去掉shiro登录时url里的JSESSIONID
2018-01-30 16:43
447 查看
经过查找论坛和分析源码,确认了是在ShiroHttpServletResponse里加上的。
因此继承ShiroHttpServletResponse类,覆盖相应方法,再重写 ShiroFilterFactoryBean就可以把添加JSESSIONID部分去掉。
重写ShiroHttpServletResponse
Java代码
2.扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。
Java代码
3.在shiro相关配置里替换成自己的MyShiroFilterFactoryBean(嗯,我是shiro和spring组合用的)
因此继承ShiroHttpServletResponse类,覆盖相应方法,再重写 ShiroFilterFactoryBean就可以把添加JSESSIONID部分去掉。
重写ShiroHttpServletResponse
Java代码
public class MyShiroHttpServletResponse extends ShiroHttpServletResponse { public MyShiroHttpServletResponse(HttpServletResponse wrapped,ServletContext context, ShiroHttpServletRequest request) { super(wrapped, context, request); } @Override protected String toEncoded(String url, String sessionId) { if ((url == null) || (sessionId == null)) return (url); String path = url; String query = ""; String anchor = ""; int question = url.indexOf('?'); if (question >= 0) { path = url.substring(0, question); query = url.substring(question); } int pound = path.indexOf('#'); if (pound >= 0) { anchor = path.substring(pound); path = path.substring(0, pound); } StringBuilder sb = new StringBuilder(path); //重写toEncoded方法,注释掉这几行代码就不会再生成JESSIONID了。 // if (sb.length() > 0) { // session id param can't be first. // sb.append(";"); // sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME); // sb.append("="); // sb.append(sessionId); // } sb.append(anchor); sb.append(query); return (sb.toString()); } }
2.扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。
Java代码
public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean { @Override public Class getObjectType() { return MySpringShiroFilter.class; } @Override protected AbstractShiroFilter createInstance() throws Exception { SecurityManager securityManager = getSecurityManager(); if (securityManager == null) { String msg = "SecurityManager property must be set."; throw new BeanInitializationException(msg); } if (!(securityManager instanceof WebSecurityManager)) { String msg = "The security manager does not implement the WebSecurityManager interface."; throw new BeanInitializationException(msg); } FilterChainManager manager = createFilterChainManager(); PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver(); chainResolver.setFilterChainManager(manager); return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver); } private static final class MySpringShiroFilter extends AbstractShiroFilter { protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) { super(); if (webSecurityManager == null) { throw new IllegalArgumentException("WebSecurityManager property cannot be null."); } setSecurityManager(webSecurityManager); if (resolver != null) { setFilterChainResolver(resolver); } } @Override protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) { return new MyShiroHttpServletResponse(orig, getServletContext(), request); } } }
3.在shiro相关配置里替换成自己的MyShiroFilterFactoryBean(嗯,我是shiro和spring组合用的)
<!-- Shiro的Web过滤器 --> <bean id="shiroFilter" class="com.jsnr.aws.web.shiro.spring.MyShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> ..... </bean>
相关文章推荐
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- Apache Shiro去掉URL中的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- 去掉url 后面的jsessionid
- Java去掉 URL 中的 jsessionid
- 去掉 URL 中讨厌的 jsessionid
- Spring boot中去掉URL后面的jsessionid
- struts2中s:url标签附加jsessionid导致页无法访问
- 禁用JavaWeb应用中URL上包含的jsessionid
- 从URL中移除JSESSIONID
- Spring boot + shiro 跨域配置(解决jsessionid丢失问题)
- url中的jsessionid解释
- URL与资源(之Url地址栏中的jsessionId有分号)《包括相对路径和绝对路径的根本分析》
- 基于JsessionId的会话跟踪登录设计与实现
- url中的jsessionid解释
- shiro实现url级别的权限控制(用户登录)配置文件分析
- Apache Shiro去掉URL中的JSESSIONID