去掉shiro登录时url里的JSESSIONID

来源：互联网发布：cordic算法看哪本书编辑：程序博客网时间：2024/05/20 13:05

转载自：去掉shiro登录时url里的JSESSIONID

shiro教程推荐：http://jinnianshilongnian.iteye.com/blog/2018398

经过查找论坛和分析源码，确认了是在ShiroHttpServletResponse里加上的。

因此继承ShiroHttpServletResponse类，覆盖相应方法，再重写 ShiroFilterFactoryBean就可以把添加JSESSIONID部分去掉。

重写ShiroHttpServletResponse
Java代码

public class MyShiroHttpServletResponse extends ShiroHttpServletResponse {    public MyShiroHttpServletResponse(HttpServletResponse wrapped,ServletContext context, ShiroHttpServletRequest request) {        super(wrapped, context, request);    }      @Override    protected String toEncoded(String url, String sessionId) {        if ((url == null) || (sessionId == null))            return (url);        String path = url;        String query = "";        String anchor = "";        int question = url.indexOf('?');        if (question >= 0) {            path = url.substring(0, question);            query = url.substring(question);        }        int pound = path.indexOf('#');        if (pound >= 0) {            anchor = path.substring(pound);            path = path.substring(0, pound);        }        StringBuilder sb = new StringBuilder(path);        //重写toEncoded方法，注释掉这几行代码就不会再生成JESSIONID了。//        if (sb.length() > 0) { // session id param can't be first.//            sb.append(";");//            sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);//            sb.append("=");//            sb.append(sessionId);//        }        sb.append(anchor);        sb.append(query);        return (sb.toString());    }}1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

2.扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。

Java代码

public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean {     @Override        public Class getObjectType() {          return MySpringShiroFilter.class;        }     @Override    protected AbstractShiroFilter createInstance() throws Exception {        SecurityManager securityManager = getSecurityManager();        if (securityManager == null) {            String msg = "SecurityManager property must be set.";            throw new BeanInitializationException(msg);        }        if (!(securityManager instanceof WebSecurityManager)) {            String msg = "The security manager does not implement the WebSecurityManager interface.";            throw new BeanInitializationException(msg);        }        FilterChainManager manager = createFilterChainManager();        PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();        chainResolver.setFilterChainManager(manager);        return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver);    }    //主要需要重写MySpringShiroFilter 里面wrapServletResponse方法，返回自定义Response    private static final class MySpringShiroFilter extends AbstractShiroFilter {          protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {            super();            if (webSecurityManager == null) {              throw new IllegalArgumentException("WebSecurityManager property cannot be null.");            }            setSecurityManager(webSecurityManager);            if (resolver != null) {              setFilterChainResolver(resolver);            }          }          @Override          protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) {            return new MyShiroHttpServletResponse(orig, getServletContext(), request);          }      }}1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

3.在shiro相关配置里替换成自己的MyShiroFilterFactoryBean（嗯，我是shiro和spring组合用的)

    <!-- Shiro的Web过滤器 -->    <bean id="shiroFilter" class="com.jsnr.aws.web.shiro.spring.MyShiroFilterFactoryBean">        <property name="securityManager" ref="securityManager"/>        <property name="loginUrl" value="/login.jsp"/>         <property name="unauthorizedUrl" value="/unauthorized.jsp"/> .....   </bean>

如果你的shiro版本在1.3.2版本以上这个BUG已经解决只需要在配置文件如下配置中添加红色部分

<!-- 会话管理器 --><bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"><property name="sessionIdUrlRewritingEnabled" value="false" /><!-- 验证会话时会话的过期时间(毫秒) --><property name="globalSessionTimeout" value="3600000" /><property name="sessionFactory" ref="sessionFactory" /><property name="sessionValidationScheduler" ref="redisValidationScheduler" /><property name="sessionDAO" ref="sessionDAO" /><property name="sessionIdCookie" ref="sessionIdCookie" /><property name="sessionListeners"><list><ref bean="redisSessionListener" /></list></property></bean>

阅读全文

0 0