前后端分离项目sessionId怎么传递给shiro
==建议使用 jwt ==
前端
对后端访问时在ajax请求头添加一条【Authorization:sessionId】 下面示例(vuejs项目中基于axios): mian.js:
import Vue from vue import App from ./App import router from ./router import axios from axios import doCookie from @/base/crudCookie//自己写的cookie操作类 // 配置axios --推荐改为单独配置文件(-添加加拦截器-) // var axios = require(axios) 功能大体与import相似,推荐使用import。 axios.defaults.timeout = 5000 //请求超时 5秒 axios.defaults.headers.post[Content-Type] = application/json; /** * 添加请求头:【Authorization:sessionId】 * 此处的Authorization需要与后端相同 */ axios.defaults.headers.common[Authorization] = doCookie.getCookie("SESSIONID") axios.defaults.baseURL = http://localhost:8888/yao //后端项目地址
crudCookie.js本类是对cookie的操作:
export default { setCookie: (name,value,days) =>{ var d = new Date; d.setTime(d.getTime() + 24*60*60*1000*days); window.document.cookie = name + "=" + value + ";path=/;expires=" + d.toGMTString(); }, getCookie: name =>{ var v = window.document.cookie.match((^|;) ? + name + =([^;]*)(;|$)); return v ? v[2] : null; }, delCookie: name =>{ this.setCookie(name, , -1); //将时间设置为过去时,立即删除cookie } }
后端
在此需要对SessionManager 进行重写
/** * @version: 1.0 * @since: JDK 1.8.0_91 * @Description: 适用于前后端分离情况下对sessionId的获取 * * <br>Modification History:<br> * Date | Author | Version | Description<br> * ------------------------------------------------------------------<br> * 2018年10月23日 | yao_x_x | 1.0 | 1.0 Version */ public class CustomSessionManager extends DefaultWebSessionManager { /** * 获取请求头中key为“Authorization”的value == sessionId */ private static final String AUTHORIZATION ="Authorization"; private static final String REFERENCED_SESSION_ID_SOURCE = "cookie"; /** * @Description shiro框架 自定义session获取方式<br/> * 可自定义session获取规则。这里采用ajax请求头 {@link AUTHORIZATION}携带sessionId的方式 */ @Override protected Serializable getSessionId(ServletRequest request, ServletResponse response) { // TODO Auto-generated method stub String sessionId = WebUtils.toHttp(request).getHeader(AUTHORIZATION); if (StringUtils.isNotEmpty(sessionId)) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); return sessionId; } return super.getSessionId(request, response); } }
shiro配置类:将上文中重写过的CustomSessionManager配置进SecurityManager中
@Bean("securityManager") public SecurityManager securityManager(@Qualifier("authRealm")AuthRealm authRealm ,@Qualifier("sessionManager")SessionManager sessionManager) { DefaultWebSecurityManager manager = new DefaultWebSecurityManager(); manager.setRealm(authRealm); manager.setSessionManager(sessionManager); return manager; } @Bean("sessionManager") public SessionManager sessionManager(){ CustomSessionManager manager = new CustomSessionManager(); /*使用了shiro自带缓存, 如果设置 redis为缓存需要重写CacheManager(其中需要重写Cache) manager.setCacheManager(this.RedisCacheManager());*/ manager.setSessionDAO(new EnterpriseCacheSessionDAO()); return manager; }