複雜請求
造成複雜請求的原因就是在請求頭部添加了token等信息,瀏覽器會認爲是複雜請求。複雜請求的執行過程是有兩步的,瀏覽器會提前發送一個探針請求(也叫預請求)到服務端,這個請求通過以後纔會將真正的請求帶着header的信息發送出去
預請求被攔截
預請求直接被shiro攔截了,所以真正的請求永遠也到不了後臺,這個就是問題的關鍵。此時需要自定義一個攔截器來處理預請求的問題
package com.**.common.shiro.filter;
import org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class MyShiroAuthFilter extends PassThruAuthenticationFilter {
@Override
public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
HttpServletRequest req = (HttpServletRequest)request;
if(req.getMethod().equals(RequestMethod.OPTIONS.name())){
return true;
}
return super.onPreHandle(request, response, mappedValue);
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpResp = WebUtils.toHttp(response);
HttpServletRequest httpReq = WebUtils.toHttp(request);
/**系統重定向會默認把請求頭清空,這裏通過攔截器重新設置請求頭,解決跨域問題*/
httpResp.addHeader("Access-Control-Allow-Origin", httpReq.getHeader("Origin"));
httpResp.addHeader("Access-Control-Allow-Headers", "*");
httpResp.addHeader("Access-Control-Allow-Methods", "*");
httpResp.addHeader("Access-Control-Allow-Credentials", "true");
WebUtils.toHttp(response).sendRedirect(httpReq.getContextPath()+"/user/unauth");
return false;
}
}
然後在shiro的配置文件中添加過濾器
@Bean
public ShiroFilterFactoryBean shirFilter(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager());
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
//注意過濾器配置順序 不能顛倒
//配置退出 過濾器,其中的具體的退出代碼Shiro已經替我們實現了,登出後跳轉配置的loginUrl
filterChainDefinitionMap.put("/user/logout", "logout");
shiroFilterFactoryBean.setLoginUrl("/user/unauth");
filterChainDefinitionMap.put("/user/unauth", "anon");
filterChainDefinitionMap.put("/user/login", "anon");
/**swagger攔截配置*/
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/swagger-resources/**", "anon");
filterChainDefinitionMap.put("/swagger-resources", "anon");
filterChainDefinitionMap.put("/v2/api-docs", "anon");
filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
Map<String, Filter> filters = new HashMap<>();
filters.put("authc",new MyShiroAuthFilter());
shiroFilterFactoryBean.setFilters(filters);
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}