修复记住我请求头过大的问题

ruoyi-admin/src/main/resources/application.yml

@@ -20,8 +20,6 @@ server:
   servlet:
     # 应用的访问路径
     context-path: /
-  # http请求头大小
-  max-http-header-size: 65536
   tomcat:
     # tomcat的URI编码
     uri-encoding: UTF-8

ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java

@@ -15,7 +15,6 @@ import org.apache.shiro.io.ResourceUtils;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.CookieRememberMeManager;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.apache.shiro.web.servlet.SimpleCookie;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -28,6 +27,7 @@ import com.ruoyi.common.utils.security.CipherUtils;
 import com.ruoyi.common.utils.spring.SpringUtils;
 import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
 import com.ruoyi.framework.shiro.realm.UserRealm;
+import com.ruoyi.framework.shiro.rememberMe.CustomCookieRememberMeManager;
 import com.ruoyi.framework.shiro.session.OnlineSessionDAO;
 import com.ruoyi.framework.shiro.session.OnlineSessionFactory;
 import com.ruoyi.framework.shiro.web.CustomShiroFilterFactoryBean;
@@ -369,9 +369,9 @@ public class ShiroConfig
     /**
      * 记住我
      */
-    public CookieRememberMeManager rememberMeManager()
+    public CustomCookieRememberMeManager rememberMeManager()
     {
-        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
+        CustomCookieRememberMeManager cookieRememberMeManager = new CustomCookieRememberMeManager();
         cookieRememberMeManager.setCookie(rememberMeCookie());
         if (StringUtils.isNotEmpty(cipherKey))
         {

ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/rememberMe/CustomCookieRememberMeManager.java

@@ -0,0 +1,79 @@
+package com.ruoyi.framework.shiro.rememberMe;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.SubjectContext;
+import org.apache.shiro.web.mgt.CookieRememberMeManager;
+import com.ruoyi.common.core.domain.entity.SysRole;
+import com.ruoyi.common.core.domain.entity.SysUser;
+import com.ruoyi.common.utils.spring.SpringUtils;
+import com.ruoyi.framework.shiro.service.SysLoginService;
+
+/**
+ * 自定义CookieRememberMeManager
+ *
+ * @author ruoyi
+ */
+public class CustomCookieRememberMeManager extends CookieRememberMeManager
+{
+    /**
+     * 记住我时去掉角色的permissions权限字符串，防止http请求头过大。
+     */
+    @Override
+    protected void rememberIdentity(Subject subject, PrincipalCollection principalCollection)
+    {
+        Map<SysRole, Set<String>> rolePermissions = new HashMap<>();
+        // 清除角色的permissions权限字符串
+        for (Object principal : principalCollection)
+        {
+            if (principal instanceof SysUser)
+            {
+                List<SysRole> roles = ((SysUser) principal).getRoles();
+                for (SysRole role : roles)
+                {
+                    rolePermissions.put(role, role.getPermissions());
+                    role.setPermissions(null);
+                }
+            }
+        }
+        byte[] bytes = convertPrincipalsToBytes(principalCollection);
+        // 恢复角色的permissions权限字符串
+        for (Object principal : principalCollection)
+        {
+            if (principal instanceof SysUser)
+            {
+                List<SysRole> roles = ((SysUser) principal).getRoles();
+                for (SysRole role : roles)
+                {
+                    role.setPermissions(rolePermissions.get(role));
+                }
+            }
+        }
+        rememberSerializedIdentity(subject, bytes);
+    }
+
+    /**
+     * 取记住我身份时恢复角色permissions权限字符串。
+     */
+    @Override
+    public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext)
+    {
+        PrincipalCollection principals = super.getRememberedPrincipals(subjectContext);
+        if (principals == null || principals.isEmpty())
+        {
+            return principals;
+        }
+        for (Object principal : principals)
+        {
+            if (principal instanceof SysUser)
+            {
+                SpringUtils.getBean(SysLoginService.class).setRolePermission((SysUser) principal);
+            }
+        }
+        return principals;
+    }
+}