除了通过安全验证的网址,有一些网址我们也不想拦截,比如说Dashboard的网址,但是一个奇怪的现象是:即使在Decorator,Shiro,以及Spring的interceptor里设置了该网址不被拦截,真正运行的时候还是会被拦截,这就要求我们在拦截的代码里强制不去拦截这些网址。
public class SessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
String header =null!=request &&null!=request.getHeader("X-Requested-With")?request.getHeader("X-Requested-With"):null;
List<String> urllist = new ArrayList<String>();
urllist.add("/project/findprojectstatus.shtml");
urllist.add("/refreshTheDashboard.shtml");
if("XMLHttpRequest".equals(header) && !urllist.contains(request.getServletPath())){
if(null==request.getSession().getAttribute(SysConstants.CONS_SESSION_LOGINUSER)){
HttpServletResponse httpServletResponse= (HttpServletResponse) servletResponse;
httpServletResponse.setStatus(402);
AjaxResult ajaxResult = new AjaxResult();
ajaxResult.setCode(AjaxResult.AJAXRESULT_EXCEPTION_CODE);
ajaxResult.setMsg("Please re login");
ObjectMapper objectMapper = new ObjectMapper();
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(ajaxResult));
httpServletResponse.getWriter().close();
}
else {
filterChain.doFilter(servletRequest,servletResponse);
}
}
else {
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}