diff --git a/src/main/java/com/fc/test/common/interceptor/MyWebAppConfigurer.java b/src/main/java/com/fc/test/common/interceptor/MyWebAppConfigurer.java index dcb7de583f2860bfbd9d50949c9f3c8369cdea3b..f2b774719c6c98283438d1f1549ca94ba007de37 100644 --- a/src/main/java/com/fc/test/common/interceptor/MyWebAppConfigurer.java +++ b/src/main/java/com/fc/test/common/interceptor/MyWebAppConfigurer.java @@ -1,5 +1,8 @@ package com.fc.test.common.interceptor; +import com.fc.test.shiro.RemoveUrlJsessionIdFilter; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer; import org.springframework.web.servlet.config.annotation.CorsRegistry; @@ -10,6 +13,8 @@ import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.ViewResolverRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; +import javax.servlet.DispatcherType; + /** * 拦截器 * @ClassName: MyWebAppConfigurer @@ -19,7 +24,23 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupp */ @Configuration public class MyWebAppConfigurer extends WebMvcConfigurationSupport { - + + + + @Bean + FilterRegistrationBean RemoveUrlJsessionIdFilter() { + FilterRegistrationBean filterReg = new FilterRegistrationBean(new RemoveUrlJsessionIdFilter()); + //优先级 + filterReg.setOrder(70); + filterReg.setDispatcherTypes(DispatcherType.REQUEST); + //匹配路径 + + filterReg.addUrlPatterns("/*"); +; + return filterReg; + } + + /** 解决跨域问题 **/ @Override public void addCorsMappings(CorsRegistry registry){ @@ -67,7 +88,9 @@ public class MyWebAppConfigurer extends WebMvcConfigurationSupport { //configurer.enable("stati"); configurer.enable(); } - + + + diff --git a/src/main/java/com/fc/test/shiro/RemoveUrlJsessionIdFilter.java b/src/main/java/com/fc/test/shiro/RemoveUrlJsessionIdFilter.java new file mode 100644 index 0000000000000000000000000000000000000000..54e3f2373124e10ee73b2ec60eb98bc4d6766b8b --- /dev/null +++ b/src/main/java/com/fc/test/shiro/RemoveUrlJsessionIdFilter.java @@ -0,0 +1,72 @@ +package com.fc.test.shiro; + +import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpServletResponseWrapper; +import javax.servlet.http.HttpSession; +import java.io.IOException; + +/** + * @CLASSNAME RemoveUrlJsessionIdFilter + * @Description + * @Auther Jan 橙寂 + * @DATE 2019/9/24 0024 17:33 + */ + +public class RemoveUrlJsessionIdFilter implements Filter { + @Override + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException { + HttpServletRequest httpServletRequest = (HttpServletRequest) request; + HttpServletResponse httpServletResponse = (HttpServletResponse) response; + // skip non-http requests + if (!(request instanceof HttpServletRequest)) { + chain.doFilter(request, response); + return; + } + + //从url中删除jsessionid + // isRequestedSessionIdFromURL():Checks whether the requested session ID came in as part of the request URL. + if (httpServletRequest.isRequestedSessionIdFromURL()) { + HttpSession session = httpServletRequest.getSession(); + if (null != session) { + session.invalidate(); + } + } + // wrap response to remove URL encoding + HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(httpServletResponse) { + @Override + public String encodeRedirectUrl(String url) { + return url; + } + @Override + public String encodeRedirectURL(String url) { + return url; + } + @Override + public String encodeUrl(String url) { + return url; + } + @Override + public String encodeURL(String url) { + return url; + } + }; + // process next request in chain + chain.doFilter(request, wrappedResponse); + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + + } + + + + @Override + public void destroy() { + + } + +} diff --git a/src/main/java/com/fc/test/shiro/config/ShiroConfig.java b/src/main/java/com/fc/test/shiro/config/ShiroConfig.java index 486e4bb570fcc29fb8fdd0190e792e1e6a366a2c..24d1ee61c06e151830498782be994da280beb479 100644 --- a/src/main/java/com/fc/test/shiro/config/ShiroConfig.java +++ b/src/main/java/com/fc/test/shiro/config/ShiroConfig.java @@ -4,8 +4,10 @@ import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.cache.CacheManager; import org.apache.shiro.cache.MemoryConstrainedCacheManager; import org.apache.shiro.mgt.RememberMeManager; +import org.apache.shiro.mgt.SessionsSecurityManager; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.realm.Realm; +import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.CookieRememberMeManager; @@ -50,6 +52,7 @@ public class ShiroConfig { shiroFilterFactoryBean.setFilterChainDefinitionMap(ShiroFilterMapFactory.shiroFilterMap()); shiroFilterFactoryBean.setSecurityManager(securityManager); + return shiroFilterFactoryBean; } @@ -61,11 +64,15 @@ public class ShiroConfig { * @return */ @Bean - public DefaultWebSecurityManager securityManager(Realm shiroRealm,CacheManager cacheManager,RememberMeManager manager) { + public DefaultWebSecurityManager securityManager(Realm shiroRealm, CacheManager cacheManager, RememberMeManager manager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); + + + securityManager.setCacheManager(cacheManager); securityManager.setRememberMeManager(manager);//记住Cookie securityManager.setRealm(shiroRealm); + return securityManager; } @@ -146,4 +153,6 @@ public class ShiroConfig { return new GlobalExceptionResolver(); } + public ShiroConfig() { + } }