springmvc shiro 同时支持token 前后端分离

最新推荐文章于 2024-10-27 16:20:46 发布

原创最新推荐文章于 2024-10-27 16:20:46 发布 · 430 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#vue.js #javascript #前端

工作之旅专栏收录该内容

32 篇文章

订阅专栏

该博客介绍了Apache Shiro的配置，包括`DefaultWebSecurityManager`、`ShiroSessionManager`和`ShiroRealm`的设置，以及自定义的`MyShiroFilterFactoryBean`用于权限控制。在关键代码中，自定义的`ShiroSessionManager`从HTTP请求头的`authToken`获取session ID，实现了小程序的鉴权逻辑。同时，提供了一个使用Vue和uni-app的HTTP请求拦截器示例，展示如何在请求头中添加`authToken`以进行身份验证。

ApplicationContext.xml配置

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="MShiroRealm" />
		<property name="sessionManager" ref="ShiroSessionManager"/>
	</bean>
	<bean id="ShiroSessionManager" class="com.windoer.tz.shiro.ShiroSessionManager"></bean>
	<bean id="MShiroRealm" class="com.windoer.tz.shiro.ShiroRealm"></bean>
	<bean id="shiroFilter" class="com.windoer.tz.shiro.MyShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
		<property name="loginUrl" value="/login" />
		<property name="successUrl" value="/index" />
		<property name="unauthorizedUrl" value="/login" />

		<property name="filterChainDefinitions">
			<value>
				/= anon
				/news/**= anon
				/assets/login/** = anon
				/to_login/** = anon
				/applet_login/** = anon
				/appelt/**= anon
				/** = authc
			</value>
		</property>
	</bean>

关键代码


public class ShiroSessionManager extends DefaultWebSessionManager {
    public static final String AUTHORIZATION = "authToken";
    private static final String REDERENCED_SEESION_ID_SOURCE = "Stateless request";

    public  ShiroSessionManager(){
        super();
    }

    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response){
        String token = WebUtils.toHttp(request).getHeader(AUTHORIZATION);
        if(!StringUtils.isEmpty(token)){
            //如果请求头中有authToken 值为sessionid
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,REDERENCED_SEESION_ID_SOURCE);
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID,token);
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID,Boolean.TRUE);
            return token;
        }else{
            //如果请求头中没有authToken 则按照父类方式在cookie中获取
            return super.getSessionId(request,response);
        }
    }
}

在小程序中请求头中带上 authToken


import Vue from 'vue'
import Request from '@/js_sdk/luch-request/luch-request/index.js'
 
const http = new Request({
	baseURL: Vue.prototype.$host, //设置请求的base url
	timeout: 300000, //超时时长5分钟,
	header: {
		'Content-Type': 'application/json;charset=UTF-8;',
	}
})

//请求拦截器
http.interceptors.request.use((config) => { 
	config.header = {
		...config.header,
		'authToken':Vue.prototype.$store.state.token,
		'content-type':'application/x-www-form-urlencoded',
	  }
	  if(config.data&&!config.data.noShowLoading){
		  uni.showLoading({
			title: '加载中'
		  });
	  }
	if (config.method === 'POST') {
		// config.data = JSON.stringify(config.data);
	}
	return config
}, error => {
	return Promise.resolve(error)
})

// 响应拦截器
http.interceptors.response.use((response) => {
	// console.log('响应拦截器');
	uni.hideLoading();
	return response
}, (error) => {
	if (error.statusCode == 302) {
		uni.clearStorageSync();
		uni.switchTab({
			url: "/pages/home/home"
		})
	}
	//未登录时清空缓存跳转
	if (error.statusCode == 401) {
		uni.clearStorageSync();
		uni.switchTab({
			// url: "/pages/changguan/subscribe-fill"
			url: "/pages/home/home"
		})
	}
	return Promise.resolve(error)
})
export default http;