本篇内容介绍了“springBoot中shiro的302跳转问题怎么解决”的有关知识,在实际案例的操作过程中,不少人都会遇到这样的困境,接下来就让小编带领大家学习一下如何处理这些情况吧!希望大家仔细阅读,能够学有所成!
springBoot前后端分离项目shiro的302跳转
项目是使用的springboot ,使用的shiro做的用户鉴权。在前端请求时当用户信息失效,session失效的时候,shiro会重定向到配置的login.jsp 页面,或者是自己配置的logUrl。
因是前后端分离项目,与静态资源文件分离,固重定向后,接着会404。
经过查找网上配置资料,发现302原因是
-
FormAuthenticationFilter中onAccessDenied 方法做了相应处理。那知道问题所在,就可以有解决方了。
-
重写 onAccessDenied 方法,针对自己的业务做相应处理,然后在加载过滤器配置的时候添加到配置中。
以下是代码
增加类ShiroFormAuthenticationFilter 重新方法
package com.oilpay.wallet.shiro;
import com.alibaba.fastjson.JSONObject;
import com.oilpay.wallet.interceptor.TokenInterceptor;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
/**
*
* 重写权限验证问题,登录失效后返回状态码
*
*/
public class ShiroFormAuthenticationFilter extends FormAuthenticationFilter {
Logger logger = LoggerFactory.getLogger(TokenInterceptor.class);
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
if (isLoginSubmission(request, response)) {
if (logger.isTraceEnabled()) {
logger.trace("Login submission detected. Attempting to execute login.");
}
return executeLogin(request, response);
} else {
if (logger.isTraceEnabled()) {
logger.trace("Login page view.");
}
//allow them to see the login page ;)
return true;
}
} else {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse) response;
if(req.getMethod().equals(RequestMethod.OPTIONS.name())) {
resp.setStatus(HttpStatus.OK.value());
return true;
}
if (logger.isTraceEnabled()) {
logger.trace("Attempting to access a path which requires authentication. Forwarding to the " +
"Authentication url [" + getLoginUrl() + "]");
}
//前端Ajax请求时requestHeader里面带一些参数,用于判断是否是前端的请求
String test= req.getHeader("test");
if (test!= null || req.getHeader("wkcheck") != null) {
//前端Ajax请求,则不会重定向
resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
resp.setHeader("Access-Control-Allow-Credentials", "true");
resp.setContentType("application/json; charset=utf-8");
resp.setCharacterEncoding("UTF-8");
PrintWriter out = resp.getWriter();
JSONObject result = new JSONObject();
result.put("message", "登录失效");
result.put("resultCode", 1000);
out.println(result);
out.flush();
out.close();
} else {
saveRequestAndRedirectToLogin(request, response);
}
return false;
}
}
}
在过滤器配置中添加
@Bean(name="shiroFilter")
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(manager);
//配置访问权限
LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/common/logout", "logout");
filterChainDefinitionMap.put("/","anon");
filterChainDefinitionMap.put("/common/login","anon");
filterChainDefinitionMap.put("/common/*","anon");
filterChainDefinitionMap.put("/imageVerifyCode/getCode", "anon");
filterChainDefinitionMap.put("/sendVerifyCode/register", "anon");
filterChainDefinitionMap.put("/sendVerifyCode/resetLoginPwd", "anon");
filterChainDefinitionMap.put("/**", "authc"); //表示需要认证才可以访问
LinkedHashMap<String, Filter> filtsMap=new LinkedHashMap<String, Filter>();
filtsMap.put("authc",new ShiroFormAuthenticationFilter() );
shiroFilterFactoryBean.setFilters(filtsMap);
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
至此,可以按照自己的需求做相应处理。
关于shiro 总是302的问题
我的原因是使用了authc,由于autuc对应的过滤器FormAuthenticationFilter中onAccessDenied方法返回的值都为false,所以访问url时会一直进行循环重定向,解决方案:重写onAccessDenied方法,并注入到shiroFiter中。
附上shiro配置文件
<!-- shiroFilter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- 设定角色的登录链接,这里为cas登录页面的链接可配置回调地址 --> <!-- 登录地址 --> <property name="loginUrl" value="/login.html"/> <!-- 登录后跳转到业务页面 --> <property name="successUrl" value="/index.do"/> <!-- 错误页面 --> <property name="unauthorizedUrl" value="/denied.html"/> <property name="filters"> <map> <!--将重写了的FormAuthenticationFilter.onAccessDenied方法的类注入到其中--> <entry key="authc" value-ref="formAuthenticationFilter"></entry> </map> </property> <property name="filterChainDefinitions"> <value> /login.html=anon <!--配置静态资源--> /js/**=anon /templates/**=anon /assets/**=anon /css/**=anon <!--权限设置--> /index.do=authc /user/login.do=anon /**=authc </value> </property> </bean> <!-- 重写FormAuthenticationFilter的onAccessDenied方法的自定义过滤器 --> <bean id="formAuthenticationFilter" class="com.jd.risk.giasys.service.realm.filter.MyFilter" />
重写onAccessDenied方法
package com.jd.risk.giasys.service.realm.filter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/**
* Created by jianghaisong on 2017/12/17.
*/
public class MyFilter extends FormAuthenticationFilter{
private Logger log = LoggerFactory.getLogger(MyFilter.class);
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//进行重写,业务逻辑
}
}
“springBoot中shiro的302跳转问题怎么解决”的内容就介绍到这里了,感谢大家的阅读。如果想了解更多行业相关的知识可以关注本站网站,小编将为大家输出更多高质量的实用文章!
