目的:通过拦截器实现对部分请求的拦截做自定义的鉴权处理,鉴权不通过时实现json返回
bug:通过继承 PermissionsAuthorizationFilter 实现了自定义的鉴权处理,但是前端报错302并做了请求转发
配置
1、在 ShrioConfig 定义的 shiroFilter
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login.jsp");
// 未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth.jsp");
// 自定义拦截器
Map<String, Filter> filters = new HashMap<>();
//自定义拦截实现
filters.put("silence",new SilenceFilter());
//认证拦截
filters.put("authc",new AuthcFilter());
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> filterMap = new LinkedHashMap<String, String>();
filterMap.put("/aaaaa/**","silence");
filterMap.put("/bbbbb/**","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
2、实现shiroFilter
public class SilenceFilter extends PermissionsAuthorizationFilter {
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws IOException {
if("这里加自定义的校检"){
//false时会走下面的 onAccessDenied
return false;
}
return super.isAccessAllowed(request, response, mappedValue);
}
/**
* 这里必须要重写 onAccessDenied ,要不然上面return false时走的是 AuthorizationFilter 的 onAccessDenied 这里定义的鉴权不通过,会重定向到 /unAuth.jsp
* 解决响应302问题,返回json
*/
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
if(这里加自定义的校检){
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
HttpServletRequest httpServletRequest = (HttpServletRequest)request;
httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
JSONObject result = new JSONObject();
result.put("success",false);
result.put("message", "错误");
httpServletResponse.getOutputStream().write(result.toString().getBytes());
httpServletResponse.getOutputStream().close();
}
return false;
}