-
Shiro去掉登录时url里的JSESSIONID,允许分号 中文参数
Shiro升级1.8之后默认不允许中文参数,以及分号(;)参数,导致系统首次打开时,因带有;JSESSIONID=参数,系统出现400错误页面。
配置允许;号参数后即可解决,如果想要去掉JSESSIONID参数,可按如下方式处理
一、去掉登录时url里面的JSESSIONID参数
@Bean @ConditionalOnMissingBean public DefaultWebSessionManager sessionManager(ShiroProp shiroProp) { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); // 去掉shiro登录时url里的JSESSIONID sessionManager.setSessionIdUrlRewritingEnabled(false); return sessionManager; } @Bean @ConditionalOnMissingBean public org.apache.shiro.mgt.SecurityManager securityManager(EhCacheManager cacheManager, RememberMeManager rememberMeManager, AbstractShiroDbRealm shiroDbRealm, SessionManager sessionManager, ShiroProp shiroProp) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); // 设置realm. securityManager.setRealm(shiroDbRealm); securityManager.setCacheManager(cacheManager); securityManager.setRememberMeManager(rememberMeManager); // 设置sessionManager,去掉shiro登录时url里的JSESSIONID securityManager.setSessionManager(sessionManager); return securityManager; }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
二、允许分号/中文参数
重写invalidRequest过滤器,允许;号参数以及中文参数
1)定义InvalidRequestFilter bean对象
2)配置shiroFilter对象,重新配置invalidRequest过滤器private InvalidRequestFilter invalidRequestFilter(){ InvalidRequestFilter invalidRequestFilter = new InvalidRequestFilter(); //允许中文参数地址 invalidRequestFilter.setBlockNonAscii(false); //允许地址带分号; invalidRequestFilter.setBlockSemicolon(false); return invalidRequestFilter; } @ConditionalOnMissingBean @Bean("shiroFilter") public ShiroFilterFactoryBean shirFilter(org.apache.shiro.mgt.SecurityManager securityManager, Section section) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); // 必须设置 SecurityManager shiroFilterFactoryBean.setSecurityManager(securityManager); // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面 shiroFilterFactoryBean.setLoginUrl("/login"); // 登录成功后要跳转的链接 shiroFilterFactoryBean.setSuccessUrl("/index"); // 未授权界面; shiroFilterFactoryBean.setUnauthorizedUrl("/403"); // 拦截器. shiroFilterFactoryBean.setFilterChainDefinitionMap(section); Map<String, Filter> filters = new HashMap<>(); // 配置 invalidRequestFilter filters.put("invalidRequest", invalidRequestFilter()); shiroFilterFactoryBean.setFilters(filters); logger.info("Shiro拦截器工厂类注入成功"); return shiroFilterFactoryBean; }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
三、配置https,跳转后变成http
这个问题我试了很久,只有以下方法能解决
1)重写过滤器
2)配置nginx,http请求强制转发到https1、重写过滤器
public class MyFormAuthenticationFilter extends FormAuthenticationFilter { protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if (isLoginRequest(request, response)) { if (isLoginSubmission(request, response)) { return executeLogin(request, response); } else { //allow them to see the login page ;) return true; } } else { saveRequestAndRedirectToLogin(request, response); return false; } } // 配置https,跳转后变成http --start protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException { saveRequest(request); redirectToLogin(request, response); } protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { String loginUrl = getLoginUrl(); WebUtils.issueRedirect(request, response, loginUrl, null, true, false); } // 配置https,跳转后变成http --end }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
2、nginx配置,http请求强制转发到https
proxy_redirect http:// $scheme://;- 1
-
相关阅读:
管道读写特点以及设置成非阻塞
从【臀部监控】到【电脑监控软件】,企业如何在隐私权与管理权博弈中找到平衡
Service详解
基于VR元宇宙技术搭建林业生态模拟仿真教学系统
Spring Cloud Gateway3.x自定义Spring Cloud Loadbalancer负载均衡策略以及实现动态负载均衡策略的方案
牛客网刷题
第二十五章《图书管理系统》第2节:系统功能实现
SQLAlchemy使用教程(以SQLite为例)
vue3+ts实现Tab滚动居中
ArkTS基础知识
- 原文地址:https://blog.csdn.net/wlddhj/article/details/125084837
