shiro 并没有配置 rememberMe相关配置 , 但是在浏览器cookie里却有 rememberMe ,造成session过期,一刷新浏览器又能继续访问需要认证的链接, 求大神指导. 小弟在此谢过了.
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd ">
<!-- -->
<property name="filterChainDefinitions" >
<value>
<!-- 静态资源匿名访问 -->
/images/** = anon
/js/** = anon
/styles/** = anon
/image/** = anon
/script/** = anon
/style/** = anon
<!-- 必须将登录action 及登录提交action匿名 -->
/home/index.action*= anon
/loginsubmit.action* = anon
<!-- /validatecode.jsp* = anon -->
<!-- 退出登陆的地址,shiro去清楚session -->
/home/logout.action = logout
<!-- /cgd/addcgd.action = perms["cgd/addcgd.act"] -->
<!-- 如果设置 Cookie 记住我, 则不能使用此user过滤器,还会拦截 -->
/index.jsp* = user
<!-- /first.action* = user -->
<!-- /welcome.action* = user -->
<!-- /getmenus.action* = user -->
<!-- 所有的URL都必须认证通过才能访问, -->
/** = authc
<!-- 所有的url 都可以匿名访问 -->
<!-- /** = anon -->
</value>
</property>