需要session存储了

这样就完了，但是登录后调info接口user一直是null

找了好久原因甚至都怀疑是不是必须要使用jwt了,收到https://blog.csdn.net/MOKEXFDGH/article/details/96113161的启发，去掉@CrossOrigin就好了,前端去解决跨域问题,具体为何这样我研究一下再更…