shiro 配置文件:
<!-- 自定义加入filter,起在remember me session失效情况下刷新session作用 --> <bean id="userSettingFilter" class="org.guess.security.filter.UserSetting" />
在shiroFilter中加入该filter
<property name="filters"> <util:map> <entry key="userSetting" value-ref="userSettingFilter"/> </util:map> </property>
filter类代码:
public class UserSetting extends AccessControlFilter { @Autowired private UserService userService; @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { Subject subject = getSubject(request, response); if (subject == null) { return false; } HttpSession session = ((HttpServletRequest)request).getSession(); User current_user = (User) session.getAttribute(Constants.CURRENT_USER); Object recs = session.getAttribute(Constants.USER_MENUS); //判断session是否失效,若失效刷新之 if(current_user == null || recs == null){ String username = (String) subject.getPrincipal(); User user = userService.findByLoginId(username); session.setAttribute(Constants.CURRENT_USER, user); session.setAttribute(Constants.USER_MENUS, user.getMenus()); } return true; } @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return true; } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { return true; } }
求大师指导更好的解决方法