Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "how to solve the shiro 302 jump problem in springBoot". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

302 jump of springBoot front and rear separation project shiro

The project uses springboot and shiro for user authentication. In the front-end request, when the user information expires and the session fails, the shiro will be redirected to the configured login.jsp page or the self-configured logUrl.

Because the front and rear ends separate the project, it is separated from the static resource file, and after solid redirection, it will be 404.

After searching the configuration information on the Internet, it is found that the reason for 302 is

The onAccessDenied method in FormAuthenticationFilter is dealt with accordingly. Then if we know where the problem lies, we can have a solution.

Override the onAccessDenied method, do the appropriate processing for your own business, and then add it to the configuration when the filter configuration is loaded.

Here is the code

Add ShiroFormAuthenticationFilter-like remethod package com.oilpay.wallet.shiro; import com.alibaba.fastjson.JSONObject;import com.oilpay.wallet.interceptor.TokenInterceptor;import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.http.HttpStatus;import org.springframework.web.bind.annotation.RequestMethod; import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.PrintWriter / * * rewrite the permission verification problem. Return the status code after login expires * * / public class ShiroFormAuthenticationFilter extends FormAuthenticationFilter {Logger logger = LoggerFactory.getLogger (TokenInterceptor.class) @ Override protected boolean onAccessDenied (ServletRequest request, ServletResponse response) throws Exception {if (isLoginRequest (request, response)) {if (isLoginSubmission (request, response)) {if (logger.isTraceEnabled ()) {logger.trace ("Login submission detected. Attempting to execute login. ");} return executeLogin (request, response);} else {if (logger.isTraceEnabled ()) {logger.trace (" Login page view. ");} / / allow them to see the login page;) return true }} else {HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; if (req.getMethod (). Equals (RequestMethod.OPTIONS.name () {resp.setStatus (HttpStatus.OK.value ()); return true } if (logger.isTraceEnabled ()) {logger.trace ("Attempting to access a path which requires authentication. Forwarding to the "+" Authentication url ["+ getLoginUrl () +"] ");} / / the front-end Ajax request contains some parameters in the requestHeader to determine whether it is the front-end request String test= req.getHeader (" test ") If (wkcheck = null | | req.getHeader ("wkcheck")! = null) {/ / frontend Ajax request will not be redirected to resp.setHeader ("Access-Control-Allow-Origin", req.getHeader ("Origin"); resp.setHeader ("Access-Control-Allow-Credentials", "true"); resp.setContentType ("application/json") Charset=utf-8 "); resp.setCharacterEncoding (" UTF-8 "); PrintWriter out = resp.getWriter (); JSONObject result = new JSONObject (); result.put (" message "," login failure "); result.put (" resultCode ", 1000); out.println (result); out.flush () Out.close ();} else {saveRequestAndRedirectToLogin (request, response);} return false;} add @ Bean (name= "shiroFilter") public ShiroFilterFactoryBean shiroFilter (@ Qualifier ("securityManager") SecurityManager manager) {ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean (); shiroFilterFactoryBean.setSecurityManager (manager) to the filter configuration / / configure access LinkedHashMap filterChainDefinitionMap=new LinkedHashMap (); filterChainDefinitionMap.put ("/ common/logout", "logout"); filterChainDefinitionMap.put ("/", "anon"); filterChainDefinitionMap.put ("/ common/login", "anon"); filterChainDefinitionMap.put ("/ common/*", "anon"); filterChainDefinitionMap.put ("/ imageVerifyCode/getCode", "anon") FilterChainDefinitionMap.put ("/ sendVerifyCode/register", "anon"); filterChainDefinitionMap.put ("/ sendVerifyCode/resetLoginPwd", "anon"); filterChainDefinitionMap.put ("/ * *", "authc"); / / requires authentication to access LinkedHashMap filtsMap=new LinkedHashMap (); filtsMap.put ("authc", new ShiroFormAuthenticationFilter ()); shiroFilterFactoryBean.setFilters (filtsMap); shiroFilterFactoryBean.setFilterChainDefinitionMap (filterChainDefinitionMap) Return shiroFilterFactoryBean;}

At this point, you can deal with it according to your own needs.

About the problem that shiro is always 302

My reason is to use authc, because the value returned by the onAccessDenied method in the filter FormAuthenticationFilter corresponding to autuc is false, so there will always be a loop redirection when accessing url. The solution: override the onAccessDenied method and inject it into the shiroFiter.

Attached is the shiro configuration file / login.html=anon / js/**=anon / templates/**=anon / assets/**=anon / css/**=anon / index.do=authc / user/login.do=anon / * * = authc overrides the onAccessDenied method package com.jd.risk.giasys.service.realm.filter Import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;/** * Created by jianghaisong on 2017-12-17. * / public class MyFilter extends FormAuthenticationFilter {private Logger log = LoggerFactory.getLogger (MyFilter.class) Protected boolean onAccessDenied (ServletRequest request, ServletResponse response) throws Exception {/ / rewrite, business logic}} "how to solve the 302 jump problem of shiro in springBoot" is introduced here, thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.