参考
https://blog.csdn.net/Anumbrella/article/details/94859351
自定义filter
对于ajax请求,先判断是否有用户信息,没有用户信息的直接返回401给前端。由前端做跳转处理。
@Configuration
@Order(value = 0) // 前置filter,先判断ajax请求
public class FrontFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (CibrUtil.isAjaxRequest(request)){
HttpSession session = request.getSession(false);
if (session != null) {
System.out.println("requst path " + request.getServletPath());
Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
if (assertion != null) {
System.out.println("cas user ---------> " + assertion.getPrincipal().getName());
filterChain.doFilter(servletRequest,servletResponse);
}
}
// 返回401,前端统一处理
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}else {
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}