前后端分离项目sessionId怎么传递给shiro
==建议使用 jwt ==
前端
对后端访问时在ajax请求头添加一条【Authorization:sessionId】 下面示例(vuejs项目中基于axios): mian.js:
import Vue from vue
import App from ./App
import router from ./router
import axios from axios
import doCookie from @/base/crudCookie//自己写的cookie操作类
// 配置axios --推荐改为单独配置文件(-添加加拦截器-)
// var axios = require(axios) 功能大体与import相似,推荐使用import。
axios.defaults.timeout = 5000 //请求超时 5秒
axios.defaults.headers.post[Content-Type] = application/json;
/**
* 添加请求头:【Authorization:sessionId】
* 此处的Authorization需要与后端相同
*/
axios.defaults.headers.common[Authorization] = doCookie.getCookie("SESSIONID")
axios.defaults.baseURL = http://localhost:8888/yao //后端项目地址
crudCookie.js本类是对cookie的操作:
export default {
setCookie: (name,value,days) =>{
var d = new Date;
d.setTime(d.getTime() + 24*60*60*1000*days);
window.document.cookie = name + "=" + value + ";path=/;expires=" + d.toGMTString();
},
getCookie: name =>{
var v = window.document.cookie.match((^|;) ? + name + =([^;]*)(;|$));
return v ? v[2] : null;
},
delCookie: name =>{
this.setCookie(name, , -1); //将时间设置为过去时,立即删除cookie
}
}
后端
在此需要对SessionManager 进行重写
/**
* @version: 1.0
* @since: JDK 1.8.0_91
* @Description: 适用于前后端分离情况下对sessionId的获取
*
* <br>Modification History:<br>
* Date | Author | Version | Description<br>
* ------------------------------------------------------------------<br>
* 2018年10月23日 | yao_x_x | 1.0 | 1.0 Version
*/
public class CustomSessionManager extends DefaultWebSessionManager {
/**
* 获取请求头中key为“Authorization”的value == sessionId
*/
private static final String AUTHORIZATION ="Authorization";
private static final String REFERENCED_SESSION_ID_SOURCE = "cookie";
/**
* @Description shiro框架 自定义session获取方式<br/>
* 可自定义session获取规则。这里采用ajax请求头 {@link AUTHORIZATION}携带sessionId的方式
*/
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
// TODO Auto-generated method stub
String sessionId = WebUtils.toHttp(request).getHeader(AUTHORIZATION);
if (StringUtils.isNotEmpty(sessionId)) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
return sessionId;
}
return super.getSessionId(request, response);
}
}
shiro配置类:将上文中重写过的CustomSessionManager配置进SecurityManager中
@Bean("securityManager")
public SecurityManager securityManager(@Qualifier("authRealm")AuthRealm authRealm
,@Qualifier("sessionManager")SessionManager sessionManager) {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(authRealm);
manager.setSessionManager(sessionManager);
return manager;
}
@Bean("sessionManager")
public SessionManager sessionManager(){
CustomSessionManager manager = new CustomSessionManager();
/*使用了shiro自带缓存,
如果设置 redis为缓存需要重写CacheManager(其中需要重写Cache)
manager.setCacheManager(this.RedisCacheManager());*/
manager.setSessionDAO(new EnterpriseCacheSessionDAO());
return manager;
}