怎么解决shiro会话超时302问题

本篇内容介绍了"怎么解决shiro会话超时302问题"的有关知识，在实际案例的操作过程中，不少人都会遇到这样的困境，接下来就让小编带领大家学习一下如何处理这些情况吧！希望大家仔细阅读，能够学有所成！

产生异常的情况：nginx配置了https，但是nginx转发请求到web应用走的http，会话超时，shiro会重定向到登录页，这时重定向的是http地址，比如http://xxxxx/login/index ，浏览器会阻止这样的请求(从https页面发起http请求是非法的)。

1. 重写shiro的FormAuthenticationFilter

public class MyShiroAuthcFilter extends FormAuthenticationFilter {        public MyShiroAuthcFilter(String loginUrl) {                super();                setLoginUrl(loginUrl);        }        @Override        protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {                if (isLoginRequest(request, response)) {                        return super.onAccessDenied(request, response);                } else {                        if (isAjax((HttpServletRequest) request)) { // 处理ajax请求                                HttpServletResponse httpServletResponse = WebUtils.toHttp(response);                                httpServletResponse.addHeader("REQUIRE_AUTH", "true"); // ajax全局设置中有用                                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value()); // 改变302状态码                        } else {                                saveRequest(request);                                request.getRequestDispatcher(getLoginUrl()).forward(request, response);                                // 由于是nginx转发的，_redirect 302会重定向到http协议，不是浏览器期望的https                                // saveRequestAndRedirectToLogin(request, response);                        }                        return false;                }        }        private boolean isAjax(HttpServletRequest request) {                String requestedWithHeader = request.getHeader("X-Requested-With");                return "XMLHttpRequest".equals(requestedWithHeader);        }}

shiro的filter配置

@Beanpublic ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {        String loginUrl = "/login/index";        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();        Map filters = shiroFilter.getFilters();        filters.put("anon", new AnonymousFilter());        filters.put("authc", new MyShiroAuthcFilter(loginUrl));        Map filterChainDefinitionMap = new LinkedHashMap<>();        filterChainDefinitionMap.put("/supervisor/**", "authc");        filterChainDefinitionMap.put("/**", "anon");        shiroFilter.setSecurityManager(securityManager);        shiroFilter.setLoginUrl(loginUrl);        shiroFilter.setUnauthorizedUrl("/login/unauthorized");        shiroFilter.setFilters(filters);        shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMap);        return shiroFilter;}

2. ajax全局设置

$.ajaxSetup({    complete: function (xhr, status) {            if (xhr.getResponseHeader('REQUIRE_AUTH') == 'true') {                    alert("未登录或登录超时!");                    window.top.location.href = getHost() + '/login/index';                    return;            }        }});

3. /login/index页面处理

"怎么解决shiro会话超时302问题"的内容就介绍到这里了，感谢大家的阅读。如果想了解更多行业相关的知识可以关注网站，小编将为大家输出更多高质量的实用文章！