修复记住我请求头过大的问题

2 months ago · c34d9f0c09
3 changed files with 82 additions and 5 deletions
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@ -20,8 +20,6 @@ server:
  servlet:
    # 应用的访问路径
    context-path: /
-  # http请求头大小
-  max-http-header-size: 65536
  tomcat:
    # tomcat的URI编码
    uri-encoding: UTF-8
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
@ -15,7 +15,6 @@ import org.apache.shiro.io.ResourceUtils;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.CookieRememberMeManager;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.apache.shiro.web.servlet.SimpleCookie;
 import org.springframework.beans.factory.annotation.Qualifier;
@ -28,6 +27,7 @@ import com.ruoyi.common.utils.security.CipherUtils;
 import com.ruoyi.common.utils.spring.SpringUtils;
 import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
 import com.ruoyi.framework.shiro.realm.UserRealm;
+import com.ruoyi.framework.shiro.rememberMe.CustomCookieRememberMeManager;
 import com.ruoyi.framework.shiro.session.OnlineSessionDAO;
 import com.ruoyi.framework.shiro.session.OnlineSessionFactory;
 import com.ruoyi.framework.shiro.web.CustomShiroFilterFactoryBean;
@ -369,9 +369,9 @@ public class ShiroConfig
    /**
     * 记住我
     */
-    public CookieRememberMeManager rememberMeManager()
+    public CustomCookieRememberMeManager rememberMeManager()
    {
-        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
+        CustomCookieRememberMeManager cookieRememberMeManager = new CustomCookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        if (StringUtils.isNotEmpty(cipherKey))
        {
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/rememberMe/CustomCookieRememberMeManager.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/rememberMe/CustomCookieRememberMeManager.java
@ -0,0 +1,79 @@
+package com.ruoyi.framework.shiro.rememberMe;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.SubjectContext;
+import org.apache.shiro.web.mgt.CookieRememberMeManager;
+import com.ruoyi.common.core.domain.entity.SysRole;
+import com.ruoyi.common.core.domain.entity.SysUser;
+import com.ruoyi.common.utils.spring.SpringUtils;
+import com.ruoyi.framework.shiro.service.SysLoginService;
+
+/**
+ * 自定义CookieRememberMeManager
+ *
+ * @author ruoyi
+ */
+public class CustomCookieRememberMeManager extends CookieRememberMeManager
+{
+    /**
+     * 记住我时去掉角色的permissions权限字符串，防止http请求头过大。
+     */
+    @Override
+    protected void rememberIdentity(Subject subject, PrincipalCollection principalCollection)
+    {
+        Map<SysRole, Set<String>> rolePermissions = new HashMap<>();
+        // 清除角色的permissions权限字符串
+        for (Object principal : principalCollection)
+        {
+            if (principal instanceof SysUser)
+            {
+                List<SysRole> roles = ((SysUser) principal).getRoles();
+                for (SysRole role : roles)
+                {
+                    rolePermissions.put(role, role.getPermissions());
+                    role.setPermissions(null);
+                }
+            }
+        }
+        byte[] bytes = convertPrincipalsToBytes(principalCollection);
+        // 恢复角色的permissions权限字符串
+        for (Object principal : principalCollection)
+        {
+            if (principal instanceof SysUser)
+            {
+                List<SysRole> roles = ((SysUser) principal).getRoles();
+                for (SysRole role : roles)
+                {
+                    role.setPermissions(rolePermissions.get(role));
+                }
+            }
+        }
+        rememberSerializedIdentity(subject, bytes);
+    }
+
+    /**
+     * 取记住我身份时恢复角色permissions权限字符串。
+     */
+    @Override
+    public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext)
+    {
+        PrincipalCollection principals = super.getRememberedPrincipals(subjectContext);
+        if (principals == null || principals.isEmpty())
+        {
+            return principals;
+        }
+        for (Object principal : principals)
+        {
+            if (principal instanceof SysUser)
+            {
+                SpringUtils.getBean(SysLoginService.class).setRolePermission((SysUser) principal);
+            }
+        }
+        return principals;
+    }
+}