NutzCN Logo
问答 跨域session读不到问题,请指教我哪儿设置不对!
发布于 2432天前 作者 shuxinyun 2024 次浏览 复制 上一个帖子 下一个帖子
标签: nutzwk

1 redis启动连接正常
2 shiro.ini配置如下

[main]
# cacheManager
;-------------Redis作为shiro二级缓存时注释掉这里---------
;cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
;cacheManager.cacheManagerConfigFile = classpath:ehcache.xml
;-------------Redis作为shiro二级缓存时注释掉这里---------

;-------------Redis作为shiro二级缓存时启用这里---------
jedisAgent = org.nutz.integration.jedis.JedisAgent
cacheManager_ehcache = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager_ehcache.cacheManagerConfigFile=classpath:ehcache.xml
cacheManager_redis = org.nutz.plugins.cache.impl.redis.RedisCacheManager
cacheManager_redis.mode=kv
cacheManager_redis.debug=true
cacheManager = org.nutz.plugins.cache.impl.lcache.LCacheManager
cacheManager.jedisAgent = $jedisAgent
cacheManager.level1 = $cacheManager_ehcache
cacheManager.level2 = $cacheManager_redis
;-------------Redis作为shiro二级缓存时启用这里---------

# Session
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionValidationSchedulerEnabled = false

# Session Cache
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionDAO.cacheManager = $cacheManager
sessionDAO.activeSessionsCacheName = shiro-activeSessionCache
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager

# Cookie
sessionIdCookie = org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name = sid
#sessionIdCookie.domain=wizzer.cn
#sessionIdCookie.path=
sessionIdCookie.maxAge = 946080000
sessionIdCookie.httpOnly = true
sessionManager.sessionIdCookie = $sessionIdCookie
sessionManager.sessionIdCookieEnabled = true
sessionManager.globalSessionTimeout = 3600000

#bak...
#sessionManager=org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#sessionListener1 = cn.wizzer.common.shiro.listener.MySessionListener
#sessionManager.sessionListeners = $sessionListener1
#sessionManager.globalSessionTimeout=50000
#securityManager.sessionManager=$sessionManager

rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie
rememberMeCookie.name = remember
rememberMeCookie.maxAge = 604800
rememberMeCookie.httpOnly = true
rememberMeManager = cn.wizzer.framework.shiro.remember.LightCookieRememberMeManager
rememberMeManager.cookie = $rememberMeCookie

sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
sha256Matcher.storedCredentialsHexEncoded = false
sha256Matcher.hashIterations = 1024
sha256Matcher.hashSalted = true

shiroDbRealm = cn.wizzer.app.web.commons.shiro.realm.PlatformAuthorizingRealm
shiroDbRealm.credentialsMatcher = $sha256Matcher

securityManager.realms = $shiroDbRealm
authcStrategy = cn.wizzer.framework.shiro.pam.AnySuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.cacheManager = $cacheManager
securityManager.rememberMeManager = $rememberMeManager

authc = cn.wizzer.app.web.commons.shiro.filter.PlatformAuthenticationFilter
authc.captchaParam=platformCaptcha
authc.loginUrl = /login
logout.redirectUrl = /login

[urls]
/login/submit = anon
/assets/** = anon
/** = anon
/admin/** = authc

3 我保存session如下:
@At("/publicKey")
@Ok("json")
@Filters({@By(type=CrossOriginFilter.class)})
public Object publicKey(HttpSession session){
NutMap map=new NutMap();
session.setAttribute("platformPrivateKey", currUser.setPublicRSA(map));
Object tt=session.getAttribute("platformPrivateKey");
return map;
}
这里currUser.setPublicRSA(map)是sys_user是系列化的

4 再次请求调用部分在这
protected AuthenticationToken createToken(HttpServletRequest request) {
String username = getUsername(request);
String password = getPassword(request);
String captcha = getCaptcha(request);
boolean rememberMe = isRememberMe(request);
String host = getHost(request);
try {
Object value=request.getSession().getAttribute("platformPrivateKey");
RSAPrivateKey platformPrivateKey = (RSAPrivateKey)value ;
if (platformPrivateKey != null) {
password = RSAUtil.decryptByPrivateKey(password, platformPrivateKey);
}
} catch (Exception e) {
e.printStackTrace();
}
return new CaptchaToken(username, password, rememberMe, host, captcha);
}
上面的value为空,取不到值,不知道为什么,请大拿帮忙看看

后台运行端口为8080,前端请求的网站运行端口为9001!

6 回复

cookie 没带上来 session id 吧

来自炫酷的 NutzCN

@zozoh 如何操作,我这块没有做任何处理!

@zozoh 你这个是把session的值获取再写入,我这个项目如果这样做,安全不允许呀!

能不能读到,取决于cookie能不能发过去

经过各位的指导,按如上方法解决了!

添加回复
请先登陆
回到顶部