package com.sniper.shiro.security.web.interceptor;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.SavedRequest;
import org.apache.shiro.web.util.WebUtils;
public class MyFormAuthenticationFilter extends FormAuthenticationFilter {
/**
* 改写源代码,使得认证成功后跳转到successUrl路径
*/
@Override
protected boolean onLoginSuccess(AuthenticationToken token,
Subject subject, ServletRequest request, ServletResponse response)
throws Exception {
//return super.onLoginSuccess(token, subject, request, response);
String fallbackUrl = this.getSuccessUrl();
String successUrl = null;
boolean contextRelative = true;
SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {
successUrl = savedRequest.getRequestUrl();
contextRelative = false;
}
if(!StringUtils.isEmpty(fallbackUrl) && !AuthenticationFilter.DEFAULT_SUCCESS_URL.equals(fallbackUrl)) {
successUrl = ((HttpServletRequest)request).getContextPath() + fallbackUrl;
}
if (successUrl == null) {
successUrl = this.getSuccessUrl();
}
if (successUrl == null) {
throw new IllegalStateException("Success URL not available via saved request or via the " +
"successUrlFallback method parameter. One of these must be non-null for " +
"issueSuccessRedirect() to work.");
}
WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
return false;
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- Shiro 的Web过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="filters">
<map>
<entry key="authc" value-ref="formAuthenticationFilter" />
</map>
</property>
<!-- 访问所有需要认证的路径都跳转到该地址 -->
<property name="loginUrl" value="/login.do" />
<!-- 认证成功统一跳转到index.do,如果不配置,就跳转到上一请求路径 -->
<property name="successUrl" value="/index.do" />
<!-- 过虑器链,从上向下顺序执行 -->
<property name="filterChainDefinitions">
<value>
<!-- 可匿名访问 -->
/login.jsp = anon
/refuse.jsp = anon
<!-- 静态资源可匿名访问 -->
/images/** = anon
/js/** = anon
<!-- 登出过滤器,自动清空缓存,清空session中数据,不需要有实际的logout方法 -->
/logout.do = logout
<!-- 必须通过认证,默认为FormAuthenticationFilter过滤器 -->
/** = authc
</value>
</property>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
<property name="cacheManager" ref="cacheManager" />
</bean>
<bean id="myRealm" class="com.sniper.shiro.security.realm.MyRealm">
<property name="credentialsMatcher" ref="credentialsMatcher" />
</bean>
<!-- 改写源代码,使得认证成功后跳转到successUrl路径 -->
<bean id="formAuthenticationFilter" class="com.sniper.shiro.security.web.interceptor.MyFormAuthenticationFilter">
<property name="usernameParam" value="username" />
<property name="passwordParam" value="password" />
</bean>
</beans>