springboot整合shiro实现前后端分离,只要从github上随便拉个shiro项目整合自己的项目都可以实现,但是最后的问题出现了。无法自定义无权限的返回格式,默认如图
而且有些接口没有登录的提示也是默认的,很不友好:
想办法让前端直接从这个里面取信息来统一提示
发现测试环境可以
到了正式环境
什么都拿不到了。找了运维,运维给介绍个大牛,一分钟搞定了。只怨自己太菜,具体如下:
原本只是默认的(不起作用,因为前后端分离不在同一台服务器)
大牛把这行注释了。设置了另一个地方
这个地方是个重点。相当于打开了开关
然后就是new PermFailFilter()中的代码
package com.xxx.financial.xxx.xxx.filter;
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
/**
* @Author: 某阿里大牛
* @Date: 2019/6/20 上午10:27
*/
public class PermFailFilter extends PermissionsAuthorizationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = getSubject(request, response);
// If the subject isn't identified, redirect to login URL
if (subject.getPrincipal() == null) {
//跳转至登录页
saveRequestAndRedirectToLogin(request, response);
} else {
//给前端提示无接口访问权限的错误码
saveRequestAndReturnApiAccessError(request, response);
}
return false;
}
private void saveRequestAndReturnApiAccessError(ServletRequest request, ServletResponse response) {
saveRequest(request);
JSONObject jsonObject = new JSONObject();
jsonObject.put("code", "-108");
jsonObject.put("desc", "无权限请求对应api接口");
try {
flushMsgStrToClient(response, jsonObject);
} catch (Exception e) {
e.printStackTrace();
}
}
@Override
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
JSONObject jsonObject = new JSONObject();
jsonObject.put("code", "-101");
jsonObject.put("desc", "登陆时间过长,请重新登陆");
try {
flushMsgStrToClient(response, jsonObject);
} catch (ServletException e) {
e.printStackTrace();
}
}
public static void flushMsgStrToClient(ServletResponse response, Object object)
throws IOException, ServletException {
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(JSONObject.toJSONString(object));
response.getWriter().flush();
}
}
到此就可以了。具体流程大家一层层看源码吧