This subject is anonymous - it does not have any identifying principals and authorization operations
大家好,我是烤鴨:
? ? 最近使用shiro,遇到如下問題:
嚴重: Servlet.service() for servlet [dispatcherServlet] in context with path [/etc] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. ?A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. ?This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. ?Because an identity is currently not known due to any of these conditions, authorization is denied.] with root cause
?
1.? ? 場景介紹
? ? 項目是前后端分離的,接口用postman自測的時候是沒有問題的。但是前端登錄后訪問有權限限制的接口會報錯。
? ? 前端是 react 項目,后端是 springboot 項目。
?
2.? ? 原因猜想
? ? 可能是前端每次請求并沒有攜帶cookie。由于前端項目本地啟動請求后端項目需要使用代理。
? ? 默認訪問的域名應該是localhost:3000
?
3.? ?解決方式
? ?如果前端聯調的是測試環境,建議將前端項目也部署測試環境,并且和后端項目部署在同一個域名下(nginx配置一下就可以了)。這種就不存在跨域和攜帶cookie的問題了。
? ?如果前端聯調的是開發同學的本地環境。需要前后端都做一些修改。
前端:
? ? ?fetch請求默認不攜帶cookie
增加
credentials: "include"? ?
var myHeaders = new Headers();fetch(url, {method: 'GET',headers: myHeaders,credentials: "include"})withCredentials:?true
var xhr = new XMLHttpRequest(); xhr.withCredentials = true;后端:
? ? 如果是和本地聯調,肯定存在跨域問題。需要設置? Access-Control-Allow-Origin 為指定ip,不能設置為 * 。
? ? 瀏覽器的安全角度 如果設置 為 * ,是不能攜帶cookie的。
? ? 本例中如下設置。(Access-Control-Allow-Origin 設置 為 localhost:3000)
@Configuration public class CorsConfig implements WebMvcConfigurer {private CorsConfiguration buildConfig() {CorsConfiguration corsConfiguration = new CorsConfiguration();corsConfiguration.addAllowedHeader("*"); // 允許任何頭corsConfiguration.addAllowedOrigin("localhost:3000"); // 允許任何頭corsConfiguration.addAllowedMethod("*"); // 允許任何方法(post、get等)return corsConfiguration;}@Beanpublic CorsFilter corsFilter() {UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();source.registerCorsConfiguration("/**", buildConfig()); // 對接口配置跨域設置return new CorsFilter(source);}} @Overridepublic void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {//每一次的請求先校驗cookieHttpServletRequest reqeust = (HttpServletRequest)req;HttpServletResponse response = (HttpServletResponse) res;response.setHeader("Access-Control-Allow-Origin", "localhost:3000");response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");response.setHeader("Access-Control-Max-Age", "3600");response.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");chain.doFilter(req, res);}總結:
? ? 最開始前端說后端接口訪問不同,想到是shiro的問題,但是第一時間并沒有想到cookie的問題。?
? ? 找到問題比較慢,解決問題也是。最好的方式就是都部署到測試環境,避免跨域的問題出現就好了。
?
總結
以上是生活随笔為你收集整理的This subject is anonymous - it does not have any identifying principals and authorization operations的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 移动通信网络架构
- 下一篇: c语言反序数1234变4321,C语言编