处理含有登录地址第二次没退出登录就404的问题

  • o2_783480
    了解作者
  • 25.7KB
    文件大小
  • rar
    文件格式
  • 0
    收藏次数
  • VIP专享
    资源类型
  • 0
    下载次数
  • 2022-05-27 02:36
    上传日期
NULL 博文链接:https://yuhuiblog695685688425687986842568269.iteye.com/blog/2407258
shrio.rar
  • shrio
  • ShiroSession.java
    2.9KB
  • ehcache-shiro.xml
    571B
  • AuthenticationToken.java
    1.7KB
  • ShiroSessionFactory.java
    1.6KB
  • MyShiroFilterFactory.java
    11.3KB
  • ChainDefinitionSectionMetaSource.java
    9.2KB
  • RoleAuthorizationFilter.java
    4.2KB
  • RedisSessionDao.java
    4.3KB
  • MyAuthenticationFilter.java
    15.7KB
  • RedisClient.java
    3.8KB
  • ShiroDbRealm.java
    12.6KB
  • ShiroSessionListener.java
    1.1KB
  • applicationContext-shiro.xml
    5.8KB
  • ShiroSessionDao.java
    8KB
内容介绍
package com.houbank.incoming.web.shrio; import com.alibaba.fastjson.JSONObject; import com.houbank.incoming.model.domain.FinancialSalesUser; import com.houbank.incoming.web.redis.RedisTemplateDelegate; import com.houbank.incoming.web.util.UserDetailsSessionService; import io.swagger.annotations.ResponseHeader; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.util.WebUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.server.ServletServerHttpResponse; import org.springframework.stereotype.Component; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.Map.Entry; /** * Filter - 权限认证 * 封装需要的token,后期根据需要修改使用 * rcb */ @Component public class MyAuthenticationFilter extends FormAuthenticationFilter { /** 默认"验证ID"参数名称 */ private static final String DEFAULT_CAPTCHA_ID_PARAM = "captchaId"; /** 默认"验证码"参数名称 */ private static final String DEFAULT_CAPTCHA_PARAM = "captcha"; /** "验证ID"参数名称 */ private String captchaIdParam = DEFAULT_CAPTCHA_ID_PARAM; /** "验证码"参数名称 */ private String captchaParam = DEFAULT_CAPTCHA_PARAM; // @Autowired(required=false) // private UserDetailsTXService userDetailsTXService; @Autowired(required=false) private UserDetailsSessionService userDetailsSessionService; @Autowired(required=false) private RedisTemplateDelegate<String, Map<String, Object>> redisService; public RedisTemplateDelegate<String, Map<String, Object>> getRedisService() { return redisService; } public void setRedisService(RedisTemplateDelegate<String, Map<String, Object>> redisService) { this.redisService = redisService; } // public UserDetailsTXService getUserDetailsTXService() { // return userDetailsTXService; // } // // // public void setUserDetailsTXService(UserDetailsTXService userDetailsTXService) { // this.userDetailsTXService = userDetailsTXService; // } public UserDetailsSessionService getUserDetailsSessionService() { return userDetailsSessionService; } public void setUserDetailsSessionService(UserDetailsSessionService userDetailsSessionService) { this.userDetailsSessionService = userDetailsSessionService; } /** * 创建token */ @Override protected org.apache.shiro.authc.AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) { String username = getUsername(servletRequest); String password = getPassword(servletRequest); String captchaId = getCaptchaId(servletRequest); String captcha = getCaptcha(servletRequest); boolean rememberMe = isRememberMe(servletRequest); if(!rememberMe){ rememberMe=true; } String host = getHost(servletRequest); String validateCode = (String)((HttpServletRequest) servletRequest).getSession().getAttribute("validateCode");; return new AuthenticationToken( username, password, captchaId, captcha, validateCode, rememberMe, host) ; } //X-Requested-With请求头用于在服务器端判断request来自Ajax请求还是传统请求 // bool isAjax = null; // String header = request.getHeader("X-Requested-With"); // if(null != header && header.equals("XMLHttpRequest")) // { // isAjax = true; // } // 可以看到header为null则为传统同步请求。若为XMLHttpRequest则为Ajax请求,分情况处理ajax,常规请求的拒绝时情况(没认证通过,没权限) @Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; // String requestType = request.getHeader("X-Requested-With"); String requestType = (request.getHeader("X-Requested-With")==null?request.getHeader("x-requested-with"):null); String contentType = request.getHeader("content-type"); request.getHeaderNames(); if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && (contentType.equalsIgnoreCase("application/json; charset=utf-8")||contentType.equalsIgnoreCase("application/json")))) { response.addHeader("loginStatus", "accessDenied"); response.sendError(HttpServletResponse.SC_FORBIDDEN); response.setCharacterEncoding("UTF-8"); response.setContentType("application/json"); // HttpServletResponse rs=new HttpServletResponse(); // response. // ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs); // responseHeader.getHeaders().add("loginStatus", "accessDenied"); // response.getWriter().write(JSONObject.toJSONString(responseHeader)); // ServletServerHttpResponse.ServletResponseHttpHeaders responseHeader= new ServletServerHttpResponse.ServletResponseHttpHeaders(); // responseHeader. return false; } // if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))) { // // response.addHeader("loginStatus", "accessDenied"); // response.sendError(HttpServletResponse.SC_FORBIDDEN); // response.setCharacterEncoding("UTF-8"); // response.setContentType("application/json"); //// HttpServletResponse rs=new HttpServletResponse(); //// response. //// ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs); //// responseHeader.getHeaders().add("loginStatus", "accessDenied"); //// response.getWriter().write(JSONObject.toJSONString(responseHeader)); // return false; // } String method = request.getMethod(); if("GET".equalsIgnoreCase(method)){ WebUtils.issueRedirect(request, response, "/"); return false; } return super.onAccessDenied(request, response); } //增加登陆成功放入session @Override protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { Session session = subject.getSession(); Map<Object, Object> attributes = new HashMap<Object, Object>(); Collection<Object> keys = session.getAttributeKeys(); for (Object key : keys) { attributes.put(key, session.getAttribute(key)); } // session.stop(); session = subject.getSession(); for (Entry<Object, Object> entry : attributes.entrySet()) { session.setAttribute(entry.getKey(), entry.getValue()); } setLoginSession(servletRequest, servletResponse); WebUtils.redirectToSavedRequest(servletRequest, servletResponse, this.getSuccessUrl()); return false; // return super.onLoginSuccess(token, subject, servletRequest, servletResponse); } public void setLoginSession(ServletRequest servletRequest, ServletResponse servletResponse) { HttpServletRequest request= (HttpServletRequest) servletRequest; HttpServletResponse response=(HttpServletResponse)servletResponse; Subject currentUser = SecurityUtils.getSubject(); FinancialSalesUser agentUser =(FinancialSalesUser)currentUser.getPrincipal(); String localServerIP = (String)request.getSession().getServletContext().getAttribute("localServerIP"); // request.getSession().setAttribute("ACEGI_SECURITY_LAST_USERNAME",agentUs
评论
    相关推荐
    • nodejs http-server开启https的证书
      https证书文件,nodejs http-server开启https的证书,可以直接在本地启动https的协议,方便部署和使用。
    • http https 切换
      http https切换代码,能够实现网站在传输信息的过程中不易遭人盗取
    • Http2Https-crx插件
      将书签中的http转换为https 害怕用https书签替换旧的http书签? 随着许多网站迁移到https,旧的http书签使星标图像为空。 搜索并转换为https! ****************************************************** ***********...
    • levelweb:通过 httphttps 的 LevelDB
      Leveldb 通过httphttps 。 用法 var http = require ( 'http' ) ; var levelweb = require ( 'levelweb' ) ; var db = require ( 'level' ) ( './db' ) ; var opts = { prefix : '/' } ; // // like this... // ...
    • LocomotiveCMS https to http-crx插件
      语言:English 将登录网址从https替换为http以进行开发 此扩展程序供使用机车cms开发应用程序时供个人使用。 为了易于在开发模式下使用,此扩展程序将https登录网址替换为http
    • timed-out:超时HTTPHTTPS请求
      超时HTTP / HTTPS请求 ESOCKETTIMEDOUT ClientRequest时,发出错误code属性等于ETIMEDOUT或ESOCKETTIMEDOUT错误对象。 用法 import http from 'node:http' ; import timedOut from 'timed-out' ; const request = ...
    • http:https的镜像
      框架HTTP
    • https镜像
      scp镜 SCP基金会部分界面https //
    • CookieIsolator:分离 HTTPHTTPS cookie
      松散隔离:HTTP cookie 只能在 HTTP 通道中发送,而 HTTPS cookie 可以在 HTTP(不带安全标志)和 HTTPS 通道中发送。 严格隔离:HTTP cookie 和 HTTPS cookie 只能分别在 HTTPHTTPS 通道中发送。 Ext Secure...
    • https协议
      NULL 博文链接:https://willwen.iteye.com/blog/1988199