这里在项目需求完成的过程
以前没有权限直接跳转403.html
这样代码非常不灵活
而且前端如果不是html的页面没有权限经常跳不到403的页面
会报一个302的错误
我这里想重写下这个配置后直接跳转到403页面的方式
最好能够返回一段json
这样我前端直接判断json中的数据后前端做跳转到403页面
找了一下shiro中页面重定向的代码是这个AccessControlFilter中的onAccessDenied的方法
这里我们来重写改造这个方法
先放代码
package com.crsri.config;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import com.alibaba.fastjson.JSONObject;
public class MyPermsFilter extends AuthorizationFilter{
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse) response;
Subject subject = getSubject(request, response);
// If the subject isn't identified, redirect to login URL
if (subject.getPrincipal() == null) {
saveRequestAndRedirectToLogin(request, response);
} else {
resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
resp.setHeader("Access-Control-Allow-Credentials", "true");
resp.setContentType("application/json; charset=utf-8");
resp.setCharacterEncoding("UTF-8");
PrintWriter out = resp.getWriter();
JSONObject map = new JSONObject();
map.put("code",403);
map.put("msg", "权限不足");
map.put("data", null);
out.println(map);
out.flush();
out.close();
return false;
// If subject is known but not authorized, redirect to the unauthorized URL if there is one
// If no unauthorized URL is specified, just return an unauthorized HTTP status code
/*String unauthorizedUrl = getUnauthorizedUrl();*/
/*String unauthorizedUrl ="/403.html";*/
//SHIRO-142 - ensure that redirect _or_ error code occurs - both cannot happen due to response commit:
/* if (StringUtils.hasText(unauthorizedUrl)) {*/
/* WebUtils.issueRedirect(request, response, unauthorizedUrl);
System.out.println("我要回显数据");
} else {
WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}*/
}
return false;
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
// TODO Auto-generated method stub
return false;
}
}
然后逐个讲讲
这样就可以了
如果没有权限的html操作就可以返回这
如果是ajax的请求就可以给个弹窗提示