您好,登錄后才能下訂單哦!
本篇內容介紹了“springBoot中shiro的302跳轉問題怎么解決”的有關知識,在實際案例的操作過程中,不少人都會遇到這樣的困境,接下來就讓小編帶領大家學習一下如何處理這些情況吧!希望大家仔細閱讀,能夠學有所成!
項目是使用的springboot ,使用的shiro做的用戶鑒權。在前端請求時當用戶信息失效,session失效的時候,shiro會重定向到配置的login.jsp 頁面,或者是自己配置的logUrl。
因是前后端分離項目,與靜態(tài)資源文件分離,固重定向后,接著會404。
FormAuthenticationFilter中onAccessDenied 方法做了相應處理。那知道問題所在,就可以有解決方了。
重寫 onAccessDenied 方法,針對自己的業(yè)務做相應處理,然后在加載過濾器配置的時候添加到配置中。
以下是代碼
package com.oilpay.wallet.shiro; import com.alibaba.fastjson.JSONObject; import com.oilpay.wallet.interceptor.TokenInterceptor; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.RequestMethod; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.PrintWriter; /** * * 重寫權限驗證問題,登錄失效后返回狀態(tài)碼 * */ public class ShiroFormAuthenticationFilter extends FormAuthenticationFilter { Logger logger = LoggerFactory.getLogger(TokenInterceptor.class); @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if (isLoginRequest(request, response)) { if (isLoginSubmission(request, response)) { if (logger.isTraceEnabled()) { logger.trace("Login submission detected. Attempting to execute login."); } return executeLogin(request, response); } else { if (logger.isTraceEnabled()) { logger.trace("Login page view."); } //allow them to see the login page ;) return true; } } else { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse resp = (HttpServletResponse) response; if(req.getMethod().equals(RequestMethod.OPTIONS.name())) { resp.setStatus(HttpStatus.OK.value()); return true; } if (logger.isTraceEnabled()) { logger.trace("Attempting to access a path which requires authentication. Forwarding to the " + "Authentication url [" + getLoginUrl() + "]"); } //前端Ajax請求時requestHeader里面帶一些參數,用于判斷是否是前端的請求 String test= req.getHeader("test"); if (test!= null || req.getHeader("wkcheck") != null) { //前端Ajax請求,則不會重定向 resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin")); resp.setHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("application/json; charset=utf-8"); resp.setCharacterEncoding("UTF-8"); PrintWriter out = resp.getWriter(); JSONObject result = new JSONObject(); result.put("message", "登錄失效"); result.put("resultCode", 1000); out.println(result); out.flush(); out.close(); } else { saveRequestAndRedirectToLogin(request, response); } return false; } } }
@Bean(name="shiroFilter") public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) { ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(manager); //配置訪問權限 LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>(); filterChainDefinitionMap.put("/common/logout", "logout"); filterChainDefinitionMap.put("/","anon"); filterChainDefinitionMap.put("/common/login","anon"); filterChainDefinitionMap.put("/common/*","anon"); filterChainDefinitionMap.put("/imageVerifyCode/getCode", "anon"); filterChainDefinitionMap.put("/sendVerifyCode/register", "anon"); filterChainDefinitionMap.put("/sendVerifyCode/resetLoginPwd", "anon"); filterChainDefinitionMap.put("/**", "authc"); //表示需要認證才可以訪問 LinkedHashMap<String, Filter> filtsMap=new LinkedHashMap<String, Filter>(); filtsMap.put("authc",new ShiroFormAuthenticationFilter() ); shiroFilterFactoryBean.setFilters(filtsMap); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; }
至此,可以按照自己的需求做相應處理。
我的原因是使用了authc,由于autuc對應的過濾器FormAuthenticationFilter中onAccessDenied方法返回的值都為false,所以訪問url時會一直進行循環(huán)重定向,解決方案:重寫onAccessDenied方法,并注入到shiroFiter中。
<!-- shiroFilter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- 設定角色的登錄鏈接,這里為cas登錄頁面的鏈接可配置回調地址 --> <!-- 登錄地址 --> <property name="loginUrl" value="/login.html"/> <!-- 登錄后跳轉到業(yè)務頁面 --> <property name="successUrl" value="/index.do"/> <!-- 錯誤頁面 --> <property name="unauthorizedUrl" value="/denied.html"/> <property name="filters"> <map> <!--將重寫了的FormAuthenticationFilter.onAccessDenied方法的類注入到其中--> <entry key="authc" value-ref="formAuthenticationFilter"></entry> </map> </property> <property name="filterChainDefinitions"> <value> /login.html=anon <!--配置靜態(tài)資源--> /js/**=anon /templates/**=anon /assets/**=anon /css/**=anon <!--權限設置--> /index.do=authc /user/login.do=anon /**=authc </value> </property> </bean> <!-- 重寫FormAuthenticationFilter的onAccessDenied方法的自定義過濾器 --> <bean id="formAuthenticationFilter" class="com.jd.risk.giasys.service.realm.filter.MyFilter" />
package com.jd.risk.giasys.service.realm.filter; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; /** * Created by jianghaisong on 2017/12/17. */ public class MyFilter extends FormAuthenticationFilter{ private Logger log = LoggerFactory.getLogger(MyFilter.class); protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { //進行重寫,業(yè)務邏輯 } }
“springBoot中shiro的302跳轉問題怎么解決”的內容就介紹到這里了,感謝大家的閱讀。如果想了解更多行業(yè)相關的知識可以關注億速云網站,小編將為大家輸出更多高質量的實用文章!
免責聲明:本站發(fā)布的內容(圖片、視頻和文字)以原創(chuàng)、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。