有時候我們會有這樣的需求,系統對外提供接口。同時在別的系統登陸之后,不需要再登陸我們的系統,便可以訪問我們的系統數據
1.問題
為什么我們登陸系統之后,訪問其他也頁面(需要權限)都不需要再次登陸。
2.答案
因為客戶端(瀏覽器)在請求頭中設置Cookie="JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxxx",默認情況下,shiro給客戶端設置的cookie就是這個,其實就是sessionId。
3.解決如何對外提供接口及其權限問題
3.1 登陸接口,主要思路就是登陸,然后獲取sessionId(返回參數),同時同緩存將sessionId綁定用戶名(需要獲取數據的時候將sessionId傳回來,從而知道身份)
/** * */ @GetMapping("/memberLogin") @ResponseBody public Map<String, String> memberLogin(String username, String password, HttpServletRequest request) { Map<String, String> result = new HashMap<String, String>(); SecurityUtils.getSubject().login(new UserAuthenticationToken(Member.class, username, password, false, request.getRemoteAddr())); String sessonId = request.getSession().getId(); try { JedisClient.getInstance().add(sessonId, username + "," + password); } catch (Exception e) { e.printStackTrace(); } result.put("code", "200"); result.put("data", "JSESSIONID=" + sessonId); result.put("message", "登陸成功"); return result; }
3.2通過cookie設置,可以直接訪問用戶信息的數據,而不用登陸
import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.net.HttpURLConnection; import java.net.URL; import java.util.HashMap; import java.util.Map; import okhttp3.OkHttpClient; public class HttpRequestUtil { /** * 定義全局OkHttpClient對象 */ private static final OkHttpClient httpClient = new OkHttpClient(); public static String sendPost(String url, Map<String, String> params) { OutputStreamWriter out = null; BufferedReader in = null; StringBuilder result = new StringBuilder(); try { URL realUrl = new URL(url); HttpURLConnection conn =(HttpURLConnection) realUrl.openConnection(); // 發送POST請求必須設置如下兩行 conn.setDoOutput(true); conn.setDoInput(true); // POST方法 conn.setRequestMethod("POST"); // 設置通用的請求屬性 conn.setRequestProperty("accept", "*/*"); conn.setRequestProperty("connection", "Keep-Alive"); conn.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)"); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); conn.setRequestProperty("Cookie", "JSESSIONID=45450E3F796272D93D406411BEA6CF9C"); conn.connect(); // 獲取URLConnection對象對應的輸出流 out = new OutputStreamWriter(conn.getOutputStream(), "UTF-8"); // 發送請求參數 if (params != null) { StringBuilder param = new StringBuilder(); for (Map.Entry<String, String> entry : params.entrySet()) { if(param.length()>0){ param.append("&"); } param.append(entry.getKey()); param.append("="); param.append(entry.getValue()); //System.out.println(entry.getKey()+":"+entry.getValue()); } //System.out.println("param:"+param.toString()); out.write(param.toString()); } // flush輸出流的緩沖 out.flush(); // 定義BufferedReader輸入流來讀取URL的響應 in = new BufferedReader( new InputStreamReader(conn.getInputStream(), "UTF-8")); String line; while ((line = in.readLine()) != null) { result.append(line); } } catch (Exception e) { e.printStackTrace(); } //使用finally塊來關閉輸出流、輸入流 finally{ try{ if(out!=null){ out.close(); } if(in!=null){ in.close(); } } catch(IOException ex){ ex.printStackTrace(); } } return result.toString(); } public static void main(String[] args) { String url="http://localhost:8080/ddzq/member/index";
// Map<String,String> params = new HashMap<String,String>();
// params.put("username", "tsd333344399");
// params.put("password", "15547514");
// params.put("registerVisitCode", "888");
// params.put("mobile", "18254555231");
//String sendPost = sendPost(url, params);
String sendPost = sendPost(url, null); System.out.println("result:"+sendPost); } }