Shiro的Filter拦截器
这时候需要扩展一下Shiro的Filter,主要有AdviceFilter、RolesAuthorizationFilter、PermissionsAuthorizationFilter
- AdviceFilter有点类似SpringMVC中的HandlerInterceptor拦截器,主要用于在访问Controller之前用于判断用户是否登录
- RolesAuthorizationFilter主要扩展了在shiro在认证Roles失败时回调的onAccessDenied方法,用于返回JSON或是重定向,也是需要我们实现的。
- PermissionsAuthorizationFilter主要是认证perms资源,也是一样重写onAccessDenied方法
- 可以看到AccessControllerFilter主要是Shiro控制认证和授权的过滤器
下图为Shiro的Filter关系图
登录拦截器:
import com.alibaba.fastjson.JSONObject; import cxtech.insurance.entity.AdminUser; import cxtech.insurance.enumeration.SessionKeyEnum; import cxtech.insurance.utils.JsonResult; import org.apache.commons.lang.StringUtils; import org.apache.shiro.web.servlet.AdviceFilter; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * @author star * @since 6/25/2018 1:15 PM */ public class ShiroLoginFilter extends AdviceFilter { /** * 在访问controller前判断是否登录,返回json,不进行重定向。 * @param request * @param response * @return true-继续往下执行,false-该filter过滤器已经处理,不继续执行其他过滤器 * @throws Exception */ @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; AdminUser adminUser = (AdminUser) httpServletRequest.getSession().getAttribute(SessionKeyEnum.ADMIN_LOGIN_INFO.getKey()); if (null == adminUser && !StringUtils.contains(httpServletRequest.getRequestURI(), "/login")) { String requestedWith = httpServletRequest.getHeader("X-Requested-With"); if (StringUtils.isNotEmpty(requestedWith) && StringUtils.equals(requestedWith, "XMLHttpRequest")) {//如果是ajax返回指定数据 JsonResult jsonResult=new JsonResult(false,"登录超时,请重新登录"); httpServletResponse.setCharacterEncoding("UTF-8"); httpServletResponse.setContentType("application/json"); httpServletResponse.getWriter().write(JSONObject.toJSONString(jsonResult)); return false; } else {//不是ajax进行重定向处理 httpServletResponse.sendRedirect(httpServletRequest.getContextPath()+"/admin/login"); return false; } } return true; } }
<bean id="shiroLoginFilter" class="cxtech.insurance.interceptor.ShiroLoginFilter"/>
<property name="filters"> <map> <entry key="user" value-ref="shiroLoginFilter"/> </map> </property>