去掉shiro登录时url里的JSESSIONID
来源:互联网 发布:买3DS淘宝哪个好 编辑:程序博客网 时间:2024/05/31 13:17
经过查找论坛和分析源码,确认了是在ShiroHttpServletResponse里加上的。
因此继承ShiroHttpServletResponse类,覆盖相应方法,再重写 ShiroFilterFactoryBean就可以把添加JSESSIONID部分去掉。
- 重写ShiroHttpServletResponse
Java代码
public class MyShiroHttpServletResponse extends ShiroHttpServletResponse { public MyShiroHttpServletResponse(HttpServletResponse wrapped,ServletContext context, ShiroHttpServletRequest request) { super(wrapped, context, request); } @Override protected String toEncoded(String url, String sessionId) { if ((url == null) || (sessionId == null)) return (url); String path = url; String query = ""; String anchor = ""; int question = url.indexOf('?'); if (question >= 0) { path = url.substring(0, question); query = url.substring(question); } int pound = path.indexOf('#'); if (pound >= 0) { anchor = path.substring(pound); path = path.substring(0, pound); } StringBuilder sb = new StringBuilder(path); //重写toEncoded方法,注释掉这几行代码就不会再生成JESSIONID了。// if (sb.length() > 0) { // session id param can't be first.// sb.append(";");// sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);// sb.append("=");// sb.append(sessionId);// } sb.append(anchor); sb.append(query); return (sb.toString()); }}
2.扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。
Java代码
public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean { @Override public Class getObjectType() { return MySpringShiroFilter.class; } @Override protected AbstractShiroFilter createInstance() throws Exception { SecurityManager securityManager = getSecurityManager(); if (securityManager == null) { String msg = "SecurityManager property must be set."; throw new BeanInitializationException(msg); } if (!(securityManager instanceof WebSecurityManager)) { String msg = "The security manager does not implement the WebSecurityManager interface."; throw new BeanInitializationException(msg); } FilterChainManager manager = createFilterChainManager(); PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver(); chainResolver.setFilterChainManager(manager); return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver); } private static final class MySpringShiroFilter extends AbstractShiroFilter { protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) { super(); if (webSecurityManager == null) { throw new IllegalArgumentException("WebSecurityManager property cannot be null."); } setSecurityManager(webSecurityManager); if (resolver != null) { setFilterChainResolver(resolver); } } @Override protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) { return new MyShiroHttpServletResponse(orig, getServletContext(), request); } }}
3.在shiro相关配置里替换成自己的MyShiroFilterFactoryBean(嗯,我是shiro和spring组合用的)
<!-- Shiro的Web过滤器 --> <bean id="shiroFilter" class="com.jsnr.aws.web.shiro.spring.MyShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> ..... </bean>
1 0
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- 去掉shiro登录时url里的JSESSIONID
- Apache Shiro去掉URL中的JSESSIONID
- Apache Shiro去掉URL中的JSESSIONID
- 去掉url 后面的jsessionid
- 去掉 URL 中讨厌的 jsessionid
- Java去掉 URL 中的 jsessionid
- shiro重定向时URL中的JSESSIONID问题
- Spring boot中去掉URL后面的jsessionid
- AngularJS去掉的URL里的#号
- AngularJS去掉的URL里的#号
- AngularJS去掉的URL里的#号
- AngularJS去掉的URL里的#号
- php 去掉Url里的 index.php
- thinkphp5 去掉url里的index.php
- 去掉静态文件后面的jsessionid
- 安全框架Shiro获取登录前的URI URL
- Java反射(四)----- 获取成员变量和构造函数信息
- [zz]澄清P问题、NP问题、NPC问题的概念
- 2016腾讯实习生在线笔试题:把单词反转
- Python之datetime总结
- curl_init()函数用法
- 去掉shiro登录时url里的JSESSIONID
- Memcached 小探
- 深入理解 KVC\KVO 实现机制 — KVO
- Install and Configure Skype For Business 2015 Edge Server
- Zabbix-3.0环境搭建指南
- 单例模式(Singleton)
- unity获取摄像头
- 调用微信分享
- 写给刚毕业的自己