该博客介绍了如何在SpringBoot结合Shiro的环境下,处理前后端分离项目的session问题。通过在前端登录后存储JWT token,并在后续请求中携带此token,后端则验证token的有效性来实现身份认证。
首先处理由于前后端分离导致的session不通问题
要在前段登录之后存储登录成功的token,之后每次请求在head中传递此token,然后后台添加如下类
/**
* 创建人: chenyidong
* 创建时间: 2020/1/3 下午12:22
* 说明: fangchan:自定义session生成方式
*/
public class MySessionManager extends DefaultWebSessionManager {
private Logger logger = Logger.getLogger("MySessionManager");
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response){
String id = WebUtils.toHttp(request).getHeader("token");
if(StringUtils.isEmpty(id)){
//如果没有携带id参数则按照父类的方式在cookie进行获取
return super.getSessionId(request, response);
}else{
//如果请求头中有 authToken 则其值为sessionId
logger.info("使用传递session"+id);
request.setAttribute(REFERENCED_SESSION_ID_SOURCE,"Stateless request");
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID,id);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID,Boolean.TRUE);
return id;
}
}
}
下面过滤传递过来的token是否有效
public class FormValidataFilter extends FormAuthenticationFilter {
private Logger logger = Logger.getLogger("FormValidataFilter");
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
if (isLoginSubmission(request, response)) {
return executeLogin(request, response);
} else {
return true;
}
} else {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
PrintWriter writer = response.getWriter();
JSONObject jsonObject = new JSONObject();
jsonObject.put("code", "4001");
jsonObject.put("message", "登录失效,请重新登录");
writer.print(jsonObject);
return false;
}
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
