前后端分离的项目导致了页面的路由是由前端来配置的,不通过shiro来跳转页面。这时候需要给前端返回一个自定义的返回体,来告知前端已经超时或者是没权限。具体步骤如下:
1.自定义一个filter,继承FormAuthenticationFilter,并实现onAccessDenied方法,这个方法就是来实现请求被拒绝的处理的。
import java.io.PrintWriter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import com.cloudplatform.hjy.domain.web.vo.ResponseDataVO;
/**
* 自定义登录超时,由前端路由界面(因为前后分离)
* @author Admin
*
*/
public class ShiroLoginFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setStatus(200);
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter out = httpServletResponse.getWriter();
//ResponseDataVO vo = new ResponseDataVO();
//vo.setCode("403");
//vo.setMessage("登录失效,请重新登录");
//out.println(vo);
JSONObject json = new JSONObject();
json.put("code", "403");
json.put("message", "登录失效,请重新登录");
out.println(json);
out.flush();
out.close();
return false;//return false阻止shiro继续走其他的自定义filter
}
}
2.在shiro的配置类中为ShiroFilterFactoryBean的实例注入这个filter。
@Bean
public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
// 1.创建过滤器工厂
ShiroFilterFactoryBean filterFactory = new ShiroFilterFactoryBean();
// 2.设置安全管理器
filterFactory.setSecurityManager(securityManager);
// 自定义session超时,被拒绝返回前端json数据,而不是跳转登录页面(前后端分离,页面由前端路由,不是后端控制)
LinkedHashMap<String, Filter> myFilter = new LinkedHashMap<>();
myFilter.put("authc", new ShiroLoginFilter());
filterFactory.setFilters(myFilter);// 注入自定义的filter,
// 3.设置过滤器集合
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/static/**", "anon");
……
filterMap.put("/**", "authc");// 当前请求地址必须认证之后可以访问
filterFactory.setFilterChainDefinitionMap(filterMap);
return filterFactory;
}
完活。