Shiro去掉登录时url里的JSESSIONID，允许分号中文参数

　　Shiro升级1.8之后默认不允许中文参数，以及分号(;)参数，导致系统首次打开时，因带有;JSESSIONID=参数，系统出现400错误页面。
　　配置允许;号参数后即可解决，如果想要去掉JSESSIONID参数，可按如下方式处理 一、去掉登录时url里面的JSESSIONID参数    @Bean     @ConditionalOnMissingBean     public DefaultWebSessionManager sessionManager(ShiroProp shiroProp) {         DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();         // 去掉shiro登录时url里的JSESSIONID         sessionManager.setSessionIdUrlRewritingEnabled(false);         return sessionManager;     }      @Bean     @ConditionalOnMissingBean     public org.apache.shiro.mgt.SecurityManager securityManager(EhCacheManager cacheManager,                                                                 RememberMeManager rememberMeManager, AbstractShiroDbRealm shiroDbRealm,                                                                 SessionManager sessionManager, ShiroProp shiroProp) {         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();         // 设置realm.         securityManager.setRealm(shiroDbRealm);         securityManager.setCacheManager(cacheManager);         securityManager.setRememberMeManager(rememberMeManager);         // 设置sessionManager，去掉shiro登录时url里的JSESSIONID         securityManager.setSessionManager(sessionManager);         return securityManager;     } 二、允许分号/中文参数
　　重写invalidRequest过滤器，允许;号参数以及中文参数
　　1）定义InvalidRequestFilter bean对象 2）配置shiroFilter对象，重新配置invalidRequest过滤器     private InvalidRequestFilter invalidRequestFilter(){         InvalidRequestFilter invalidRequestFilter = new InvalidRequestFilter();         //允许中文参数地址         invalidRequestFilter.setBlockNonAscii(false);         //允许地址带分号;         invalidRequestFilter.setBlockSemicolon(false);         return invalidRequestFilter;     }      @ConditionalOnMissingBean     @Bean(＂shiroFilter＂)     public ShiroFilterFactoryBean shirFilter(org.apache.shiro.mgt.SecurityManager securityManager, Section section) {         ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();          // 必须设置 SecurityManager         shiroFilterFactoryBean.setSecurityManager(securityManager);         // 如果不设置默认会自动寻找Web工程根目录下的＂/login.jsp＂页面         shiroFilterFactoryBean.setLoginUrl(＂/login＂);         // 登录成功后要跳转的链接         shiroFilterFactoryBean.setSuccessUrl(＂/index＂);         // 未授权界面;         shiroFilterFactoryBean.setUnauthorizedUrl(＂/403＂);          // 拦截器.         shiroFilterFactoryBean.setFilterChainDefinitionMap(section);         Map filters = new HashMap<>();         // 配置 invalidRequestFilter         filters.put(＂invalidRequest＂, invalidRequestFilter());         shiroFilterFactoryBean.setFilters(filters);         logger.info(＂Shiro拦截器工厂类注入成功＂);         return shiroFilterFactoryBean;     } 三、配置https，跳转后变成http
　　这个问题我试了很久，只有以下方法能解决
　　1）重写过滤器 2）配置nginx，http请求强制转发到https 1、重写过滤器public class MyFormAuthenticationFilter extends FormAuthenticationFilter {      protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {         if (isLoginRequest(request, response)) {             if (isLoginSubmission(request, response)) {                 return executeLogin(request, response);             } else {                 //allow them to see the login page ;)                 return true;             }         } else {             saveRequestAndRedirectToLogin(request, response);             return false;         }     }     // 配置https，跳转后变成http --start     protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException {         saveRequest(request);         redirectToLogin(request, response);     }      protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {         String loginUrl = getLoginUrl();         WebUtils.issueRedirect(request, response, loginUrl, null, true, false);     }     // 配置https，跳转后变成http --end } 2、nginx配置，http请求强制转发到httpsproxy_redirect http:// $scheme://;