shiroカスタムfilterの後、ajaxログインでログインできず、静的リソースが表示されないという問題を解決します.
18956 ワード
この問題は私を一日困らせて、次の2つの文章を見て、豁然として明るいです.
https://www.cnblogs.com/gj1990/p/8057348.html
https://412887952-qq-com.iteye.com/blog/2392741
静的リソースを表示できないという問題を解決するには、次のようにします.
一、springbootブロッカーに静的資源を引き継ぐとともにshiroconfigにnew方式でフィルタを登録する
1、コード一
2、コード2
三、shiro構成でnew方式でfilterを生成する
四、カスタムフィルタ
三、登録を取り消す
以上の手順でshiroカスタムfilterを解決した後、ajaxログインでログインできず、静的リソースを表示できないという問題を解決しました.
https://www.cnblogs.com/gj1990/p/8057348.html
https://412887952-qq-com.iteye.com/blog/2392741
静的リソースを表示できないという問題を解決するには、次のようにします.
一、springbootブロッカーに静的資源を引き継ぐとともにshiroconfigにnew方式でフィルタを登録する
1、コード一
1 import java.util.Arrays;
2
3 import org.slf4j.Logger;
4 import org.slf4j.LoggerFactory;
5 import org.springframework.context.annotation.Configuration;
6 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
7 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
8
9 /**
10 * SpringBoot
11 */
12 @Configuration
13 public class WebMvcConfiguration implements WebMvcConfigurer {
14
15 private final Logger logger = LoggerFactory.getLogger(WebMvcConfiguration.class);
16
17 @Override
18 public void addInterceptors(InterceptorRegistry registry) {
19 registry.addInterceptor(new LoginRequiredInterceptor()).excludePathPatterns(Arrays.asList("/css/**", "/js/**","/img/**","/fonts/**"));
20 }
21 }
2、コード2
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
*
*
*
*/
public class LoginRequiredInterceptor extends HandlerInterceptorAdapter {
private final Logger logger = LoggerFactory.getLogger(LoginRequiredInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
logger.info(request.getRequestURI());
return super.preHandle(request, response, handler);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
logger.info(request.getRequestURI());
super.afterCompletion(request, response, handler, ex);
}
}
三、shiro構成でnew方式でfilterを生成する
filters.put("authc", new ExtendFormAuthenticationFilter());
filterChainDefinitionMap.put("/**", "user,authc");
四、カスタムフィルタ
import com.simon.common.util.R;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
public class ExtendFormAuthenticationFilter extends FormAuthenticationFilter {
private static final Logger log = LoggerFactory.getLogger(FormAuthenticationFilter.class);
/**
* ; true ; false , 。
* onAccessDenied isAccessAllowed , true onAccessDenied ; false, onAccessDenied
* onAccessDenied false, , ( isAccessAllowed onAccessDenied )
* */
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if(this.isLoginRequest(request, response)) {
if(this.isLoginSubmission(request, response)) {
if(log.isTraceEnabled()) {
log.trace("Login submission detected. Attempting to execute login.");
}
return this.executeLogin(request, response);
} else {
if(log.isTraceEnabled()) {
log.trace("Login page view.");
}
return true;
}
} else {
if(log.isTraceEnabled()) {
log.trace("Attempting to access a path which requires authentication. Forwarding to the Authentication url [" + this.getLoginUrl() + "]");
}
this.saveRequestAndRedirectToLogin(request, response);
return false;
}
}
/** * * @param token * @param subject * @param request * @param response * @return * @throws Exception */
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
if (!"XMLHttpRequest".equalsIgnoreCase(httpServletRequest
.getHeader("X-Requested-With"))) {// ajax
issueSuccessRedirect(request, response);
} else {
httpServletResponse.setCharacterEncoding("UTF-8");
PrintWriter out = httpServletResponse.getWriter();
//out.println("{\"success\":true,\"message\":\" \"}");
out.println(R.ok());
out.flush();
out.close();
}
return false;
}
/** * * @param token * @param e * @param request * @param response * @return */
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
if (!"XMLHttpRequest".equalsIgnoreCase(((HttpServletRequest) request)
.getHeader("X-Requested-With"))) {// ajax
setFailureAttribute(request, e);
return true;
}
try {
response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter();
String message = e.getClass().getSimpleName();
if ("IncorrectCredentialsException".equals(message)) {
out.println("{\"success\":false,\"message\":\" \"}");
} else if ("UnknownAccountException".equals(message)) {
out.println("{\"success\":false,\"message\":\" \"}");
} else if ("LockedAccountException".equals(message)) {
out.println("{\"success\":false,\"message\":\" \"}");
} else {
out.println("{\"success\":false,\"message\":\" \"}");
}
out.flush();
out.close();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
return false;
}
}
“ Filter , FilterChain “, :
、 ,
、 shiroconfig FormAuthenticationFilter
@Bean
public ExtendFormAuthenticationFilter getLoginAdviceFilter(){
ExtendFormAuthenticationFilter filter=new ExtendFormAuthenticationFilter();
filter.setRememberMeParam("username");
filter.setPasswordParam("password");
// checkbox name = rememberMe
filter.setRememberMeParam("rememberMe");
filter.setLoginUrl(loginUrl);
return filter;
}
三、登録を取り消す
@Bean
public FilterRegistrationBean registrationBean(ExtendFormAuthenticationFilter customFormAuthenticationFilter){
FilterRegistrationBean registration = new FilterRegistrationBean(customFormAuthenticationFilter);
registration.setEnabled(false);// Filter , FilterChain .
return registration;
}
以上の手順でshiroカスタムfilterを解決した後、ajaxログインでログインできず、静的リソースを表示できないという問題を解決しました.