diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml index f2d5c16d4..d0abcabbe 100644 --- a/ruoyi-admin/src/main/resources/application.yml +++ b/ruoyi-admin/src/main/resources/application.yml @@ -20,8 +20,6 @@ server: servlet: # 应用的访问路径 context-path: / - # http请求头大小 - max-http-header-size: 65536 tomcat: # tomcat的URI编码 uri-encoding: UTF-8 diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java index 2f487fa82..809027036 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java @@ -15,7 +15,6 @@ import org.apache.shiro.io.ResourceUtils; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; -import org.apache.shiro.web.mgt.CookieRememberMeManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.SimpleCookie; import org.springframework.beans.factory.annotation.Qualifier; @@ -28,6 +27,7 @@ import com.ruoyi.common.utils.security.CipherUtils; import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.framework.config.properties.PermitAllUrlProperties; import com.ruoyi.framework.shiro.realm.UserRealm; +import com.ruoyi.framework.shiro.rememberMe.CustomCookieRememberMeManager; import com.ruoyi.framework.shiro.session.OnlineSessionDAO; import com.ruoyi.framework.shiro.session.OnlineSessionFactory; import com.ruoyi.framework.shiro.web.CustomShiroFilterFactoryBean; @@ -369,9 +369,9 @@ public class ShiroConfig /** * 记住我 */ - public CookieRememberMeManager rememberMeManager() + public CustomCookieRememberMeManager rememberMeManager() { - CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); + CustomCookieRememberMeManager cookieRememberMeManager = new CustomCookieRememberMeManager(); cookieRememberMeManager.setCookie(rememberMeCookie()); if (StringUtils.isNotEmpty(cipherKey)) { diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/rememberMe/CustomCookieRememberMeManager.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/rememberMe/CustomCookieRememberMeManager.java new file mode 100644 index 000000000..812309275 --- /dev/null +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/rememberMe/CustomCookieRememberMeManager.java @@ -0,0 +1,79 @@ +package com.ruoyi.framework.shiro.rememberMe; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.apache.shiro.subject.PrincipalCollection; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.SubjectContext; +import org.apache.shiro.web.mgt.CookieRememberMeManager; +import com.ruoyi.common.core.domain.entity.SysRole; +import com.ruoyi.common.core.domain.entity.SysUser; +import com.ruoyi.common.utils.spring.SpringUtils; +import com.ruoyi.framework.shiro.service.SysLoginService; + +/** + * 自定义CookieRememberMeManager + * + * @author ruoyi + */ +public class CustomCookieRememberMeManager extends CookieRememberMeManager +{ + /** + * 记住我时去掉角色的permissions权限字符串,防止http请求头过大。 + */ + @Override + protected void rememberIdentity(Subject subject, PrincipalCollection principalCollection) + { + Map> rolePermissions = new HashMap<>(); + // 清除角色的permissions权限字符串 + for (Object principal : principalCollection) + { + if (principal instanceof SysUser) + { + List roles = ((SysUser) principal).getRoles(); + for (SysRole role : roles) + { + rolePermissions.put(role, role.getPermissions()); + role.setPermissions(null); + } + } + } + byte[] bytes = convertPrincipalsToBytes(principalCollection); + // 恢复角色的permissions权限字符串 + for (Object principal : principalCollection) + { + if (principal instanceof SysUser) + { + List roles = ((SysUser) principal).getRoles(); + for (SysRole role : roles) + { + role.setPermissions(rolePermissions.get(role)); + } + } + } + rememberSerializedIdentity(subject, bytes); + } + + /** + * 取记住我身份时恢复角色permissions权限字符串。 + */ + @Override + public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext) + { + PrincipalCollection principals = super.getRememberedPrincipals(subjectContext); + if (principals == null || principals.isEmpty()) + { + return principals; + } + for (Object principal : principals) + { + if (principal instanceof SysUser) + { + SpringUtils.getBean(SysLoginService.class).setRolePermission((SysUser) principal); + } + } + return principals; + } +}