springmvc+shiro+angular实现前后端分离
自己做的小项目,登陆成功后获取菜单列表,均为ajax访问。登陆controller有设置subject.login,且在登陆的会话中是有认证的。但是当ajax访问获取菜单列表时,SecurityUtils.getSubject()获取的subject是未认证的,导致访问不到获取菜单列表的controller,并产生跨域问题。以下代码,麻烦大神看下!
shiro配置:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- 登录界面地址 -->
<property name="loginUrl" value="http://localhost:63342/warehouse/app/login.html"/>
<!-- 登录成功后地址 -->
<property name="successUrl" value="http://localhost:63342/warehouse/app/index.html"/>
<!-- 用户权限认证未通过时跳转到的url -->
<property name="unauthorizedUrl" value="http://localhost:63342/warehouse/app/error.html"/>
<!-- 登录权限校验 -->
<property name="filterChainDefinitions">
<value>
<!-- /static/login/** = anon
/static/js/myjs/** = authc
/static/js/** = anon
/uploadFiles/uploadImgs/** = anon
/code.do = anon -->
/user/webLogin.do = anon
<!-- /app**/** = anon
/weixin/** = anon -->
/** = authc
</value>
</property>
</bean>
登陆controller:
public Map<String, Object> webLogin(HttpServletRequest request,HttpServletResponse response,String loginName,String password,String randCode) throws Exception{
logger.debug("user login ");
response.setHeader("Access-Control-Allow-Origin", "*");
response.setContentType("text/json;charset=utf-8");
Map<String,Object> result = new HashMap<String, Object>();
//shiro管理的session
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
User user = new User();
user.setId("1");
user.setIp("1.1.1.1");
user.setLastLoginTime("2016.1.1");
user.setName("test1");
user.setPassword("11111");
user.setRights("all");
user.setRoleId("1");
user.setStatus("test");
user.setUsername("测试");
session.setAttribute("user", user);
//shiro加入身份验证
UsernamePasswordToken token = new UsernamePasswordToken(loginName, password);
token.setRememberMe(true);
try {
subject.login(token);
} catch (AuthenticationException e) {
System.out.println("身份验证失败!");
}
result.put("success", true);
result.put("msg", "登录成功");
return result;
}
获取菜单列表的controller:
public List<String> getAllmenuList(HttpServletResponse response){
response.setHeader("Access-Control-Allow-Origin", "*");
response.setContentType("text/json;charset=utf-8");
System.out.println("getAllmenuList start...");
List<String> menus = new ArrayList<String>();
menus.add("t1");
menus.add("t2");
menus.add("t3");
menus.add("t4");
menus.add("t5");
menus.add("t6");
return menus;
}
shiro自定义realm:
/*
* 登录信息和用户验证信息验证(non-Javadoc)
* @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String)token.getPrincipal(); //得到用户名
String password = new String((char[])token.getCredentials()); //得到密码
if(null != username && null != password){
return new SimpleAuthenticationInfo(username, password, getName());
}else{
return null;
}
}
/*
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法(non-Javadoc)
* @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
return null;
}