huoyunp 2018-03-13
用户名的共享内存key设置,不再用cookie,key用requestid,shiro requset获取不到就用mvc的request
由于有些请求不在shiro权限范围,shiro实体获取不到,所以request获取不到,但是mvc的requestid一定有,都是一样的,他们只是包装关系
cookie的方式不再用,有时嵌套iframe获取不到,延时等原因
例如
itm/cust/dispatchCustomListQuery.action=authc/anon 没有放入权限控制,所以他调用拿teamId()shiro为空了 对
/itm/zhijianapp/queryDaiZhiJian.action=authc
set代码:
HttpServletRequest request= (HttpServletRequest) servletRequest;
String jsession = request.getRequestedSessionId();
//((RemoteSessionRequest)((ShiroHttpServletRequest)request).getRequest()).getSession().setAttribute(jsession+"username",userName);
WebSession webSession= WebSessionManager.getInstance().getSession(jsession+"username");
if(webSession==null){
webSession=WebSessionManager.getInstance().createSession(jsession+"username");
}else{
webSession=WebSessionManager.getInstance().getSession(jsession+"username");
}
webSession.setAttribute(jsession+"username", userName);
get代码:
HttpServletRequest request1 =(HttpServletRequest) ((WebSubject)SecurityUtils.getSubject()).getServletRequest();//由于这个方法有比较乱的调用,导致shiro有时为空
此时requestid即jsessionid找不到,直接用action的request获取即可
// ShiroHttpServletRequest srequest=(ShiroHttpServletRequest) ((StrutsRequestWrapper) ServletActionContext.getRequest()).getRequest();
HttpServletRequest srequest=(HttpServletRequest)ServletActionContext.getRequest();
String jsession=srequest.getRequestedSessionId();
System.out.print("===========getTeamId jsession");
System.out.print("===========getTeamId jsession========="+jsession);
//cookie的方式不再用,有时嵌套iframe获取不到,延时等原因
Cookie[] cookies = request1.getCookies();
String username=getCookieValue(cookies, "username");
WebSession webSession= WebSessionManager.getInstance().getSession(jsession+"username");
if(webSession==null){
webSession=WebSessionManager.getInstance().createSession(jsession+"username");
}else{
webSession=WebSessionManager.getInstance().getSession(jsession+"username");
}
username =webSession.getAttribute(jsession+"username")+"";