NutzCN Logo
问答 nutzwk关闭浏览器再打开为啥还是处于登陆状态?
发布于 2537天前 作者 zp8821138 1743 次浏览 复制 上一个帖子 下一个帖子
标签: nutzwk

rt,但是我不关电脑,第二天再访问就会要求登陆 ,这是因为什么?记住我也并没有用,配置文件如下,访问/platform/home的时候貌似并没有经过rememberAuthFilter,这是为啥,我就像做一个记住7天的功能。。

rememberAuthFilter = com.xxx.shiro.filter.RememberAuthenticationFilter
rememberAuthFilter.loginUrl = /platform/login
logout.redirectUrl = /platform/login

[urls]
/platform/doLogin = anon
/platform/login/captcha = anon
/platform/login/logout = anon
/assets/** = anon
/** = anon
/platform/** = rememberAuthFilter
14 回复
  @At("")
    @Ok("beetl:/home.html")
    @RequiresAuthentication
    public void home(HttpServletRequest req) {
    	System.out.println("============");
    }

到home的方法 @RequiresAuthentication也有。

cookie没有设置为跟随浏览器进程,所以重启浏览器依然能读到原本的cookie
第二天就不能登录,要么session有过期时间,要么cookie有过期时间

session默认过期时间不是30分钟吗,cookie的过期时间如果按照配置应该是7天,为啥是第二天就要登陆 搞不懂捏

session默认过期时间, 得看shiro.ini里面的配置了, 不是30分钟吧

cookie过期跟session过期是两码事

配置文件如下,没看到session设置过期时间捏

[main]

jedisAgent = org.nutz.integration.jedis.JedisAgent
cacheManager_ehcache = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager_ehcache.cacheManagerConfigFile=classpath:ehcache.xml
cacheManager_redis = org.nutz.plugins.cache.impl.redis.RedisCacheManager
cacheManager_redis.mode=kv
cacheManager_redis.debug=true
cacheManager = org.nutz.plugins.cache.impl.lcache.LCacheManager
cacheManager.jedisAgent = $jedisAgent
cacheManager.level1 = $cacheManager_ehcache
cacheManager.level2 = $cacheManager_redis

# Session
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionValidationSchedulerEnabled = true

# Session Cache
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionDAO.cacheManager = $cacheManager
sessionDAO.activeSessionsCacheName = shiro-activeSessionCache
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager

# Cookie
sessionIdCookie = org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name = sid
sessionIdCookie.maxAge = 604800
sessionIdCookie.httpOnly = true
sessionManager.sessionIdCookie = $sessionIdCookie
sessionManager.sessionIdCookieEnabled = true
sessionManager.globalSessionTimeout = 3600000

rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie
rememberMeCookie.name = remember
rememberMeCookie.maxAge = 604800
rememberMeCookie.httpOnly = true
rememberMeManager = org.apache.shiro.web.mgt.CookieRememberMeManager
rememberMeManager.cookie = $rememberMeCookie

sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
sha256Matcher.storedCredentialsHexEncoded = false
sha256Matcher.hashIterations = 1024
sha256Matcher.hashSalted = true

shiroDbRealm = com.xxx.shiro.realm.NutzDaoRealm
shiroDbRealm.credentialsMatcher = $sha256Matcher

securityManager.realms = $shiroDbRealm
authcStrategy = com.xxx


.shiro.pam.AnySuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.cacheManager = $cacheManager
securityManager.rememberMeManager = $rememberMeManager

rememberAuthFilter = com.xxx.shiro.filter.RememberAuthenticationFilter
rememberAuthFilter.loginUrl = /platform/login
logout.redirectUrl = /platform/login

[urls]
/platform/doLogin = anon
/platform/login/captcha = anon
/platform/login/logout = anon
/assets/** = anon
/** = anon
/platform/** = rememberAuthFilter

sessionManager.globalSessionTimeout = 3600000

一小时呢

我改成1貌似一样还是关闭浏览器还是能访问。

浏览器缓存吧?多刷新几次

是有缓存,如果session设置1个小时,那么我想像有的网站7天都可以不用密码登陆该怎么做呢

rememberAuthFilter = com.xxx.shiro.filter.RememberAuthenticationFilter
rememberAuthFilter.loginUrl = /platform/login
logout.redirectUrl = /platform/login

[urls]
/platform/doLogin = anon
/platform/login/captcha = anon
/platform/login/logout = anon
/assets/** = anon
/** = anon
/platform/** = rememberAuthFilter

我设置了filter 但是访问/platform/home却没有经过这个filter.

public class RememberAuthenticationFilter extends FormAuthenticationFilter {

	@Override
	protected boolean onAccessDenied(ServletRequest request,
			ServletResponse response) throws Exception {
		((HttpServletResponse) response).sendError(403);
		return false;
	}

	@Override
	protected boolean isAccessAllowed(ServletRequest request,
			ServletResponse response, Object mappedValue) {
		if (pathsMatch(getLoginUrl(), request))
			return true;
		return super.isAccessAllowed(request, response, mappedValue);
	}

}

filter代码

顺序错了,你得往前放

shiro.ini中的urls按顺序执行,据我所知

添加回复
请先登陆
回到顶部