NutzCN Logo
问答 nutzwk中shiro报UnkownSessionException错误
发布于 2276天前 作者 qq_64f81159 1865 次浏览 复制 上一个帖子 下一个帖子
标签: nutzwk

看网上说的 只所以出现这个问题是因为在shiro的DefaultWebSessionManager类中,默认Cookie名称是JSESSIONID,这样的话与servlet容器名冲突, 如jetty, tomcat等默认JSESSIONID, 当跳出shiro servlet时如error-page容器会为JSESSIONID重新分配值导致登录会话丢失! 给出的解决方案是,我们只需要自己指定一个与项目运行容器不冲突的sessionID就好了,我按照改了下 ,报JSESSIONID改为shiroSession了,可是把浏览器关闭再次打开后,home页的菜单貌似打不开,也没有发请求出去一样。我试了下直接获取菜单的json,就跳转到了登陆界面,这是什么原因。。 登录页带的是这样的
http://localhost:8080/platform/login;JSESSIONID=2c161972-42e9-47e3-9294-24f1f8ef05f2,这个2c161972-42e9-47e3-9294-24f1f8ef05f2值和我存在cookie的
值是一样的,但是cookie的key是shiroSession 为什么登录页的是JSESSIONID呢,不知道这个和不显示菜单栏有没有关系。

4 回复

你改过这方面的东西? 源码没这个问题, 都是shiro提供session, 跟容器无关

后台框架没有大改啊 前台用的是vue+beetl。。。 shiro.ini配置文件如下


jedisAgent = org.nutz.integration.jedis.JedisAgent cacheManager_ehcache = org.apache.shiro.cache.ehcache.EhCacheManager cacheManager_ehcache.cacheManagerConfigFile=classpath:ehcache.xml cacheManager_redis = org.nutz.plugins.cache.impl.redis.RedisCacheManager cacheManager_redis.mode=kv cacheManager_redis.debug=true cacheManager = org.nutz.plugins.cache.impl.lcache.LCacheManager cacheManager.jedisAgent = $jedisAgent cacheManager.level1 = $cacheManager_ehcache cacheManager.level2 = $cacheManager_redis # Session sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionManager.sessionValidationSchedulerEnabled = false # Session Cache sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO sessionDAO.cacheManager = $cacheManager sessionDAO.activeSessionsCacheName = shiro-activeSessionCache sessionManager.sessionDAO = $sessionDAO securityManager.sessionManager = $sessionManager # Cookie sessionIdCookie = org.apache.shiro.web.servlet.SimpleCookie sessionIdCookie.name = shiroSession sessionIdCookie.maxAge = -1 sessionIdCookie.httpOnly = true sessionManager.sessionIdCookie = $sessionIdCookie sessionManager.sessionIdCookieEnabled = true sessionManager.globalSessionTimeout = 25200000 rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie rememberMeCookie.name = rememberMe rememberMeCookie.maxAge = 604800 rememberMeCookie.httpOnly = true rememberMeManager = org.apache.shiro.web.mgt.CookieRememberMeManager rememberMeManager.cookie = $rememberMeCookie sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher sha256Matcher.storedCredentialsHexEncoded = false sha256Matcher.hashIterations = 1024 sha256Matcher.hashSalted = true shiroDbRealm = com.kanq.shiro.realm.NutzDaoRealm shiroDbRealm.credentialsMatcher = $sha256Matcher securityManager.realms = $shiroDbRealm authcStrategy = com.kanq.shiro.pam.AnySuccessfulStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy securityManager.cacheManager = $cacheManager securityManager.rememberMeManager = $rememberMeManager

就是把org.apache.shiro.web.servlet.SimpleCookie这个
从sessionIdCookie.name =JSESSIONID改成了sessionIdCookie.name = shiroSession,关闭浏览器后不能获取用户的功能按钮了。

过滤器代码是这样的

public class RememberAuthenticationFilter extends FormAuthenticationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        if (isLoginRequest(request, response)) {
            return true;
        } else {
            Subject subject = getSubject(request, response);
            return subject.getPrincipal() != null;
        }
    }
	@Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        saveRequestAndRedirectToLogin(request, response);
        return false;
    }

}

登出再登录才行吧

添加回复
请先登陆
回到顶部