前后端分离项目中后台集成shiro需要注意的二三事
2024-10-19 17:41:18
1. 修改 Shiro 认证失败后默认重定向处理问题
a. 继承需要使用的 ShiroFilter,重载 onAccessDenied() 方法:
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Response result = Response.SUCCESS;
result.setCode(EReturnCode.UNAUTHENTICATED.code());
result.setMsg(EReturnCode.UNAUTHENTICATED.message());
Gson gson = new Gson();
String json = gson.toJson(result);
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.getWriter().write(json); return false;
}
b. 在 Shiro 配置类中使用自定义配置:
/*
* 1.定义ShiroFilterFactoryBean
*/
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 2.注册SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 3.配置拦截器
Map<String, Filter> filterMap = new LinkedHashMap();
// 配置user拦截
filterMap.put("user", new ShiroUserFilter());
// 配置authc拦截
filterMap.put("authc", new ShiroAuthenticationFilter());
shiroFilterFactoryBean.setFilters(filterMap);
2. 跨域及 cookie 丢失问题
a. 前端创建 axios 实例时添加配置:
const service = axios.create({
baseURL: process.env.VUE_APP_BASE_BACKGROUND, // url = base url + request url
withCredentials: true, // send cookies when cross-domain requests
crossDomain: true,
timeout: 5000 // request timeout
})
b. 后端配置 CorsFilter 过滤器处理跨域问题,添加如下配置并把过滤器优先级调高:
/**
* 为response设置header,实现跨域
*
* @param servletRequest
* @param servletResponse
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse; // 指定本次预检请求的有效期,单位为秒
response.setHeader("Access-Control-Max-Age", "1800");
// 防止乱码,适用于传输JSON数据
response.setHeader("Content-Type","application/json;charset=UTF-8");
// 跨域的header设置
String method = request.getMethod();
response.setHeader("Access-Control-Allow-Methods", method);
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers")); // 在访问过来的时候检测是否为OPTIONS请求,如果是就直接返回true(解决cookie丢失问题)
if ("OPTIONS".equalsIgnoreCase(method)) {
servletResponse.getOutputStream().write("Success".getBytes("utf-8"));
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
}
参考文章:
https://www.cnblogs.com/chinaifae/p/10189312.html Access-Control-Max-Age 和 OPTION请求
https://blog.csdn.net/madonghyu/article/details/80027387 OPTION导致cookie丢失
https://blog.csdn.net/fifteen718/article/details/81127782 前后端分离传递cookie配置
https://blog.csdn.net/yao_1996/article/details/83510474 前后端分离传递sessionId
https://segmentfault.com/q/1010000019774772 其它问题
最新文章
- UVALive 6908---Electric Bike(DP或记录型深搜)
- selenium 富文本框处理
- [转]net中哈希表的使用 Hashtable
- "org.jboss.netty.internal.LoggerConfigurator".DESCRIBED is already registered 的解决办法
- clojure
- (三)CSS高级语法
- 2014 百度之星题解 1002 - Disk Schedule
- Windows Azure 存储管理器 (2014)
- Mybatis 构造resultMap 搜sql
- HDU 1251 统计拼图 Trie解决问题的方法
- 关于使用mybatis的几点总结
- LeetCode 542. 01 Matrix
- 2. Packet crafting tools (封包工具 6个)
- Python设计模式 - UML - 时序图(Sequence Diagram)
- c复杂函数指针
- Laravel自定义 封装便捷返回Json数据格式引用
- Android 源码编译 指定userdata.img、system.img、cache.img容量大小【转】
- Java之创建对象>3.Enforce the singleton property with a private constructor or an enum type
- Java菜鸟学习笔记(23)--继承篇(二):继承与组合
- 13.solr学习速成之IK分词器