因此extends,覆盖相应方法,把添加JSESSIONID部分去掉。
public class MyShiroHttpServletResponse extends ShiroHttpServletResponse { public MyShiroHttpServletResponse(HttpServletResponse wrapped, ServletContext context, ShiroHttpServletRequest request) { super(wrapped, context, request); } @Override protected String toEncoded(String url, String sessionId) { if ((url == null) || (sessionId == null)) return (url); String path = url; String query = ""; String anchor = ""; int question = url.indexOf('?'); if (question >= 0) { path = url.substring(0, question); query = url.substring(question); } int pound = path.indexOf('#'); if (pound >= 0) { anchor = path.substring(pound); path = path.substring(0, pound); } StringBuilder sb = new StringBuilder(path); // if (sb.length() > 0) { // session id param can't be first. // sb.append(";"); // sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME); // sb.append("="); // sb.append(sessionId); // } sb.append(anchor); sb.append(query); return (sb.toString()); } }
扩展ShiroFilterFactoryBean, 使用新建的MyShiroHttpServletResponse。
public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean { @Override public Class getObjectType() { return MySpringShiroFilter.class; } @Override protected AbstractShiroFilter createInstance() throws Exception { SecurityManager securityManager = getSecurityManager(); if (securityManager == null) { String msg = "SecurityManager property must be set."; throw new BeanInitializationException(msg); } if (!(securityManager instanceof WebSecurityManager)) { String msg = "The security manager does not implement the WebSecurityManager interface."; throw new BeanInitializationException(msg); } FilterChainManager manager = createFilterChainManager(); PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver(); chainResolver.setFilterChainManager(manager); return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver); } private static final class MySpringShiroFilter extends AbstractShiroFilter { protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) { super(); if (webSecurityManager == null) { throw new IllegalArgumentException("WebSecurityManager property cannot be null."); } setSecurityManager(webSecurityManager); if (resolver != null) { setFilterChainResolver(resolver); } } @Override protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) { return new MyShiroHttpServletResponse(orig, getServletContext(), request); } } }
在shiro相关配置里替换成自己的MyShiroFilterFactoryBean(嗯,我是shiro和spring组合用的)
<bean id="shiroFilter" class="com.rudong.outsource.hulu.util.shiro.MyShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <!-- override these for application-specific URLs if you like:--> <property name="loginUrl" value="/loginform"/> <property name="successUrl" value="/"/> <property name="unauthorizedUrl" value="/unauthed"/> <!-- ..... --> </bean>