SpringBoot学习:整合shiro(rememberMe记住我后自动登录session失效解决办法)
项目下载地址:http://download.csdn.NET/detail/aqsunkai/9805821
定义一个拦截器,判断用户是通过记住我登录时,查询数据库后台自动登录,同时把用户放入session中。
配置拦截器也很简单,Spring 为此提供了基础类WebMvcConfigurerAdapter ,我们只需要重写addInterceptors 方法添加注册拦截器。
实现自定义拦截器只需要3步:
1、创建我们自己的拦截器类并实现 HandlerInterceptor 接口。
2、创建一个Java类继承WebMvcConfigurerAdapter,并重写 addInterceptors 方法。
3、实例化我们自定义的拦截器,然后将对像手动添加到拦截器链中(在addInterceptors方法中添加)。
package com.sun.configuration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.io.support.PropertiesLoaderUtils; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import java.io.IOException; import java.util.Enumeration; import java.util.Properties; /** * Created by sun on 2017-3-21. */ @Configuration public class WebMvcConfig extends WebMvcConfigurerAdapter { /** * 此方法把该拦截器实例化成一个bean,否则在拦截器里无法注入其它bean * @return */ @Bean SessionInterceptor sessionInterceptor() { return new SessionInterceptor(); } /** * 配置拦截器 * @param registry */ public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(sessionInterceptor()) .addPathPatterns("/**") .excludePathPatterns("/login","/permission/userInsert", "/error","/tUser/insert","/gif/getGifCode"); } }
package com.sun.configuration; import com.sun.permission.model.User; import com.sun.permission.service.PermissionService; import org.apache.log4j.Logger; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Created by sun on 2017-4-9. */ public class SessionInterceptor implements HandlerInterceptor{ private final Logger logger = Logger.getLogger(SessionInterceptor.class); @Resource private PermissionService permissionService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { logger.info("---preHandle---"); System.out.println(request.getContextPath()); Subject currentUser = SecurityUtils.getSubject(); //判断用户是通过记住我功能自动登录,此时session失效 if(!currentUser.isAuthenticated() && currentUser.isRemembered()){ try { User user = permissionService.findByUserEmail(currentUser.getPrincipals().toString()); //对密码进行加密后验证 UsernamePasswordToken token = new UsernamePasswordToken(user.getEmail(), user.getPswd(),currentUser.isRemembered()); //把当前用户放入session currentUser.login(token); Session session = currentUser.getSession(); session.setAttribute("currentUser",user); //设置会话的过期时间--ms,默认是30分钟,设置负数表示永不过期 session.setTimeout(-1000l); }catch (Exception e){ //自动登录失败,跳转到登录页面 response.sendRedirect(request.getContextPath()+"/login"); return false; } if(!currentUser.isAuthenticated()){ //自动登录失败,跳转到登录页面 response.sendRedirect(request.getContextPath()+"/login"); return false; } } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { logger.info("---postHandle---"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { logger.info("---afterCompletion---"); } }
