Shiro和Spring结合对请求路径进行过滤和记住我过滤操作

一，请求路径的过滤器  

SessionExpireFilter.java如下：

package com.innotek.core.support.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;

import com.innotek.core.Constants;


/********
 * 会话超时控制过滤器
 *
 * @author qiuzq
 *         <p/>
 *         类功能： 用于ajax和普通请求，会话超时情况下：
 *         1. ajax进行全局监测complete事件，浏览器通过发现SESSIONSTATUS=TIMEOUT，采取跳转。
 *         2. 普通请求直接进行redirect。
 */

public class SessionExpireFilter extends AccessControlFilter {

    // @Autowired
    // private UserService userService;

    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        HttpSession session = req.getSession();
        // 判断session是否失效
        if (session.getAttribute(Constants.CURRENT_USER) != null) {
            return true;
        }
        // contextPath
        String cxtPath = req.getContextPath();
        // XMLHttpRequest
        String type = req.getHeader("X-Requested-With") == null ? "" : req.getHeader("X-Requested-With");
        // BASEPATH
        String basePath = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort() + cxtPath + "/";
        if (type.equals("XMLHttpRequest")) {
            // 处理ajax请求, 设置响应header：超时标识以及重定向路径
            resp.setHeader("SESSIONSTATUS", "TIMEOUT");
            resp.setHeader("CONTEXTPATH", basePath + "login.jsp");
            // 处理ajax请求, 设置状态 为403  未授权
            resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
        } else {
            // 普通请求直接进行redirect
            resp.sendRedirect(cxtPath + "/login.jsp?TIME_OUT_REQ=1");
        }
        //WEB服务上其他受控资源。
        return false;

    }

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
            throws Exception {
        return true;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        return true;
    }

}

二，shiro.xml的文件配置如下：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:dubbo="http://code.alibabatech.lily.com/schema/dubbo"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
       http://code.alibabatech.lily.com/schema/dubbo http://code.alibabatech.lily.com/schema/dubbo/dubbo.xsd">

    <!-- 拦截器使用对象,使用Spring注入 -->
    <dubbo:reference id="sysUserProvider" interface="com.innotek.provider.sys.SysUserProvider" check="false"/>

    <!-- 这里主要是设置自定义的单Realm应用,若有多个Realm,可使用'realms'属性代替 -->
    <bean id="realm" class="com.innotek.core.support.shiro.Realm"/>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="realm"/>
    </bean>
    <!-- 记录菜单 -->
    <bean id="rememberMenuFilter" class="com.innotek.core.support.filter.RememberMenuFilter">
        <property name="redirectUrl" value="/login.jsp"/>
    </bean>
    <bean id="sessionExpireFilter" class="com.innotek.core.support.filter.SessionExpireFilter" />
    <!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <!-- Shiro的核心安全接口,这个属性是必须的 -->
        <property name="securityManager" ref="securityManager"/>
        <!-- 要求登录时的链接 -->
        <property name="loginUrl" value="/login.jsp"/>
        <!-- 用户访问未对其授权的资源时,所显示的连接 -->
        <property name="unauthorizedUrl" value="/forbidden"/>
        <!-- Shiro连接约束配置,即过滤链的定义 -->
        <!-- anon：它对应的过滤器里面是空的,什么都没做 -->
        <!-- authc：该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
        <property name="filters">
            <util:map>
                <entry key="rememberMenu" value-ref="rememberMenuFilter"></entry>
                <entry key="sessionExpire" value-ref="sessionExpireFilter"></entry>
            </util:map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /login.jsp = anon
                /login=anon
                /noPermission.jsp = anon
                /sunflower/bill/getParkFee*=anon
                /logout = anon
                /*.ico=anon
                /upload/*=anon
                /theme/**=anon
                /unauthorized=anon
                /forbidden=anon
                /**=user,sessionExpire,authc,perms,rememberMenu
            </value>
        </property>
    </bean>

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
</beans>

三、记住点击过的菜单

RememberMenuFilter.java如下：

package com.innotek.core.support.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;

import com.innotek.core.Constants;
import com.innotek.core.support.data.permission.model.UserSession;
import com.innotek.core.util.JsonUtil;
import com.innotek.core.util.RedisUtil;
import com.innotek.core.util.WebUtil;
import com.innotek.model.cfg.generator.Paramter;

/***
 * 记住点击哪个菜单
 */
public class RememberMenuFilter extends AdviceFilter {

	private static Logger logger = Logger.getLogger(RememberMenuFilter.class);
	private String redirectUrl = "/login.jsp";

	@Override
	protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
		HttpServletRequest req = (HttpServletRequest) request;
		UserSession currentUserSession = WebUtil.getCurrentUserSession();
		if (currentUserSession == null) {
			WebUtils.issueRedirect(request, response, getRedirectUrl());
			return false;
		}
		//是否显示工作台
		Integer status = WebUtil.getCurrentUserSession().getShowStatus();
		req.getSession().setAttribute("showStatus", status);
		req.getSession().setAttribute("userName", currentUserSession.getUserName());
		String systemArray = JsonUtil.list2json(WebUtil.getCurrentUserSession()
				.getSystemManageSession());
		req.getSession().setAttribute("systemList", systemArray);
		//返回工作台路径
		Paramter param = (Paramter) RedisUtil.getNoExpiry(Constants.PARAMTER_CACHE + "WORK_URL");
		if (param != null) {
			req.getSession().setAttribute("workUrl", param.getParamValue());
		}
		return true;
	}

	/**
	 * 页面跳转
	 *
	 * @return
	 */
	public String getRedirectUrl() {
		return redirectUrl;
	}

	public void setRedirectUrl(String redirectUrl) {
		this.redirectUrl = redirectUrl;
	}
}

四、然后再spring.xml配置文件中加入

<import resource="spring/shiro-cas.xml"/>

即可，