本篇内容主要讲解“SecurityUtils.getSubject().getPrincipal()为null的问题怎么解决”,感兴趣的朋友不妨来看看。本文介绍的方法操作简单快捷,实用性强。下面就让小编来带大家学习“SecurityUtils.getSubject().getPrincipal()为null的问题怎么解决”吧!
SecurityUtils.getSubject().getPrincipal()为null
我在项目中获取getUserId(),和getUserName()获取不到值。
他们都是通过SecurityUtils.getSubject().getPrincipal()去获取的。
反复测试发现原因是 :在shiroConfig里面:
该方法,注意(是该接口名)被写为anon,不通过验证,即:
filterMap.put("/druid public class StatelessSessionManager extends DefaultWebSessionManager { public final static String TOKEN_NAME = "TOKEN"; public final static String HEADER_TOKEN_NAME = "token"; public final static Logger LOG = LoggerFactory.getLogger(StatelessSessionManager.class); @Override public Serializable getSessionId(SessionKey key) { Serializable sessionId = key.getSessionId(); if(sessionId == null){ HttpServletRequest request = WebUtils.getHttpRequest(key); HttpServletResponse response = WebUtils.getHttpResponse(key); sessionId = this.getSessionId(request,response); } HttpServletRequest request = WebUtils.getHttpRequest(key); request.setAttribute(TOKEN_NAME,sessionId.toString()); return sessionId; } @Override protected Serializable getSessionId(ServletRequest servletRequest, ServletResponse servletResponse) { HttpServletRequest request = (HttpServletRequest) servletRequest; String token = request.getHeader(HEADER_TOKEN_NAME); if(token == null){ token = UUID.randomUUID().toString(); } //这段代码还没有去查看其作用,但是这是其父类中所拥有的代码,重写完后我复制了过来...开始 request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, token); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); request.setAttribute(ShiroHttpServletRequest.SESSION_ID_URL_REWRITING_ENABLED, isSessionIdUrlRewritingEnabled()); //这段代码还没有去查看其作用,但是这是其父类中所拥有的代码,重写完后我复制了过来...结束 return token; }} @RequestMapping("/") public void login(@RequestParam("code")String code, HttpServletRequest request){ Map<String,Object> data = new HashMap<>(); if(SecurityUtils.getSubject().isAuthenticated()){ //这里代码着已经登陆成功,所以自然不用再次认证,直接从rquest中取出就行了, data.put(StatelessSessionManager.HEADER_TOKEN_NAME,getServerToken()); data.put(BIND,ShiroKit.getUser().getTel() != null); response(data); } LOG.info("授权码为:" + code); AuthorizationService authorizationService = authorizationFactory.getAuthorizationService(Constant.clientType); UserDetail authorization = authorizationService.authorization(code); Oauth3UserDetail userDetail = (Oauth3UserDetail) authorization; loginService.login(userDetail); User user = userService.saveUser(userDetail,Constant.clientType.toString()); ShiroKit.getSession().setAttribute(ShiroKit.USER_DETAIL_KEY,userDetail); ShiroKit.getSession().setAttribute(ShiroKit.USER_KEY,user); data.put(BIND,user.getTel() != null); //这里的代码,必须放到login之执行,因为login后,才会创建session,才会得到最新的token咯 data.put(StatelessSessionManager.HEADER_TOKEN_NAME,getServerToken()); response(data); }}
import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.realm.Realm; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfiguration { @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){ return new LifecycleBeanPostProcessor(); } @Bean public SecurityManager securityManager(Realm realm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setSessionManager(new StatelessSessionManager()); securityManager.setRealm(realm); return securityManager; } @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); bean.setSecurityManager(securityManager); Map<String,String> map = new LinkedHashMap<>(); map.put("/public/**","anon"); map.put("/login/**","anon"); map.put("/**","user"); bean.setFilterChainDefinitionMap(map); return bean; } }
到此,相信大家对“SecurityUtils.getSubject().getPrincipal()为null的问题怎么解决”有了更深的了解,不妨来实际操作一番吧!这里是编程网网站,更多相关内容可以进入相关频道进行查询,关注我们,继续学习!