有两种解决方式:
1.在web.xml文件配置一段欢迎页面:
<welcome-file-list> <welcome-file>/index.do</welcome-file> </welcome-file-list>
2.在自定义表单过滤器MyFormAuthenticationFilter里,添加清除shiro 在sesion存储的上一次访问地址 shiroSavedReques
1 package cn.zj.logistic.shiro; 2 3 import javax.servlet.ServletRequest; 4 import javax.servlet.ServletResponse; 5 import javax.servlet.http.HttpServletRequest; 6 7 import org.apache.commons.lang3.StringUtils; 8 import org.apache.shiro.authc.AuthenticationToken; 9 import org.apache.shiro.session.Session; 10 import org.apache.shiro.subject.Subject; 11 import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; 12 import org.apache.shiro.web.util.WebUtils; 13 14 public class MyFormAuthenticationFilter extends FormAuthenticationFilter { 15 16 @Override 17 protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { 18 19 HttpServletRequest req = (HttpServletRequest) request; 20 21 // 1.获取前台表单提交的验证码 22 String verifyCode = req.getParameter("verifyCode"); 23 24 25 26 String rand = (String) req.getSession().getAttribute("rand"); 27 28 System.out.println("rand :" + rand); 29 30 if (StringUtils.isNotBlank(verifyCode)) { 31 if (!verifyCode.equals(rand.toLowerCase())) { 32 // 共享一个错误信息到 shiroLoginFailure 33 request.setAttribute("shiroLoginFailure", "verifyCodeError"); 34 35 // 返回true,shiro就不再进行下一操作(数据库认证)了,直接返回了 36 return true; 37 } 38 } 39 40 return super.onAccessDenied(request, response); 41 } 42 43 @Override 44 protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, 45 ServletResponse response) throws Exception { 46 47 48 // 1.获取sesssion 49 Session session = subject.getSession(false); 50 if (session != null) { 51 // 清除shiro共享的上一次地址 ://shiroSavedRequest 52 session.removeAttribute(WebUtils.SAVED_REQUEST_KEY); 53 } 54 55 return super.onLoginSuccess(token, subject, request, response); 56 } 57 58 }