看网上说的 只所以出现这个问题是因为在shiro的DefaultWebSessionManager类中,默认Cookie名称是JSESSIONID,这样的话与servlet容器名冲突, 如jetty, tomcat等默认JSESSIONID, 当跳出shiro servlet时如error-page容器会为JSESSIONID重新分配值导致登录会话丢失! 给出的解决方案是,我们只需要自己指定一个与项目运行容器不冲突的sessionID就好了,我按照改了下 ,报JSESSIONID改为shiroSession了,可是把浏览器关闭再次打开后,home页的菜单貌似打不开,也没有发请求出去一样。我试了下直接获取菜单的json,就跳转到了登陆界面,这是什么原因。。 登录页带的是这样的
http://localhost:8080/platform/login;JSESSIONID=2c161972-42e9-47e3-9294-24f1f8ef05f2,这个2c161972-42e9-47e3-9294-24f1f8ef05f2值和我存在cookie的
值是一样的,但是cookie的key是shiroSession 为什么登录页的是JSESSIONID呢,不知道这个和不显示菜单栏有没有关系。
,
问答
nutzwk中shiro报UnkownSessionException错误
标签:
nutzwk
4 回复
后台框架没有大改啊 前台用的是vue+beetl。。。 shiro.ini配置文件如下
jedisAgent = org.nutz.integration.jedis.JedisAgent
cacheManager_ehcache = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager_ehcache.cacheManagerConfigFile=classpath:ehcache.xml
cacheManager_redis = org.nutz.plugins.cache.impl.redis.RedisCacheManager
cacheManager_redis.mode=kv
cacheManager_redis.debug=true
cacheManager = org.nutz.plugins.cache.impl.lcache.LCacheManager
cacheManager.jedisAgent = $jedisAgent
cacheManager.level1 = $cacheManager_ehcache
cacheManager.level2 = $cacheManager_redis
# Session
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionValidationSchedulerEnabled = false
# Session Cache
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionDAO.cacheManager = $cacheManager
sessionDAO.activeSessionsCacheName = shiro-activeSessionCache
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager
# Cookie
sessionIdCookie = org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name = shiroSession
sessionIdCookie.maxAge = -1
sessionIdCookie.httpOnly = true
sessionManager.sessionIdCookie = $sessionIdCookie
sessionManager.sessionIdCookieEnabled = true
sessionManager.globalSessionTimeout = 25200000
rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie
rememberMeCookie.name = rememberMe
rememberMeCookie.maxAge = 604800
rememberMeCookie.httpOnly = true
rememberMeManager = org.apache.shiro.web.mgt.CookieRememberMeManager
rememberMeManager.cookie = $rememberMeCookie
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
sha256Matcher.storedCredentialsHexEncoded = false
sha256Matcher.hashIterations = 1024
sha256Matcher.hashSalted = true
shiroDbRealm = com.kanq.shiro.realm.NutzDaoRealm
shiroDbRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $shiroDbRealm
authcStrategy = com.kanq.shiro.pam.AnySuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.cacheManager = $cacheManager
securityManager.rememberMeManager = $rememberMeManager
就是把org.apache.shiro.web.servlet.SimpleCookie这个
从sessionIdCookie.name =JSESSIONID改成了sessionIdCookie.name = shiroSession,关闭浏览器后不能获取用户的功能按钮了。
过滤器代码是这样的
public class RememberAuthenticationFilter extends FormAuthenticationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (isLoginRequest(request, response)) {
return true;
} else {
Subject subject = getSubject(request, response);
return subject.getPrincipal() != null;
}
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
saveRequestAndRedirectToLogin(request, response);
return false;
}
}
添加回复
请先登陆