In this chapter, we deal with the problem of separating the front end from the back end. If you have any questions, please contact me at [email protected]. Ask for directions of various gods, thank you
As technology continues to evolve, more and more projects are now being developed in a forward-end separation approach. In traditional projects, Shiro automatically saves the sessionId into the cookie after successful login, and the background obtains the current login role information based on the sessionId. In the project where the front and back ends are separated, the back-end interface (cross-domain) cannot be requested and the sessionId cannot be obtained in the cookie due to inconsistent IP and port. This chapter deals with both of these issues.
One: Dealing with cross-domain issues
The front-end project here is enabled with port 8800, while the back-end is enabled with port 8080. Due to the inconsistent ports, the following errors occur when the front-end requests through AXIOS
Solution:
Open the core – configuer – WebConfigurer. Java
Add the following code:
private CorsConfiguration buildConfig() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedHeader("*"); // Request method config.addAllowedMethod(httpmethod.get); config.addAllowedMethod(HttpMethod.POST); config.addAllowedMethod(HttpMethod.PUT); config.addAllowedMethod(HttpMethod.DELETE); config.addAllowedMethod(HttpMethod.OPTIONS);return config;
}
@Bean
public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource(); / / handles all the request path configSource. RegisterCorsConfiguration ("/ * *", buildConfig());
return new CorsFilter(configSource);
}Copy the codeRequest again:
Request successful, data obtained. (Ignore pages with hot eyes.)
Get SessionId from Shiro
Shiro’s original logic is to get the sessionId in the cookie. Here we modify the logic.
- Return the sessionID to the foreground on successful login, and then carry the sessionID in the request header on each request.
- Override shiro to get the sessionID method.
Login method:
@Override public Map<String, Object> userLogin(String userName, String password) { Subject currentUser = SecurityUtils.getSubject(); currentUser.login(new UsernamePasswordToken(userName, password)); //UserInfo user = (UserInfo) currentUser.getPrincipal(); Map<String,Object> map = new HashMap<>(3); map.put("sessionId",currentUser.getSession().getId());
return map;
}Copy the codeOverwrite Shiro to get the sessionID
The new core – shiro – MySessionManager. Java
package com.example.demo.core.shiro; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.web.servlet.ShiroHttpServletRequest; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.apache.shiro.web.util.WebUtils; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import java.io.Serializable; /** * @author zy */ public class MySessionManager extends DefaultWebSessionManager {private static final String AUTHORIZATION ="Authorization";
private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request";
public MySessionManager() { super(); } @Override protected Serializable getSessionId(ServletRequest request, ServletResponse response) { String id = WebUtils.toHttp(request).getHeader(AUTHORIZATION); // If Authorization is present in the request header, the value is sessionIdif(! StringUtils.isEmpty(id)) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);return id;
} else{// Otherwise take the sessionId from the cookie by defaultreturnsuper.getSessionId(request, response); }}}Copy the codeModify the core – configuer – ShiroConfigurer. Java
Add the following code:
@Bean
public SessionManager sessionManager() {return new MySessionManager();
}Copy the codeThe above can solve the two problems raised at the beginning of the article.
The project address
Code cloud address: gitee.com/beany/mySpr…
GitHub address: github.com/MyBeany/myS…
Writing articles is not easy, if it is helpful to you, please help click star
