碼上快樂

相關內容    簡體    繁體

shiro 未認證登錄統一處理以及碰到的問題記錄

本文轉載自   查看原文   2020-03-11 21:54   837    java

1.shiro 權限未認證,會通過統一的 unauthorized 方法進行攔截,但是自己加了后 ,在自己本地沒問題,和h5聯調,一直出現跨域的問題。這個問題困擾了我半天,上網后發現好多處理方式。 自己用了這篇文章的可以了。

https://blog.csdn.net/u010042669/article/details/93308046
 copy下自己的代碼以及遇到的問題
1)添加shiro過濾器
package com.sq.transportmanage.gateway.api.web.filter;

import org.apache.http.HttpStatus;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @Author fanht
 * @Description 解決shiro 未認證后cors 跨域同源問題
 * @Date 2020/3/11 下午7:12
 * @Version 1.0
 */
@Component
public class CORSFilter extends BasicHttpAuthenticationFilter{

    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        res.setHeader("Access-control-Allow-Origin",req.getHeader("Origin"));
        res.setHeader("Access-Control-Allow-Methods","GET,POST,OPTIONS,PUT,DELETE");
        // 響應首部 Access-Control-Allow-Headers 用於 preflight request (預檢請求)中,列出了將會在正式請求的 Access-Control-Expose-Headers 字段中出現的首部信息。修改為請求首部
        res.setHeader("Access-Control-Allow-Headers",req.getHeader("Access-Control-Request-Headers"));
        //給option請求直接返回正常狀態
        if(req.getMethod().equals(RequestMethod.OPTIONS.name())){
            res.setStatus(HttpStatus.SC_OK);
            return false;
        }
        return super.preHandle(request, response);
    }
}

2.添加后又遇到第二個問題,當請求后 沒有認證的情況下,默認的地址是http。網上說的原因是 redirect請求后 header里面的信息清空了,當再次訪問時候就出現跨域問題了。 嗯,然后參考了下這篇文章

https://blog.csdn.net/liqi_q/article/details/99681873 解決了

 

附上自己代碼

 

package com.sq.transportmanage.gateway.api.web.filter;

import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @Author fanht
 * @Description 解決shiro跳轉地址  http變更為https
 * @Date 2020/3/11 下午8:34
 * @Version 1.0
 */
@Component
public class AbsoluteSendRedirectFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        HttpTransWrapper transWrapper = new HttpTransWrapper(request,response);
        filterChain.doFilter(request,transWrapper);
    }
}
package com.sq.transportmanage.gateway.api.web.filter;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;

/**
 * @Author fanht
 * @Description  http重寫為https
 * @Date 2020/3/11 下午8:22
 * @Version 1.0
 */
@Component
public class HttpTransWrapper extends HttpServletResponseWrapper{


    private Logger logger = LoggerFactory.getLogger(this.getClass());
    private final HttpServletRequest request;

     /**
     * Constructs a response adaptor wrapping the given response.
     *
     * @param response The response to be wrapped
     * @throws IllegalArgumentException if the response is null
     */
    public HttpTransWrapper(final HttpServletRequest req, HttpServletResponse response) {
        super(response);
        this.request = req;
    }

    @Override
    public void sendRedirect(String location) throws IOException {
        if(StringUtils.isEmpty(location)){
            super.sendRedirect(location);
            return;
        }

        try {
            final URI uri = new URI(location);
            if(uri.getScheme() != null){
                super.sendRedirect(location);
                return;
            }
        } catch (URISyntaxException e) {
            logger.error("=======跳轉異常========" + e);
            super.sendRedirect(location);
        }

        String finalUrl = "https://" + this.request.getServerName();
        if(request.getServerPort() != 80 && request.getServerPort() != 443 ){
            finalUrl += ":" + request.getServerPort();
        }
        finalUrl += location;
if(finalUrl.indexOf("localhost") > 0){
    //todo 如果是本地測試 仍然用http的 
    super.sendRedirect(location);
}else{
super.sendRedirect(finalUrl);
}
}
}

當然這樣子配置后會出現本地啟動時候,登錄不進來的情況。。。看情況怎么處理下比較合適吧。一般uri里面本機的話有localhost,加個localhost的過濾就行了。。。 如果是localhost 仍然是http...


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 aop 日志統一處理 springboot返回結果統一處理 @ExceptionHandler異常統一處理 springboot集成shiro 前后端分離 統一處理shiro異常 WebApi接口消息中請求、反饋、日志記錄的統一處理 【校驗處理】二、SpringBoot Validate 統一處理 promise解決多個異步回調函數的返回值需要統一處理的問題 form 表單提交、后台的統一處理 @RestController 時間格式化統一處理 @ControllerAdvice 攔截異常並統一處理
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM