shiroカスタムfilterの後、ajaxログインでログインできず、静的リソースが表示されないという問題を解決します.

18956 ワード

この問題は私を一日困らせて、次の2つの文章を見て、豁然として明るいです.
https://www.cnblogs.com/gj1990/p/8057348.html
https://412887952-qq-com.iteye.com/blog/2392741
静的リソースを表示できないという問題を解決するには、次のようにします.
一、springbootブロッカーに静的資源を引き継ぐとともにshiroconfigにnew方式でフィルタを登録する
1、コード一
 1 import java.util.Arrays;
 2 
 3 import org.slf4j.Logger;
 4 import org.slf4j.LoggerFactory;
 5 import org.springframework.context.annotation.Configuration;
 6 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 7 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 8 
 9 /**
10  * SpringBoot   
11  */
12 @Configuration
13 public class WebMvcConfiguration implements WebMvcConfigurer {
14 
15     private final Logger logger = LoggerFactory.getLogger(WebMvcConfiguration.class);
16 
17     @Override
18     public void addInterceptors(InterceptorRegistry registry) {
19         registry.addInterceptor(new LoginRequiredInterceptor()).excludePathPatterns(Arrays.asList("/css/**", "/js/**","/img/**","/fonts/**"));
20     }
21 }

2、コード2
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/**
 *      
 *
 *
 */
public class LoginRequiredInterceptor extends HandlerInterceptorAdapter {

    private final Logger logger = LoggerFactory.getLogger(LoginRequiredInterceptor.class);

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        logger.info(request.getRequestURI());
        return super.preHandle(request, response, handler);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
            throws Exception {
        logger.info(request.getRequestURI());
        super.afterCompletion(request, response, handler, ex);
    }
}

三、shiro構成でnew方式でfilterを生成する
filters.put("authc", new ExtendFormAuthenticationFilter());
filterChainDefinitionMap.put("/**", "user,authc");

四、カスタムフィルタ
import com.simon.common.util.R;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

public class ExtendFormAuthenticationFilter extends FormAuthenticationFilter {

    private static final Logger log = LoggerFactory.getLogger(FormAuthenticationFilter.class);

    /**
     *                ;    true        ;    false             ,       。
     * onAccessDenied       isAccessAllowed  ,    true onAccessDenied    ;    false,  onAccessDenied
     *   onAccessDenied   false,     ,         (  isAccessAllowed onAccessDenied    )
     * */

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {

        if(this.isLoginRequest(request, response)) {
            if(this.isLoginSubmission(request, response)) {
                if(log.isTraceEnabled()) {
                    log.trace("Login submission detected. Attempting to execute login.");
                }

                return this.executeLogin(request, response);
            } else {
                if(log.isTraceEnabled()) {
                    log.trace("Login page view.");
                }

                return true;
            }
        } else {
            if(log.isTraceEnabled()) {
                log.trace("Attempting to access a path which requires authentication. Forwarding to the Authentication url [" + this.getLoginUrl() + "]");
            }

            this.saveRequestAndRedirectToLogin(request, response);
            return false;
        }
    }

    /** *       * @param token * @param subject * @param request * @param response * @return * @throws Exception */
    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        if (!"XMLHttpRequest".equalsIgnoreCase(httpServletRequest
                .getHeader("X-Requested-With"))) {//   ajax  
            issueSuccessRedirect(request, response);
        } else {
            httpServletResponse.setCharacterEncoding("UTF-8");
            PrintWriter out = httpServletResponse.getWriter();

            //out.println("{\"success\":true,\"message\":\"    \"}");
            out.println(R.ok());
            out.flush();
            out.close();
        }
        return false;
    }

    /** *       * @param token * @param e * @param request * @param response * @return */
    @Override
    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
        if (!"XMLHttpRequest".equalsIgnoreCase(((HttpServletRequest) request)
                .getHeader("X-Requested-With"))) {//   ajax  
            setFailureAttribute(request, e);
            return true;
        }
        try {
            response.setCharacterEncoding("UTF-8");
            PrintWriter out = response.getWriter();
            String message = e.getClass().getSimpleName();
            if ("IncorrectCredentialsException".equals(message)) {
                out.println("{\"success\":false,\"message\":\"    \"}");
            } else if ("UnknownAccountException".equals(message)) {
                out.println("{\"success\":false,\"message\":\"     \"}");
            } else if ("LockedAccountException".equals(message)) {
                out.println("{\"success\":false,\"message\":\"     \"}");
            } else {
                out.println("{\"success\":false,\"message\":\"    \"}");
            }
            out.flush();
            out.close();
        } catch (IOException e1) {
            // TODO Auto-generated catch block
            e1.printStackTrace();
        }
        return false;
    }
}

“ Filter , FilterChain “, :
、 ,
、 shiroconfig
FormAuthenticationFilter
    @Bean
    public ExtendFormAuthenticationFilter getLoginAdviceFilter(){
        ExtendFormAuthenticationFilter filter=new ExtendFormAuthenticationFilter();
        filter.setRememberMeParam("username");
        filter.setPasswordParam("password");
        //     checkbox name = rememberMe
        filter.setRememberMeParam("rememberMe");
        filter.setLoginUrl(loginUrl);
        return filter;
    }

三、登録を取り消す
    @Bean
    public FilterRegistrationBean registrationBean(ExtendFormAuthenticationFilter customFormAuthenticationFilter){
        FilterRegistrationBean registration = new FilterRegistrationBean(customFormAuthenticationFilter);
        registration.setEnabled(false);//      Filter    ,     FilterChain .
        return registration;
    }

以上の手順でshiroカスタムfilterを解決した後、ajaxログインでログインできず、静的リソースを表示できないという問題を解決しました.