去掉shiro登录时url里的JSESSIONID
2018-01-30 16:43
603 查看
经过查找论坛和分析源码,确认了是在ShiroHttpServletResponse里加上的。
因此继承ShiroHttpServletResponse类,覆盖相应方法,再重写 ShiroFilterFactoryBean就可以把添加JSESSIONID部分去掉。
重写ShiroHttpServletResponse
Java代码
2.扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。
Java代码
3.在shiro相关配置里替换成自己的MyShiroFilterFactoryBean(嗯,我是shiro和spring组合用的)
因此继承ShiroHttpServletResponse类,覆盖相应方法,再重写 ShiroFilterFactoryBean就可以把添加JSESSIONID部分去掉。
重写ShiroHttpServletResponse
Java代码
public class MyShiroHttpServletResponse extends ShiroHttpServletResponse {
public MyShiroHttpServletResponse(HttpServletResponse wrapped,ServletContext context, ShiroHttpServletRequest request) {
super(wrapped, context, request);
}
@Override
protected String toEncoded(String url, String sessionId) {
if ((url == null) || (sessionId == null))
return (url);
String path = url;
String query = "";
String anchor = "";
int question = url.indexOf('?');
if (question >= 0) {
path = url.substring(0, question);
query = url.substring(question);
}
int pound = path.indexOf('#');
if (pound >= 0) {
anchor = path.substring(pound);
path = path.substring(0, pound);
}
StringBuilder sb = new StringBuilder(path);
//重写toEncoded方法,注释掉这几行代码就不会再生成JESSIONID了。
// if (sb.length() > 0) { // session id param can't be first.
// sb.append(";");
// sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);
// sb.append("=");
// sb.append(sessionId);
// }
sb.append(anchor);
sb.append(query);
return (sb.toString());
}
}2.扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。
Java代码
public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean {
@Override
public Class getObjectType() {
return MySpringShiroFilter.class;
}
@Override
protected AbstractShiroFilter createInstance() throws Exception {
SecurityManager securityManager = getSecurityManager();
if (securityManager == null) {
String msg = "SecurityManager property must be set.";
throw new BeanInitializationException(msg);
}
if (!(securityManager instanceof WebSecurityManager)) {
String msg = "The security manager does not implement the WebSecurityManager interface.";
throw new BeanInitializationException(msg);
}
FilterChainManager manager = createFilterChainManager();
PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
chainResolver.setFilterChainManager(manager);
return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
}
private static final class MySpringShiroFilter extends AbstractShiroFilter {
protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
super();
if (webSecurityManager == null) {
throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
}
setSecurityManager(webSecurityManager);
if (resolver != null) {
setFilterChainResolver(resolver);
}
}
@Override
protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) {
return new MyShiroHttpServletResponse(orig, getServletContext(), request);
}
}
}3.在shiro相关配置里替换成自己的MyShiroFilterFactoryBean(嗯,我是shiro和spring组合用的)
<!-- Shiro的Web过滤器 --> <bean id="shiroFilter" class="com.jsnr.aws.web.shiro.spring.MyShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> ..... </bean>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- Apache Shiro去掉URL中的JSESSIONID
- Java去掉 URL 中的 jsessionid
- 去掉url 后面的jsessionid
- 去掉 URL 中讨厌的 jsessionid
- Spring boot中去掉URL后面的jsessionid
- 去掉shiro登录时url里的JSESSIONID
- Tomcat - Disable JSESSIONID in URL
- Java jsessionid in URL
- java web 登录后更新JSESSIONID
- Java jsessionid in URL
- java web 登录后更新JSESSIONID
- Tomcat - Disable JSESSIONID in URL
- 去掉地址栏中的jsessionid
- Python爬虫获取JSESSIONID登录网站
- url中的jsessionid解释
- shiro-根据JSESSIONID获取用户信息和判断是否登陆