wr844322684
wr844322684
2021-01-25 17:30

shiro,使用会话Id(sessionId)为token后,是如何验证的呢?

  • spring
  • java

shiro 登录后,设置会话Id(sessionId)为token并返回前端。之后的请求,把token信息通过header带入请求,也没有自定义的拦截器,它是如何每次都验证带入的这个token有效性的呢?感觉和下面的方法有关

public class AdminWebSessionManager extends DefaultWebSessionManager 
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
    String id = WebUtils.toHttp(request).getHeader(“X_Token”);
    if (!StringUtils.isEmpty(id)) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        return id;
    } else {
        return super.getSessionId(request, response);
    }
}
  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

0条回答

为你推荐

换一换