NutzCN Logo
问答 Shiro下登录成功后无法访问主页
发布于 281天前 作者 qq_e7d5a486 553 次浏览 复制 上一个帖子 下一个帖子
标签: nutzwk

浏览器和postman中都会提示登录成功,但浏览器还会重定向到登陆页;postman登录后访问主页是没问题的。今天尝试部署前,在idea上这一块一直很正常的,部署后不知道什么原因。谢谢大神,相关代码贴如下
shiro.ini配置


[main] # cacheManager,请确保 ehcache的声明在其他所有realm声明之前 #-------EhCache------# cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager cacheManager.cacheManagerConfigFile = classpath:ehcache.xml #-------Session管理器------# 关闭定时校验机制,持久化环境下会非常耗内存 sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionManager.sessionValidationSchedulerEnabled = false #-------带缓存的SessionDAO------# sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO sessionDAO.cacheManager = $cacheManager sessionDAO.activeSessionsCacheName = shiro-activeSessionCache #-------sessionManager创建会话Cookie的模板------# ######1.name:设置Cookie名字,默认为JSESSIONID; ######2.domain:设置Cookie的域名,默认空,即当前访问的域名; ######3.path:设置Cookie的路径,默认空,即存储在域名根下; ######4.maxAge:设置Cookie的过期时间,秒为单位,默认-1表示关闭浏览器时过期Cookie; ######5.httpOnly:通过程序(JS脚本、Applet等)将无法读取到Cookie信息,这样能有效的防止XSS攻击。 ######6.sessionIdCookie:是否启用/禁用Session Id Cookie,默认是启用的;如果禁用后将不会设置Session Id Cookie,即默认使用了Servlet容器的JSESSIONID,且通过URL重写(URL中的“;JSESSIONID=id”部分)保存Session Id。 sessionIdCookie = org.apache.shiro.web.servlet.SimpleCookie sessionIdCookie.name = sid #sessionIdCookie.domain=wizzer.cn #sessionIdCookie.path= sessionIdCookie.maxAge = 946080000 sessionIdCookie.httpOnly = true sessionManager.sessionIdCookie = $sessionIdCookie sessionManager.sessionIdCookieEnabled = true sessionManager.globalSessionTimeout = 3600000 sessionManager.sessionDAO = $sessionDAO rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie rememberMeCookie.name = remember rememberMeCookie.maxAge = 604800 rememberMeCookie.httpOnly = true rememberMeManager = cn.wizzer.framework.shiro.remember.LightCookieRememberMeManager rememberMeManager.cookie = $rememberMeCookie #-------CredentialsMatcher密码验证器------# ######1.storedCredentialsHexEncoded:是否存储散列后的密码为16进制,需要和生成密码时的一样,默认是base64 ######2.hashIterations:密码迭代次数 sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher sha256Matcher.storedCredentialsHexEncoded = false sha256Matcher.hashIterations = 1024 sha256Matcher.hashSalted = true #-------Realm------# shiroDbRealm = com.yolk.app.web.commons.shiro.realm.SimpleAuthorizingRealm shiroDbRealm.credentialsMatcher = $sha256Matcher authcStrategy = cn.wizzer.framework.shiro.pam.AnySuccessfulStrategy securityManager.realms = $shiroDbRealm securityManager.authenticator.authenticationStrategy = $authcStrategy securityManager.sessionManager = $sessionManager securityManager.cacheManager = $cacheManager securityManager.rememberMeManager = $rememberMeManager #-------authc拦截器------#表示需要身份认证通过后才能访问 ###### authc的默认实现就是FormAuthenticationFilter(可以不用配置),有两个功能,1.访问指定路径时,如果用户未登录,跳转到loginUrl;2.符合预设格式的表单提交到loginUrl时,将有authc拦截器提取请求参数并执行验证 ###### usernameParam=username和passwordParam=password均是表单的默认name,可更改 authc = com.yolk.app.web.commons.shiro.filter.SimpleAuthenticationFilter authc.loginUrl = /yolk/user/ authc.successUrl = /yolk/zdd/ authc.usernameParam=username authc.passwordParam=password ###1、URL目录是基于HttpServletRequest.getContextPath()此目录设置 ###2、URL可使用通配符,**代表任意子目录 ###3、Shiro验证URL时,URL匹配成功便不再继续匹配查找。所以要注意配置文件中的URL顺序,尤其在使用通配符时。 [urls] /yolk/user/ = anon /yolk/user/login = anon /yolk/** = authc /assets/** = anon /** = anon

login.html

            success: function (data, status, xhr) {
                alert(data.msg);
                if (data.code == 0) {
                    window.location.href = "${base!}/yolk/zdd";
                }

            }

UserControl.java

    /**
     * 登入界面
     *
     * @return
     */
    @At("")
    @Ok("re")/*根据返回值决定视图,视图的实现类为:org.nutz.mvc.view.ViewZone*/
    @Filters
    public Object index(HttpServletRequest req, HttpSession session) {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            //已登陆状态
            return "redirect:/yolk/zdd/";
        }
        try {
            //生成一组公钥和私钥,他們共用一组模数,但指数不同
            HashMap<String, Object> map = RSAUtil.getKeys();
            RSAPublicKey publicKey = (RSAPublicKey) map.get("public");
            RSAPrivateKey privateKey = (RSAPrivateKey) map.get("private");
            //公有模数
            String publicKeyModulus = publicKey.getModulus().toString(16);
            //公钥指数
            String publicKeyExponent = publicKey.getPublicExponent().toString(16);
            //前端利用模数和公钥指数进行加密
            req.setAttribute("publicKeyExponent", publicKeyExponent);
            req.setAttribute("publicKeyModulus", publicKeyModulus);
            //保存私钥,用于解密
            session.setAttribute("platformPrivateKey", privateKey);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return "beetl:/user/login.html";

    }

SimpleAuthenticationFilter.java

    /**
     * 根据请求参数中的用户名、密码、rememberMe生成Token
     *
     * @param request
     * @return
     */
    protected AuthenticationToken createToken(HttpServletRequest request ) {
        String username = getUsername(request);
        String password = getPassword(request);
        boolean rememberMe = isRememberMe(request);
        String host = getHost(request);
        try {
            RSAPrivateKey platformPrivateKey = (RSAPrivateKey) request.getSession().getAttribute("platformPrivateKey");
            log1.debug(String.format("username:%s password:%s platformPrivateKey:%s", username, password, platformPrivateKey));
            if (platformPrivateKey != null) {
                password = RSAUtil.decryptByPrivateKey(password, platformPrivateKey);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return new UsernamePasswordToken(username, password, rememberMe, host);
    }

SimpleAuthenticationFilter#createToken中platformPrivateKey也莫名奇妙的为null了

4 回复

createToken调用到了?

看起来像是改东西没改彻底

createToken有调用到,登录这一块是几周前copy的,一直正常使用。今天也没有碰相关代码。而且在postman插件下是没有问题的,登录成功就可以返回主页html

彻底清了一遍缓存,ok了。

添加回复
请先登陆
回到顶部