微信小程序+springboot+shiro实现登录

一、自定义WxRealm，继承自AuthorizingRealm

package com.ruoyi.framework.shiro.web.session;

import com.ruoyi.common.constant.ShiroConstants;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.bean.BeanUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.shiro.session.OnlineSession;
import com.ruoyi.system.domain.SysUserOnline;
import com.ruoyi.system.service.ISysUserOnlineService;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionKey;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;

/**
 * 自定义session管理器，重写getSessionId方法
 * 继承DefaultWebSessionManager,重写getSessionId方法，逻辑是如果请求头中有token，就分析token，没有就调用父类的方法，依然按原先分析cookie中的参数
 * author zxy
 */
public class WxSessionManager extends DefaultWebSessionManager {

    /**
     * 这个是客户端请求给服务端带的header
     */
    public final static String HEADER_TOKEN_NAME = "X-Nideshop-Token";
    public final static Logger LOG = LoggerFactory.getLogger(WxSessionManager.class);
    private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request";

    /**
     * 重写getSessionId,分析请求头中的指定参数，做用户凭证sessionId
     */
    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response){
        String id = WebUtils.toHttp(request).getHeader(HEADER_TOKEN_NAME);
        //System.out.println("id："+id);
        if(StringUtils.isEmpty(id)){
            //如果没有携带id参数则按照父类的方式在cookie进行获取
            //  System.out.println("super："+super.getSessionId(request, response));
            return super.getSessionId(request, response);
        }else{
            //如果请求头中有 authToken 则其值为sessionId
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,REFERENCED_SESSION_ID_SOURCE);
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID,id);
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID,Boolean.TRUE);
            return id;
        }
    }

}

三、ShiroConfig注入WxRealm和WxSessionManager

return new Promise(function (resolve, reject) {
    wx.login({
      success: function (res) {
        if (res.code) {
          //登录远程服务器
          var code = res.code;
          //获取token
          util.request(api.GetTokenUrl, { code: code }).then(function (res) {
            console.log(res.session_key);
            var session_key = res.session_key;
            var openid = res.openid;
            wx.setStorageSync(token, session_key);
            util.login(code, openid);
            console.log(=============测试开始================);
            setTimeout(test, 5000);
          })
        }
        else {
          reject(res);
        }
      },
      fail: function (err) {
        reject(err);
      }
      });
    });

2、根据返回的session，通过“wx.setStorageSync(token, session_key);”设置到全局变量，后续所有请求head都带上

3、其他涉及到的注册和登录方法

4、控制器