Spring Boot集成Shiro后,用下面这种方法退出,回调退出地址的之后并没有到回调的地址,而是重新进入了首页,有时候还会在logout之前就进入首页,但是这个时候session已经清了,然后就报错了,搞不懂为什么会出现这种情况,后面我用了另一种方法,至少到现在没有出现这个问题。希望有大神知道原因的回复一下,万分感激。
@RequestMapping("/logout")
public String logout() {
return "redirect:" + casConfigProperties.getLogoutUrl();
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager, CasFilter casFilter) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/main");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
// 添加casFilter到shiroFilter中
Map filters = new HashMap<>();
filters.put("casFilter", casFilter);
filters.put("authc", new MyFormAuthenticationFilter());
shiroFilterFactoryBean.setFilters(filters);
loadShiroFilterChain(shiroFilterFactoryBean);
return shiroFilterFactoryBean;
}
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
Map filterChainDefinitionMap = new LinkedHashMap<>();
// authc:该过滤器下的页面必须登录后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
// anon: 可以理解为不拦截
// user: 登录了就不拦截
// roles["admin"] 用户拥有admin角色
// perms["permission1"] 用户拥有permission1权限
// filter顺序按照定义顺序匹配,匹配到就验证,验证完毕结束。
// url匹配通配符支持:? * **,分别表示匹配1个,匹配0-n个(不含子路径),匹配下级所有路径
// 1.shiro集成cas后,首先添加该规则
filterChainDefinitionMap.put("/", "casFilter");
filterChainDefinitionMap.put("/global/**", "anon");
filterChainDefinitionMap.put("/logout", "anon");
filterChainDefinitionMap.put("/passwordResetView", "anon");
filterChainDefinitionMap.put("/passwordReset", "anon");
filterChainDefinitionMap.put("/sendPhoneAuthenticationCode", "anon");
filterChainDefinitionMap.put("/login", "casFilter,authc");
filterChainDefinitionMap.put("/**", "user");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
这是我的解决办法,把退出改成用Shrio自己的退出过滤器,再里面设置退出后的回调地址,把控制器里的logout去掉。
至少到现在没有出现上面这种问题。
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager, CasFilter casFilter) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean/https://www.jsykyy.com/#setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/main");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
// 添加casFilter到shiroFilter中
Map filters = new HashMap<>();
filters.put("casFilter", casFilter);
filters.put("authc", new MyFormAuthenticationFilter());
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl(casConfigProperties.getLogoutUrl());
filters.put("logout", logoutFilter);
shiroFilterFactoryBean.setFilters(filters);
loadShiroFilterChain(shiroFilterFactoryBean);
return shiroFilterFactoryBean;
}
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
Map filterChainDefinitionMap = new LinkedHashMap<>();
// authc:该过滤器下的页面必须登录后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
// anon: 可以理解为不拦截
// user: 登录了就不拦截
// roles["admin"] 用户拥有admin角色
// perms["permission1"] 用户拥有permission1权限
// filter顺序按照定义顺序匹配,匹配到就验证,验证完毕结束。
// url匹配通配符支持:? * **,分别表示匹配1个,匹配0-n个(不含子路径),匹配下级所有路径
// 1.shiro集成cas后,首先添加该规则
filterChainDefinitionMap.put("/", "casFilter");
filterChainDefinitionMap.put("/global/**", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/passwordResetView", "anon");
filterChainDefinitionMap.put("/passwordReset", "anon");
filterChainDefinitionMap.put("/sendPhoneAuthenticationCode", "anon");
filterChainDefinitionMap.put("/login", "casFilter,authc");
filterChainDefinitionMap.put("/**", "user");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024