大家好，我是烤鴨：

? ? 最近使用shiro，遇到如下問題：

嚴重: Servlet.service() for servlet [dispatcherServlet] in context with path [/etc] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. ?A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. ?This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. ?Because an identity is currently not known due to any of these conditions, authorization is denied.] with root cause

?

1.? ? 場景介紹

? ? 項目是前后端分離的，接口用postman自測的時候是沒有問題的。但是前端登錄后訪問有權限限制的接口會報錯。

? ? 前端是 react 項目，后端是 springboot 項目。

?

2.? ? 原因猜想

? ? 可能是前端每次請求并沒有攜帶cookie。由于前端項目本地啟動請求后端項目需要使用代理。

? ? 默認訪問的域名應該是localhost:3000

?

3.? ?解決方式

? ?如果前端聯調的是測試環境，建議將前端項目也部署測試環境，并且和后端項目部署在同一個域名下（nginx配置一下就可以了）。這種就不存在跨域和攜帶cookie的問題了。

? ?如果前端聯調的是開發同學的本地環境。需要前后端都做一些修改。

前端：

? ? ?fetch請求默認不攜帶cookie

增加

credentials: "include"? ?

var myHeaders = new Headers();fetch(url, {method: 'GET',headers: myHeaders,credentials: "include"})

withCredentials:?true

var xhr = new XMLHttpRequest(); xhr.withCredentials = true;

后端：

? ? 如果是和本地聯調，肯定存在跨域問題。需要設置? Access-Control-Allow-Origin 為指定ip，不能設置為 * 。

? ? 瀏覽器的安全角度 如果設置 為 * ，是不能攜帶cookie的。

? ? 本例中如下設置。(Access-Control-Allow-Origin 設置 為 localhost:3000)

@Configuration public class CorsConfig implements WebMvcConfigurer {private CorsConfiguration buildConfig() {CorsConfiguration corsConfiguration = new CorsConfiguration();corsConfiguration.addAllowedHeader("*"); // 允許任何頭corsConfiguration.addAllowedOrigin("localhost:3000"); // 允許任何頭corsConfiguration.addAllowedMethod("*"); // 允許任何方法（post、get等）return corsConfiguration;}@Beanpublic CorsFilter corsFilter() {UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();source.registerCorsConfiguration("/**", buildConfig()); // 對接口配置跨域設置return new CorsFilter(source);}} @Overridepublic void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {//每一次的請求先校驗cookieHttpServletRequest reqeust = (HttpServletRequest)req;HttpServletResponse response = (HttpServletResponse) res;response.setHeader("Access-Control-Allow-Origin", "localhost:3000");response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");response.setHeader("Access-Control-Max-Age", "3600");response.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");chain.doFilter(req, res);}

總結：

? ? 最開始前端說后端接口訪問不同，想到是shiro的問題，但是第一時間并沒有想到cookie的問題。?

? ? 找到問題比較慢，解決問題也是。最好的方式就是都部署到測試環境，避免跨域的問題出現就好了。

?

總結

以上是生活随笔為你收集整理的This subject is anonymous - it does not have any identifying principals and authorization operations的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。