去掉shiro登录时url里的JSESSIONID

经过查找论坛和分析源码，确认了是在ShiroHttpServletResponse里加上的。
因此extends，覆盖相应方法，把添加JSESSIONID部分去掉。

public class MyShiroHttpServletResponse extends ShiroHttpServletResponse {
  public MyShiroHttpServletResponse(HttpServletResponse wrapped, ServletContext context, ShiroHttpServletRequest request) {
    super(wrapped, context, request);
  }

  @Override
  protected String toEncoded(String url, String sessionId) {
    if ((url == null) || (sessionId == null))
      return (url);

    String path = url;
    String query = "";
    String anchor = "";
    int question = url.indexOf('?');
    if (question >= 0) {
      path = url.substring(0, question);
      query = url.substring(question);
    }
    int pound = path.indexOf('#');
    if (pound >= 0) {
      anchor = path.substring(pound);
      path = path.substring(0, pound);
    }
    StringBuilder sb = new StringBuilder(path);
//    if (sb.length() > 0) { // session id param can't be first.
//      sb.append(";");
//      sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);
//      sb.append("=");
//      sb.append(sessionId);
//    }
    sb.append(anchor);
    sb.append(query);
    return (sb.toString());
  }
}

扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。

public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean {

  @Override
  public Class getObjectType() {
    return MySpringShiroFilter.class;
  }

  @Override
  protected AbstractShiroFilter createInstance() throws Exception {

    SecurityManager securityManager = getSecurityManager();
    if (securityManager == null) {
      String msg = "SecurityManager property must be set.";
      throw new BeanInitializationException(msg);
    }

    if (!(securityManager instanceof WebSecurityManager)) {
      String msg = "The security manager does not implement the WebSecurityManager interface.";
      throw new BeanInitializationException(msg);
    }

    FilterChainManager manager = createFilterChainManager();

    PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
    chainResolver.setFilterChainManager(manager);

    return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
  }

  private static final class MySpringShiroFilter extends AbstractShiroFilter {

    protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
      super();
      if (webSecurityManager == null) {
        throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
      }
      setSecurityManager(webSecurityManager);
      if (resolver != null) {
        setFilterChainResolver(resolver);
      }
    }

    @Override
    protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) {
      return new MyShiroHttpServletResponse(orig, getServletContext(), request);
    }
  }
}

在shiro相关配置里替换成自己的MyShiroFilterFactoryBean（嗯，我是shiro和spring组合用的)

<bean id="shiroFilter" class="com.rudong.outsource.hulu.util.shiro.MyShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <!-- override these for application-specific URLs if you like:-->
        <property name="loginUrl" value="/loginform"/>
        <property name="successUrl" value="/"/>
        <property name="unauthorizedUrl" value="/unauthed"/>
<!-- ..... -->
</bean>