shiro登陆后,去掉URL中的jsessionId
今天搭建了spring+shiro的一个系统,在成功登录后,跳转的URL中,始终有jsessionId。网上查资料,怎么去掉。
主要执行以下步骤:
1、重写ShiroHttpServletResponse
public class MyShiroHttpServletResponse extends ShiroHttpServletResponse
{
public MyShiroHttpServletResponse(HttpServletResponse wrapped,ServletContext context, ShiroHttpServletRequest request) {
super(wrapped, context, request);
}
@Override
protected String toEncoded(String url, String sessionId) {
if ((url == null) || (sessionId == null))
return (url);
String path = url;
String query = "";
String anchor = "";
int question = url.indexOf('?');
if (question >= 0) {
path = url.substring(0, question);
query = url.substring(question);
}
int pound = path.indexOf('#');
if (pound >= 0) {
anchor = path.substring(pound);
path = path.substring(0, pound);
}
StringBuilder sb = new StringBuilder(path);
//重写toEncoded方法,注释掉这几行代码就不会再生成JESSIONID了。
// if (sb.length() > 0) { // session id param can't be first.
// sb.append(";");
// sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);
// sb.append("=");
// sb.append(sessionId);
// }
sb.append(anchor);
sb.append(query);
return (sb.toString());
}
}2、重写ShiroFilterFactoryBean
public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean
{
@Override
public Class getObjectType()
{
return MySpringShiroFilter.class;
}
@Override
protected AbstractShiroFilter createInstance() throws Exception
{
org.apache.shiro.web.mgt.DefaultWebSecurityManager securityManager = (org.apache.shiro.web.mgt.DefaultWebSecurityManager) getSecurityManager();
if (securityManager == null)
{
String msg = "SecurityManager property must be set.";
throw new BeanInitializationException(msg);
}
if (!(securityManager instanceof WebSecurityManager))
{
String msg = "The security manager does not implement the WebSecurityManager interface.";
throw new BeanInitializationException(msg);
}
FilterChainManager manager = createFilterChainManager();
PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
chainResolver.setFilterChainManager(manager);
return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
}
private static final class MySpringShiroFilter extends AbstractShiroFilter
{
protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver)
{
super();
if (webSecurityManager == null)
{
throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
}
setSecurityManager(webSecurityManager);
if (resolver != null)
{
setFilterChainResolver(resolver);
}
}
@Override
protected ServletResponse wrapServletResponse(HttpServletResponse orig,
ShiroHttpServletRequest request)
{
return new MyShiroHttpServletResponse(orig, getServletContext(), request);
}
}
}3、修改shiro.xml配置文件
<bean id="shiroFilter" class="com.fritt.core.shiro.MyShiroFilterFactoryBean"> <!-- Shiro的核心安全接口,这个属性是必须的 --> <property name="securityManager" ref="securityManager"></property> <!-- 要求登录时的链接(登录页面地址) --> <property name="loginUrl" value="/login"></property> <!-- 登录成功后要跳转的连接--> <property name="successUrl" value="/" ></property> <!-- 用户访问未对其授权的资源时,所显示的连接 --> <property name="filters">
然后,就解决了jsessionId的问题
相关推荐
杜鲁门 2020-11-05
luckyxl0 2020-08-16
Dullonjiang 2020-08-09
xclxcl 2020-08-03
zmzmmf 2020-08-03
MicroBoy 2020-08-02
ganjing 2020-08-02
likesyour 2020-08-01
zmzmmf 2020-07-09
MicroBoy 2020-07-05
zzhao 2020-06-26
子云 2020-06-18
visionzheng 2020-06-07
neweastsun 2020-06-04
ErixHao 2020-06-03
GDreams0 2020-06-01
ganjing 2020-05-29
zmzmmf 2020-05-28
nullcy 2020-05-26