自定义过滤写法:
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.LogoutFilter;
/**
*
* 重写退出过滤器,防止推出登录后,一直报找不到sessionId的异常错误
* @author chen.kai
* @date 2020年7月22日 下午11:20:12
*
*/
public class DefaultLogoutFilter extends LogoutFilter {
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
Subject subject = getSubject(request, response);
String redirectUrl = getRedirectUrl(request, response, subject);
try {
//清空缓存
subject.logout();
} catch (SessionException e) {
e.printStackTrace();
}
issueRedirect(request, response, redirectUrl);
return false;
}
}
ShiroConfig过滤器里面代码写法:
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author chen.kai
* @date 2020年7月21日 上午10:04:58
*
*/
@Configuration
public class ShiroConfig {
//private final static Logger logger = LoggerFactory.getLogger(ShiroConfig.class);
@Value("${spring.redis.host}")
private String host;
@Value("${spring.redis.port}")
private int port;
@Value("${spring.redis.password}")
private String password;
/**
* 设置过滤器工厂
*
* @author chen.kai
* @date 2020年7月21日 上午10:14:10
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
factoryBean.setLoginUrl("/manage/login");
factoryBean.setUnauthorizedUrl("/manage/forbid");
Map<String, String> filterMap = new LinkedHashMap<>();
// 静态资源放行
filterMap.put("/scripts/**", "anon");
filterMap.put("/plugins/**", "anon");
filterMap.put("/images/**", "anon");
filterMap.put("/styles/**", "anon");
filterMap.put("/fonts/**", "anon");
//验证码
// 登录,注册,登出
filterMap.put("/manage/login**", "anon");
//这里注意logout的写法
filterMap.put("/manage/logout**", "logout");
filterMap.put("/manage/**", "authc,perms");
filterMap.put("/**", "user");
factoryBean.setFilterChainDefinitionMap(filterMap);
Map<String, Filter> filtersMap = new LinkedHashMap<>(1);
//添加过滤器,设置这里以后,就不要在Controller里面写loginout方法了
filtersMap.put("logout", new DefaultLogoutFilter());
factoryBean.setFilters(filtersMap);
return factoryBean;
}
}
以前Controller里面的logout方法,有了过滤器这里已经不会执行了,所以直接注释掉就行了
/**
* @Desc 用户登录
* @author chen.kai
*/
@Controller
@RequestMapping("/manage")
public class UserLoginController {
/*
//这里可以注释掉了,因为这个方法永远不会执行,已经有自定义的过滤器执行了
@RequestMapping(value = "/logout", method = RequestMethod.GET)
@OperationLogs(businessType = BusinessType.LOGOUT, businessName = "退出登录")
public String logout() {
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:/manage/login";
}
*/
}