淘先锋技术网

首页 1 2 3 4 5 6 7

shiro超时 ajax,Shiro:ajax的session超时处理

本问题解决方案参照网站多篇文章融合解决,在此表示感谢!

环境:springboot+shiro+jquery-easyui

问题:在ajax请求时,如果此时session已经失效,系统没有自动跳转到登录页面。后来在服务端加了判断ajax请求的代码,结果还是没有用,无法取到ajax特定的head值(X-Requested-With)。发现jquery-easyui表单提交时没有就没有传递这个值。

解决办法:

1.添加拦截器

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

public class SessionFilter extends FormAuthenticationFilter {

private Logger logger = LoggerFactory.getLogger(SessionFilter.class);

private final static String X_REQUESTED_WITH_STRING = "X-Requested-With";

private final static String XML_HTTP_REQUEST_STRING = "XMLHttpRequest";

private final static String SESSION_OUT_STIRNG = "sessionOut";

@Override

protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {

if (this.isLoginRequest(servletRequest, servletResponse)) {

if (this.isLoginSubmission(servletRequest, servletResponse)) {

return this.executeLogin(servletRequest, servletResponse);

} else {

return true;

}

} else {

if (isAjax((HttpServletRequest) servletRequest)) {

servletResponse.getWriter().print(SESSION_OUT_STIRNG);

} else {

this.saveRequestAndRedirectToLogin(servletRequest, servletResponse);

}

return false;

}

}

public boolean isAjax(HttpServletRequest httpServletRequest) {

String header = httpServletRequest.getHeader(X_REQUESTED_WITH_STRING);

if (XML_HTTP_REQUEST_STRING.equalsIgnoreCase(header)) {

logger.debug("当前请求为Ajax请求:{}", httpServletRequest.getRequestURI());

return Boolean.TRUE;

}

logger.debug("当前请求非Ajax请求:{}", httpServletRequest.getRequestURI());

return Boolean.FALSE;

}

}

2.覆盖默认shiro拦截器

@Bean

public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {

ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

// 必须设置 SecurityManager

shiroFilterFactoryBean.setSecurityManager(securityManager);

// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面

shiroFilterFactoryBean.setLoginUrl("/login");

// 登录成功后要跳转的链接

shiroFilterFactoryBean.setSuccessUrl("/index");

// 未授权界面;

shiroFilterFactoryBean.setUnauthorizedUrl("/403");

// 自定义拦截器

Map filtersMap = new LinkedHashMap();

// 限制同一帐号同时在线的个数。

filtersMap.put("kickout", filterKickoutSessionControl());

shiroFilterFactoryBean.setFilters(filtersMap);

// 权限控制map.

Map filterChainDefinitionMap = new LinkedHashMap();

filterChainDefinitionMap.put("/servlet/authimage", "anon");

filterChainDefinitionMap.put(" //————————————————— ...

accordion