首先處理由於前後端分離導致的session不通問題
要在前段登錄之後存儲登錄成功的token,之後每次請求在head中傳遞此token,然後後臺添加如下類
/**
* 創建人: chenyidong
* 創建時間: 2020/1/3 下午12:22
* 說明: fangchan:自定義session生成方式
*/
public class MySessionManager extends DefaultWebSessionManager {
private Logger logger = Logger.getLogger("MySessionManager");
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response){
String id = WebUtils.toHttp(request).getHeader("token");
if(StringUtils.isEmpty(id)){
//如果沒有攜帶id參數則按照父類的方式在cookie進行獲取
return super.getSessionId(request, response);
}else{
//如果請求頭中有 authToken 則其值爲sessionId
logger.info("使用傳遞session"+id);
request.setAttribute(REFERENCED_SESSION_ID_SOURCE,"Stateless request");
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID,id);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID,Boolean.TRUE);
return id;
}
}
}
下面過濾傳遞過來的token是否有效
public class FormValidataFilter extends FormAuthenticationFilter {
private Logger logger = Logger.getLogger("FormValidataFilter");
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
if (isLoginSubmission(request, response)) {
return executeLogin(request, response);
} else {
return true;
}
} else {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
PrintWriter writer = response.getWriter();
JSONObject jsonObject = new JSONObject();
jsonObject.put("code", "4001");
jsonObject.put("message", "登錄失效,請重新登錄");
writer.print(jsonObject);
return false;
}
}
}