刚开始使用shiro，发现明明配置的successURL是”/admin/index”，但是最后却跳转到各种奇怪的链接，xx.js,xxx.min.css这类。

我的shiro配置如下：

配置相关截图.png

然后追踪代码，发现登录成功后执行FormAuthenticationFilter的onLoginSuccess方法：

protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,
                                     ServletRequest request, ServletResponse response) throws Exception {
        issueSuccessRedirect(request, response);
        //we handled the success redirect directly, prevent the chain from continuing:
        return false;
    }

其中调用的这个方法：

protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
        WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
    }

public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)
            throws IOException {
        String successUrl = null;
        boolean contextRelative = true;
        SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
        if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {
            successUrl = savedRequest.getRequestUrl();
            contextRelative = false;
        }

        if (successUrl == null) {
            successUrl = fallbackUrl;
        }

        if (successUrl == null) {
            throw new IllegalStateException("Success URL not available via saved request or via the " +
                    "successUrlFallback method parameter. One of these must be non-null for " +
                    "issueSuccessRedirect() to work.");
        }

        WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
    }

successUrl = savedRequest.getRequestUrl();这里会跳转到初次系统访问的地址。比如用户初次访问的是a1/first.html,登录之后将会跳转到该地址。如果没有初次访问的地址，就会访问”/”。

我解决方法是重写FormAuthenticationFilter的onLoginSuccess方法：

我用的是springboot，以配置类的形式配置的。

首先重写：

publicclassMyFormAuthenticationFilter extendsFormAuthenticationFilter{

    @Override

    protectedbooleanonLoginSuccess(AuthenticationToken token, Subject subject,

                                  ServletRequest request, ServletResponse response) throwsException {

        String successUrl = "/admin/access/index.html";//我是直接写死了跳转链接

        WebUtils.issueRedirect(request,response,successUrl);

        returnfalse;//返回false表示执行链结束

    }

}

然后在shiroFilter配置类中加入该filter：

//解决shiro 登录成功后无法正确跳转successUrl的问题，重写Filter

  Map map = newLinkedHashMap();

  map.put("authc",newMyFormAuthenticationFilter());

  shiroFilterFactoryBean.setFilters(map);

TIM图片20180307144056.png

如果是spring 项目，直接在xml文件做响应配置即可。