rt,但是我不关电脑,第二天再访问就会要求登陆 ,这是因为什么?记住我也并没有用,配置文件如下,访问/platform/home的时候貌似并没有经过rememberAuthFilter,这是为啥,我就像做一个记住7天的功能。。
rememberAuthFilter = com.xxx.shiro.filter.RememberAuthenticationFilter
rememberAuthFilter.loginUrl = /platform/login
logout.redirectUrl = /platform/login
[urls]
/platform/doLogin = anon
/platform/login/captcha = anon
/platform/login/logout = anon
/assets/** = anon
/** = anon
/platform/** = rememberAuthFilter
@At("")
@Ok("beetl:/home.html")
@RequiresAuthentication
public void home(HttpServletRequest req) {
System.out.println("============");
}
到home的方法 @RequiresAuthentication也有。
配置文件如下,没看到session设置过期时间捏
[main]
jedisAgent = org.nutz.integration.jedis.JedisAgent
cacheManager_ehcache = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager_ehcache.cacheManagerConfigFile=classpath:ehcache.xml
cacheManager_redis = org.nutz.plugins.cache.impl.redis.RedisCacheManager
cacheManager_redis.mode=kv
cacheManager_redis.debug=true
cacheManager = org.nutz.plugins.cache.impl.lcache.LCacheManager
cacheManager.jedisAgent = $jedisAgent
cacheManager.level1 = $cacheManager_ehcache
cacheManager.level2 = $cacheManager_redis
# Session
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionValidationSchedulerEnabled = true
# Session Cache
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionDAO.cacheManager = $cacheManager
sessionDAO.activeSessionsCacheName = shiro-activeSessionCache
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager
# Cookie
sessionIdCookie = org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name = sid
sessionIdCookie.maxAge = 604800
sessionIdCookie.httpOnly = true
sessionManager.sessionIdCookie = $sessionIdCookie
sessionManager.sessionIdCookieEnabled = true
sessionManager.globalSessionTimeout = 3600000
rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie
rememberMeCookie.name = remember
rememberMeCookie.maxAge = 604800
rememberMeCookie.httpOnly = true
rememberMeManager = org.apache.shiro.web.mgt.CookieRememberMeManager
rememberMeManager.cookie = $rememberMeCookie
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
sha256Matcher.storedCredentialsHexEncoded = false
sha256Matcher.hashIterations = 1024
sha256Matcher.hashSalted = true
shiroDbRealm = com.xxx.shiro.realm.NutzDaoRealm
shiroDbRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $shiroDbRealm
authcStrategy = com.xxx
.shiro.pam.AnySuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.cacheManager = $cacheManager
securityManager.rememberMeManager = $rememberMeManager
rememberAuthFilter = com.xxx.shiro.filter.RememberAuthenticationFilter
rememberAuthFilter.loginUrl = /platform/login
logout.redirectUrl = /platform/login
[urls]
/platform/doLogin = anon
/platform/login/captcha = anon
/platform/login/logout = anon
/assets/** = anon
/** = anon
/platform/** = rememberAuthFilter
rememberAuthFilter = com.xxx.shiro.filter.RememberAuthenticationFilter
rememberAuthFilter.loginUrl = /platform/login
logout.redirectUrl = /platform/login
[urls]
/platform/doLogin = anon
/platform/login/captcha = anon
/platform/login/logout = anon
/assets/** = anon
/** = anon
/platform/** = rememberAuthFilter
我设置了filter 但是访问/platform/home却没有经过这个filter.
public class RememberAuthenticationFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request,
ServletResponse response) throws Exception {
((HttpServletResponse) response).sendError(403);
return false;
}
@Override
protected boolean isAccessAllowed(ServletRequest request,
ServletResponse response, Object mappedValue) {
if (pathsMatch(getLoginUrl(), request))
return true;
return super.isAccessAllowed(request, response, mappedValue);
}
}
filter代码