Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to solve the problem of shiro session timeout 302". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Exception occurs: nginx is configured with https, but nginx forwards the request to the http of the web application. When the session times out, the shiro will be redirected to the login page. In this case, the http address will be redirected, such as http://xxxxx/login/index. The browser will block such requests (it is illegal to initiate a http request from the https page).

Rewrite the FormAuthenticationFilter of shiro

Public class MyShiroAuthcFilter extends FormAuthenticationFilter {public MyShiroAuthcFilter (String loginUrl) {super (); setLoginUrl (loginUrl);} @ Override protected boolean onAccessDenied (ServletRequest request, ServletResponse response) throws Exception {if (isLoginRequest (request, response)) {return super.onAccessDenied (request, response) } else {if (isAjax ((HttpServletRequest) request)) {/ / process ajax request HttpServletResponse httpServletResponse = WebUtils.toHttp (response); httpServletResponse.addHeader ("REQUIRE_AUTH", "true") / / useful httpServletResponse.setStatus (HttpStatus.UNAUTHORIZED.value ()) in ajax global settings; / / change 302 status code} else {saveRequest (request); request.getRequestDispatcher (getLoginUrl ()) .forward (request, response) / / because it is forwarded by nginx, _ redirect 302will be redirected to the http protocol, which is not the https / / saveRequestAndRedirectToLogin (request, response) expected by the browser;} return false } private boolean isAjax (HttpServletRequest request) {String requestedWithHeader = request.getHeader ("X-Requested-With"); return "XMLHttpRequest" .equals (requestedWithHeader);}}

Filter configuration of shiro

Beanpublic ShiroFilterFactoryBean shiroFilter (SecurityManager securityManager) {String loginUrl = "/ login/index"; ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean (); Map filters = shiroFilter.getFilters (); filters.put ("anon", new AnonymousFilter ()); filters.put ("authc", new MyShiroAuthcFilter (loginUrl)); Map filterChainDefinitionMap = new LinkedHashMap (); filterChainDefinitionMap.put ("/ supervisor/**", "authc") FilterChainDefinitionMap.put ("/ * *", "anon"); shiroFilter.setSecurityManager (securityManager); shiroFilter.setLoginUrl (loginUrl); shiroFilter.setUnauthorizedUrl ("/ login/unauthorized"); shiroFilter.setFilters (filters); shiroFilter.setFilterChainDefinitionMap (filterChainDefinitionMap); return shiroFilter;}

Ajax Global Settings

$.ajaxSetup ({complete: function (xhr, status) {if (xhr.getResponseHeader ('REQUIRE_AUTH') = =' true') {alert ("not logged in or login timed out!"); window.top.location.href = getHost () +'/ login/index'; return;})

/ login/index page processing

/ / make the login page appear in the "top-level" window, and adjust the browser's url address. The filter above is the if from forward to the login page (window.top! = window.self | | location.pathname! ='/ login/index') {window.top.location = getHost () +'/ login/index';}. This is the end of the content on how to solve the shiro session timeout 302 problem. Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.