shiro 提供对外接口 实现一致性权限

有时候我们会有这样的需求,系统对外提供接口。同时在别的系统登陆之后,不需要再登陆我们的系统,便可以访问我们的系统数据

1.问题

为什么我们登陆系统之后,访问其他也页面(需要权限)都不需要再次登陆。

2.答案

因为客户端(浏览器)在请求头中设置Cookie="JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxxx",默认情况下,shiro给客户端设置的cookie就是这个,其实就是sessionId。

3.解决如何对外提供接口及其权限问题

  3.1 登陆接口,主要思路就是登陆,然后获取sessionId(返回参数),同时同缓存将sessionId绑定用户名(需要获取数据的时候将sessionId传回来,从而知道身份)

/**
     * 
     */
    @GetMapping("/memberLogin")
    @ResponseBody
    public Map<String, String> memberLogin(String username, String password, HttpServletRequest request) {
        Map<String, String> result = new HashMap<String, String>();
 

        SecurityUtils.getSubject().login(new UserAuthenticationToken(Member.class, username, password, false, request.getRemoteAddr()));
        String sessonId = request.getSession().getId();
        try {
            JedisClient.getInstance().add(sessonId, username + "," + password);
        } catch (Exception e) {
            e.printStackTrace();
        }
        result.put("code", "200");
        result.put("data", "JSESSIONID=" + sessonId);
        result.put("message", "登陆成功");
        return result;
    }

 

  3.2通过cookie设置,可以直接访问用户信息的数据,而不用登陆

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;

import okhttp3.OkHttpClient;

public class HttpRequestUtil {
    /**
     * 定义全局OkHttpClient对象
     */
    private static final OkHttpClient httpClient = new OkHttpClient();


    public static String sendPost(String url, Map<String, String> params) {
        OutputStreamWriter out = null;
        BufferedReader in = null;        
        StringBuilder result = new StringBuilder(); 
        try {
            URL realUrl = new URL(url);
            HttpURLConnection conn =(HttpURLConnection) realUrl.openConnection();
            // 发送POST请求必须设置如下两行
            conn.setDoOutput(true);
            conn.setDoInput(true);
            // POST方法
            conn.setRequestMethod("POST");
            // 设置通用的请求属性
            conn.setRequestProperty("accept", "*/*");
            conn.setRequestProperty("connection", "Keep-Alive");
            conn.setRequestProperty("user-agent",
                    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setRequestProperty("Cookie", "JSESSIONID=45450E3F796272D93D406411BEA6CF9C");
            conn.connect();
            // 获取URLConnection对象对应的输出流
            out = new OutputStreamWriter(conn.getOutputStream(), "UTF-8");
            // 发送请求参数            
            if (params != null) {
                  StringBuilder param = new StringBuilder(); 
                  for (Map.Entry<String, String> entry : params.entrySet()) {
                      if(param.length()>0){
                          param.append("&");
                      }                  
                      param.append(entry.getKey());
                      param.append("=");
                      param.append(entry.getValue());                      
                      //System.out.println(entry.getKey()+":"+entry.getValue());
                  }
                  //System.out.println("param:"+param.toString());
                  out.write(param.toString());
            }
            // flush输出流的缓冲
            out.flush();
            // 定义BufferedReader输入流来读取URL的响应
            in = new BufferedReader(
                    new InputStreamReader(conn.getInputStream(), "UTF-8"));
            String line;
            while ((line = in.readLine()) != null) {
                result.append(line);
            }
        } catch (Exception e) {            
            e.printStackTrace();
        }
        //使用finally块来关闭输出流、输入流
        finally{
            try{
                if(out!=null){
                    out.close();
                }
                if(in!=null){
                    in.close();
                }
            }
            catch(IOException ex){
                ex.printStackTrace();
            }
        }
        return result.toString();
    }
    public static void main(String[] args) {
        String url="http://localhost:8080/ddzq/member/index";

// Map<String,String> params = new HashMap<String,String>();
// params.put("username", "tsd333344399");
// params.put("password", "15547514");
// params.put("registerVisitCode", "888");
// params.put("mobile", "18254555231");

 

//String sendPost = sendPost(url, params);

String sendPost = sendPost(url, null); System.out.println("result:"+sendPost); } }

 

posted @ 2019-07-24 09:27  longtengdama  阅读(4862)  评论(0编辑  收藏  举报