Python 官方文档:入门教程 => 点击学习
SpringBoot前后端分离项目shiro的302跳转 项目是使用的springboot ,使用的shiro做的用户鉴权。在前端请求时当用户信息失效,session失效的时候,sh
项目是使用的springboot ,使用的shiro做的用户鉴权。在前端请求时当用户信息失效,session失效的时候,shiro会重定向到配置的login.jsp 页面,或者是自己配置的logUrl。
因是前后端分离项目,与静态资源文件分离,固重定向后,接着会404。
以下是代码
package com.oilpay.wallet.shiro;
import com.alibaba.fastJSON.JSONObject;
import com.oilpay.wallet.interceptor.TokenInterceptor;
import org.apache.shiro.WEB.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.Http.httpstatus;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
public class ShiroFormAuthenticationFilter extends FormAuthenticationFilter {
Logger logger = LoggerFactory.getLogger(TokenInterceptor.class);
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
if (isLoginSubmission(request, response)) {
if (logger.isTraceEnabled()) {
logger.trace("Login submission detected. Attempting to execute login.");
}
return executeLogin(request, response);
} else {
if (logger.isTraceEnabled()) {
logger.trace("Login page view.");
}
//allow them to see the login page ;)
return true;
}
} else {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse) response;
if(req.getMethod().equals(RequestMethod.OPTIONS.name())) {
resp.setStatus(HttpStatus.OK.value());
return true;
}
if (logger.isTraceEnabled()) {
logger.trace("Attempting to access a path which requires authentication. Forwarding to the " +
"Authentication url [" + getLoginUrl() + "]");
}
//前端ajax请求时requestHeader里面带一些参数,用于判断是否是前端的请求
String test= req.getHeader("test");
if (test!= null || req.getHeader("wkcheck") != null) {
//前端Ajax请求,则不会重定向
resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
resp.setHeader("Access-Control-Allow-Credentials", "true");
resp.setContentType("application/json; charset=utf-8");
resp.setCharacterEncoding("UTF-8");
PrintWriter out = resp.getWriter();
JSONObject result = new JSONObject();
result.put("message", "登录失效");
result.put("resultCode", 1000);
out.println(result);
out.flush();
out.close();
} else {
saveRequestAndRedirectToLogin(request, response);
}
return false;
}
}
}
@Bean(name="shiroFilter")
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(manager);
//配置访问权限
LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/common/loGout", "logout");
filterChainDefinitionMap.put("/","anon");
filterChainDefinitionMap.put("/common/login","anon");
filterChainDefinitionMap.put("/common
public class MyFilter extends FormAuthenticationFilter{
private Logger log = LoggerFactory.getLogger(MyFilter.class);
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//进行重写,业务逻辑
}
}
以上为个人经验,希望能给大家一个参考,也希望大家多多支持编程网。
--结束END--
本文标题: springBoot前后端分离项目中shiro的302跳转问题
本文链接: https://www.lsjlt.com/news/160170.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-03-01
2024-03-01
2024-03-01
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0