Apache Shiro的访问跳转问题

Apacheshiro

解决方案 »

  1.   

    你这个问题我也遇到过,跟踪进源码,你会发现public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)
                throws IOException {
            String successUrl = null;
            boolean contextRelative = true;
            SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
            if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {
                successUrl = savedRequest.getRequestUrl();
                contextRelative = false;
            }        if (successUrl == null) {
                successUrl = fallbackUrl;
            }        if (successUrl == null) {
                throw new IllegalStateException("Success URL not available via saved request or via the " +
                        "successUrlFallback method parameter. One of these must be non-null for " +
                        "issueSuccessRedirect() to work.");
            }        WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
        }fallbackUrl其实就是你shiroFilter bean里面设置的successUrl,但是successUrl在被fallbackUrl赋值之前就已经被savedRequest.getRequestUrl()取代了,这个也是我不明白的地方,如果真要解决,就继承FormAuthenticationFilterpublic class LoginFormAuthenticationFilter extends FormAuthenticationFilter{

    protected final Logger logger = Logger.getLogger(LoginFormAuthenticationFilter.class);
    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)
    throws Exception {
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;

    subject.getSession().setAttribute(SubjectUtil.CURRENT_USER, subject.getPrincipal()); //设置用户身份进session属性

    logger.info("用户 "+SubjectUtil.getShiroUser(subject).toString() + " 登陆成功");

    String url = this.getSuccessUrl();
    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + url); //页面跳转
    return false;
    }然后<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="loginUrl" value="/login/loginPage"/>
            <property name="successUrl" value="/login/mainPage"/>
            <property name="unauthorizedUrl" value="/login/loginPage" />
            
            <property name="securityManager" ref="securityManager"/>
            <property name="filters">
                <map>
                    <entry key="authc" value-ref="loginFormAuthenticationFilter"/>
                </map>
            </property>
            <property name="filterChainDefinitions">
                <value>
                 /login/loginPage = authc
                 /logout = logout
                 /public/** = anon
                 /** = user
                </value>
            </property>
        </bean> 
        <!-- End -->
        
        <bean id="loginFormAuthenticationFilter" class="org.ltsh.framework.security.filter.LoginFormAuthenticationFilter"/>
    这里authc默认就是FormAuthenticationFilter,只要在LoginFormAuthenticationFilter的onLoginSuccess方法里重定向就可以了,不用它原来的父方法。