renren-security shiro登录态失效时HTTPS自动跳转失败解决方案

直接拉下来的源码很棒，后来上线后发现https环境下，shiro失效了自动跳转登录页会无反应，浏览器控制台提示报错，https下无法跳转http链接(大概这个意思)，现建议官方修正，本人的解决方案如下。 [hr] 1.维护一个RedirectResponseWrapper [pre] package io.renren.common.filter; /** * 功能描述: <br> * * @since: 1.0.0 * @Author:Created By KURO * @Date: 2020/02/23 16:21 */ import org.apache.commons.lang.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; public class RedirectResponseWrapper extends HttpServletResponseWrapper { private static Logger log = LogManager.getLogger(LogManager.ROOT_LOGGER_NAME); private final HttpServletRequest request; public RedirectResponseWrapper(final HttpServletRequest inRequest, final HttpServletResponse response) { super(response); this.request = inRequest; } @Override public void sendRedirect(final String pLocation) throws IOException { if (StringUtils.isBlank(pLocation)) { super.sendRedirect(pLocation); return; } try { final URI uri = new URI(pLocation); if (uri.getScheme() != null) { super.sendRedirect(pLocation); return; } } catch (URISyntaxException ex) { super.sendRedirect(pLocation); } // !!! FIX Scheme !!! String finalurl = "https://" + this.request.getServerName(); if (request.getServerPort() != 80 && request.getServerPort() != 443) { finalurl += ":" + request.getServerPort(); } finalurl += pLocation; log.info("========= HTTPS shiro重定向跳转：" + finalurl); super.sendRedirect(finalurl); } } [/pre] 2.维护一个过滤器AbsoluteSendRedirectFilter [pre] package io.renren.common.filter; /** * 功能描述: <br> * * @since: 1.0.0 * @Author:Created By KURO * @Date: 2020/02/23 16:19 */ import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class AbsoluteSendRedirectFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { RedirectResponseWrapper redirectResponseWrapper = new RedirectResponseWrapper(request, response); filterChain.doFilter(request, redirectResponseWrapper); } } [/pre] 3.维护一个配置类RedirectFilterConfig [pre] package io.renren.common.config; import io.renren.common.filter.AbsoluteSendRedirectFilter; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; /** * 功能描述: <br> * 解决shiro在https失效跳转http问题 * @since: 1.0.0 * @Author:Created By KURO * @Date: 2020/02/23 16:10 */ @Component @ConditionalOnProperty(name = "project.enable-https", havingValue = "true") // 开启注解才会启动 public class RedirectFilterConfig { @Bean public FilterRegistrationBean registFilter() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(new AbsoluteSendRedirectFilter()); registration.addUrlPatterns("*"); registration.setName("filterRegistrationBean"); registration.setOrder(1); return registration; } } [/pre] 4.在各个环境配置文件中添加以下配置 [pre] # dev环境项目配置，test、prod环境如果是https的域名，将enable-https改为true即可 project: enable-https: false [/pre] 5.最后，修改SysLoginController的logout登出接口 [pre] /** * 退出 */ @RequestMapping(value = "logout", method = RequestMethod.GET) public String logout() { ShiroUtils.logout(); return "redirect:/login.html"; } [/pre]