springMVC集成shiro权限认证框架,登录之后退出登录出现登录不上的问题

有两种解决方式:

1.在web.xml文件配置一段欢迎页面:

<welcome-file-list>
    <welcome-file>/index.do</welcome-file>     
 </welcome-file-list>

 

 2.在自定义表单过滤器MyFormAuthenticationFilter里,添加清除shiro 在sesion存储的上一次访问地址 shiroSavedReques 

 

 1 package cn.zj.logistic.shiro;
 2 
 3 import javax.servlet.ServletRequest;
 4 import javax.servlet.ServletResponse;
 5 import javax.servlet.http.HttpServletRequest;
 6 
 7 import org.apache.commons.lang3.StringUtils;
 8 import org.apache.shiro.authc.AuthenticationToken;
 9 import org.apache.shiro.session.Session;
10 import org.apache.shiro.subject.Subject;
11 import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
12 import org.apache.shiro.web.util.WebUtils;
13 
14 public class MyFormAuthenticationFilter extends FormAuthenticationFilter {
15 
16     @Override
17     protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
18 
19         HttpServletRequest req = (HttpServletRequest) request;
20 
21         // 1.获取前台表单提交的验证码
22         String verifyCode = req.getParameter("verifyCode");
23 
24         
25         
26         String rand = (String) req.getSession().getAttribute("rand");
27 
28         System.out.println("rand :" + rand);
29 
30         if (StringUtils.isNotBlank(verifyCode)) {
31             if (!verifyCode.equals(rand.toLowerCase())) {
32                 // 共享一个错误信息到 shiroLoginFailure
33                 request.setAttribute("shiroLoginFailure", "verifyCodeError");
34 
35                 // 返回true,shiro就不再进行下一操作(数据库认证)了,直接返回了
36                 return true;
37             }
38         }
39 
40         return super.onAccessDenied(request, response);
41     }
42 
43     @Override
44     protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
45             ServletResponse response) throws Exception {
46                 
47     
48         // 1.获取sesssion
49         Session session = subject.getSession(false);
50         if (session != null) {
51             // 清除shiro共享的上一次地址 ://shiroSavedRequest
52             session.removeAttribute(WebUtils.SAVED_REQUEST_KEY);
53         }
54 
55         return super.onLoginSuccess(token, subject, request, response);
56     }
57 
58 }

 

posted @ 2019-07-24 22:58  abcdjava  阅读(1137)  评论(0编辑  收藏  举报