SpringBoot学习：整合shiro（rememberMe记住我后自动登录session失效解决办法）

定义一个拦截器，判断用户是通过记住我登录时，查询数据库后台自动登录，同时把用户放入session中。

配置拦截器也很简单，Spring 为此提供了基础类WebMvcConfigurerAdapter ，我们只需要重写addInterceptors 方法添加注册拦截器。

实现自定义拦截器只需要3步： 

1、创建我们自己的拦截器类并实现 HandlerInterceptor 接口。

2、创建一个Java类继承WebMvcConfigurerAdapter，并重写 addInterceptors 方法。

3、实例化我们自定义的拦截器，[ssm项目获取下载地址  ]然后将对像手动添加到拦截器链中（在addInterceptors方法中添加）。

package com.sun.configuration;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.io.support.PropertiesLoaderUtils;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Properties;

/**
* Created by sun on 2017-3-21.
*/
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {

/**
* 此方法把该拦截器实例化成一个bean,否则在拦截器里无法注入其它bean
* @return
*/
@Bean
SessionInterceptor sessionInterceptor() {
return new SessionInterceptor();
}
/**
* 配置拦截器
* @param registry
*/
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(sessionInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/login","/permission/userInsert",
"/error","/tUser/insert","/gif/getGifCode");
}

}

package com.sun.configuration;

import com.sun.permission.model.User;
import com.sun.permission.service.PermissionService;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* Created by sun on 2017-4-9.
*/
public class SessionInterceptor implements HandlerInterceptor{
private final Logger logger = Logger.getLogger(SessionInterceptor.class);
@Resource
private PermissionService permissionService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
logger.info("---preHandle---");
System.out.println(request.getContextPath());
Subject currentUser = SecurityUtils.getSubject();
//判断用户是通过记住我功能自动登录,此时session失效
if(!currentUser.isAuthenticated() && currentUser.isRemembered()){
try {
User user = permissionService.findByUserEmail(currentUser.getPrincipals().toString());
//对密码进行加密后验证
UsernamePasswordToken token = new UsernamePasswordToken(user.getEmail(), user.getPswd(),currentUser.isRemembered());
//把当前用户放入session
currentUser.login(token);
Session session = currentUser.getSession();
session.setAttribute("currentUser",user);
//设置会话的过期时间--ms,默认是30分钟，设置负数表示永不过期
session.setTimeout(-1000l);
}catch (Exception e){
//自动登录失败,跳转到登录页面
response.sendRedirect(request.getContextPath()+"/login");
return false;
}
if(!currentUser.isAuthenticated()){
//自动登录失败,跳转到登录页面
response.sendRedirect(request.getContextPath()+"/login");
return false;
}
}
return true;
}

@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
logger.info("---postHandle---");
}

@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
logger.info("---afterCompletion---");
}
}