1.问题描述
因为想实现前后端分离,并且使用shiro进行权限管理
但是碰到一个问题就是shiro的重定向问题
1.未登录,shiro会自动重定向到 /login
2.访问路径无权限,shiro会抛出401 http错误
2.解决
因为我纯粹只想用springBoot写后端api所以就必须kill掉这些问题
通过查资料发现在 org.apache.shiro.web.filter.authz.AuthorizationFilter
下有
onAccessDenied方法,源码:
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = this.getSubject(request, response);
if (subject.getPrincipal() == null) {
this.saveRequestAndRedirectToLogin(request, response);
} else {
String unauthorizedUrl = this.getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
WebUtils.toHttp(response).sendError(401);
}
}
return false;
}
重写此方法即可解决重定向的问题
随即
public class RestAuthorizationFilter extends PermissionsAuthorizationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
response.setContentType("application/Json");
response.setCharacterEncoding("UTF-8");
Subject subject = this.getSubject(request, response);
if (subject.getPrincipal() == null) {
response.getWriter().print(ResponseUtil.response(CodeAndMsgEnum.DIDNOTLOGIN, null));
} else {
String unauthorizedUrl = this.getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
response.getWriter().print(ResponseUtil.response(CodeAndMsgEnum.PERMISSION_FAILD, null));
}
}
return false;
}
}
当无权限/需要登录的的时候返回一个json字符串即可(图中效果为Object.toString() 的效果)
3.最终效果:
未登录:
无权限:
欢迎关注我的博客 小海博客