南木野
2022-01-20 17:11
采纳率: 100%
浏览 99
已采纳

springboot使用shiro+jwt验证 前端每次携带jwt发送请求 都会进行重新登录一次并生成新的session

在自己的filter里确实是每次jwt验证成功都是去登录一次 但是我不知道该怎么改代码才能知道当前用户已经登录过了 有什么解决办法吗

JwtFilter
@Component
public class JwtFilter extends AuthenticatingFilter {
    @Autowired
    JwtUtils jwtUtils;

    //验证token
    @Override
    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        //获取头部token
        String jwt = request.getHeader("Authorization");
        if (StringUtils.isEmpty(jwt)) {
            return null;
        }
        return new JwtToken(jwt);
    }

    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        //获取头部token
        String jwt = request.getHeader("Authorization");
        if (StringUtils.isEmpty(jwt)) {
            return true;
        } else {
            //校验jwt
            Claims claims = jwtUtils.getClaimByToken(jwt);
            //校验是否为空和时间是否过期
            if (claims == null || jwtUtils.isTokenExpired(claims.getExpiration())) {
                throw new ExpiredCredentialsException("token已失效,请重新登录");

            }
            //执行登录
            return executeLogin(servletRequest, servletResponse);
        }
    }

    //捕捉错误重写方法返回Result
    @Override
    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        Throwable throwable = e.getCause() == null ? e : e.getCause();

        Result result = Result.fail(throwable.getMessage());
        //返回json
        String json = JSONUtil.toJsonStr(result);
        try {
            //打印json
            httpServletResponse.getWriter().print(json);
        } catch (IOException ioException) {

        }

        return false;
    }

    @Override
    public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        HttpServletRequest httpServletRequest = WebUtils.toHttp(request);
        HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
        httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
        // 跨域时会首先发送一个OPTIONS请求,这里我们给OPTIONS请求直接返回正常状态
        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            httpServletResponse.setStatus(org.springframework.http.HttpStatus.OK.value());
            return false;
        }

        return super.onPreHandle(request, response, mappedValue);
    }
}

问题:每次发送请求都会在redis里存一次session 

46) "shiro:session:af3e623a-b436-4162-a26d-132357f70b05"
47) "shiro:session:d2fb13ef-bc16-40fc-8d30-284cfef1433d"
48) "shiro:session:b27cb66d-f5c9-44e7-a65c-4fdc4927dc8a"
49) "shiro:session:fd3df643-d01b-42c0-95db-f63206eea322"
50) "shiro:session:453f8bbe-0aa6-4044-b669-cb9841739fb6"
51) "shiro:session:7fb4d472-2a4e-4059-a5eb-85b2a0d3e562"
52) "shiro:session:6f6be073-20af-4176-b1f6-b80cbf4a7824"
53) "shiro:session:c91ca527-f07d-4489-b1ff-227e730ef591"
54) "shiro:session:d4ced3fe-108a-4f3d-b3c2-f6a876648001"
55) "shiro:session:35934805-6545-4895-9e44-c62e6850715a"
56) "shiro:session:6f173941-0b3a-4258-9a97-a0834ec1a045"

3条回答 默认 最新

相关推荐 更多相似问题