本篇内容介绍了“springBoot中shiro的302跳转问题怎么解决”的有关知识,在实际案例的操作过程中,不少人都会遇到这样的困境,接下来就让小编带领大家学习一下如何处理这些情况吧!希望大家仔细阅读,能够学有所成!
springBoot前后端分离项目shiro的302跳转
项目是使用的springboot ,使用的shiro做的用户鉴权。在前端请求时当用户信息失效,session失效的时候,shiro会重定向到配置的login.jsp 页面,或者是自己配置的logUrl。
因是前后端分离项目,与静态资源文件分离,固重定向后,接着会404。
经过查找网上配置资料,发现302原因是
FormAuthenticationFilter中onAccessDenied 方法做了相应处理。那知道问题所在,就可以有解决方了。
重写 onAccessDenied 方法,针对自己的业务做相应处理,然后在加载过滤器配置的时候添加到配置中。
以下是代码
增加类ShiroFormAuthenticationFilter 重新方法
package com.oilpay.wallet.shiro; import com.alibaba.fastjson.JSONObject;import com.oilpay.wallet.interceptor.TokenInterceptor;import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.http.HttpStatus;import org.springframework.web.bind.annotation.RequestMethod; import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.PrintWriter; public class ShiroFormAuthenticationFilter extends FormAuthenticationFilter { Logger logger = LoggerFactory.getLogger(TokenInterceptor.class); @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if (isLoginRequest(request, response)) { if (isLoginSubmission(request, response)) { if (logger.isTraceEnabled()) { logger.trace("Login submission detected. Attempting to execute login."); } return executeLogin(request, response); } else { if (logger.isTraceEnabled()) { logger.trace("Login page view."); } //allow them to see the login page ;) return true; } } else { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse resp = (HttpServletResponse) response; if(req.getMethod().equals(RequestMethod.OPTIONS.name())) { resp.setStatus(HttpStatus.OK.value()); return true; } if (logger.isTraceEnabled()) { logger.trace("Attempting to access a path which requires authentication. Forwarding to the " + "Authentication url [" + getLoginUrl() + "]"); } //前端Ajax请求时requestHeader里面带一些参数,用于判断是否是前端的请求 String test= req.getHeader("test"); if (test!= null || req.getHeader("wkcheck") != null) { //前端Ajax请求,则不会重定向 resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin")); resp.setHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("application/json; charset=utf-8"); resp.setCharacterEncoding("UTF-8"); PrintWriter out = resp.getWriter(); JSONObject result = new JSONObject(); result.put("message", "登录失效"); result.put("resultCode", 1000); out.println(result); out.flush(); out.close(); } else { saveRequestAndRedirectToLogin(request, response); } return false; } }}在过滤器配置中添加
@Bean(name="shiroFilter") public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) { ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(manager); //配置访问权限 LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>(); filterChainDefinitionMap.put("/common/logout", "logout"); filterChainDefinitionMap.put("/","anon"); filterChainDefinitionMap.put("/common/login","anon"); filterChainDefinitionMap.put("/commonpublic class MyFilter extends FormAuthenticationFilter{ private Logger log = LoggerFactory.getLogger(MyFilter.class); protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { //进行重写,业务逻辑 }}“springBoot中shiro的302跳转问题怎么解决”的内容就介绍到这里了,感谢大家的阅读。如果想了解更多行业相关的知识可以关注编程网网站,小编将为大家输出更多高质量的实用文章!
