shiro与app利用token进行交互的解决方案

shiro在收到请求时会默认读取cookie里的数据来判别客户端的身份，然而我的项目没有用cookie，服务器也不处理cookie信息，我们看看shiro读取cookie的代码：

//SimpleCookie类的readValue方法public String readValue(HttpServletRequest request, HttpServletResponse ignored) {        String name = getName();        String value = null;        javax.servlet.http.Cookie cookie = getCookie(request, name);        if (cookie != null) {            // Validate that the cookie is used at the correct place.            String path = StringUtils.clean(getPath());            if (path != null && !pathMatches(path, request.getRequestURI())) {                log.warn("Found '{}' cookie at path '{}', but should be only used for '{}'", new Object[] { name, request.getRequestURI(), path});            } else {                value = cookie.getValue();                log.debug("Found '{}' cookie value [{}]", name, value);            }        } else {            log.trace("No '{}' cookie value", name);        }        return value;    }

知道了问题的根源就好办了，我给SimpleCookie建个子类，并重写readValue方法：

@Override    public String readValue(HttpServletRequest request, HttpServletResponse ignored) {        String token = request.getParameter("tokenContent");        return token;        // return super.readValue(request, ignored);    }

然后对SimpleCookie的子类做下配置：

    <!-- sessionManager -->    <bean id="sessionManager"        class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">        <property name="sessionDAO" ref="redisSessionDAO" />        <property name="globalSessionTimeout" value="604800000" />        <!-- 会话Cookie -->        <property name="sessionIdCookie" ref="sessionIdCookie" />    </bean>    <!-- 自定义会话Cookie -->    <bean id="sessionIdCookie" class="com.cookie.MySimpleCookie">        <property name="httpOnly" value="true" />        <!--cookie的有效时间 -->        <property name="maxAge" value="604800" />           </bean>

使了一个偷梁换柱的手段，问题解决！不过当提交的表单是类型是multipart/form-data时会获取不了token，解决方法下次再写。