一、shiro配置文件中拦截器关联,未完待续…
<bean name="shiroFilterChainDefinitions" class="java.lang.String">
<constructor-arg>
<value>
/static/** = anon
/baseSecurity/encryption = anon
/login/logout = logout
/login/userLogin =login
/main/register = anon
/sys/user/userAdd = anon
/sys/** = user
/** = user
</value>
</constructor-arg>
</bean>
<!-- 安全认证过滤器 -->
<bean id="shiroFilter"
//主要的拦截器,上面的shiroFilterChainDefinitions是自定义的,注入到里面class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
//property的name代表各路操作,例loginUrl配置登录页,跳到/login/userLogin中;value的值匹配shiroFilterChainDefinitions中的value,shiroFilterChainDefinitions中的value=的是权限
<property name="loginUrl" value="/login/userLogin"/>
<property name="successUrl" value="/sys/security/successLogin"/>
<property name="unauthorizedUrl" value="/main/anonLogin"/>
<property name="filters">//shiroFilterChainDefinitions自定义属性配置自定义的拦截器类
<map>
<!--<entry key="ssl" value-ref="sslFilter"/>-->
<entry key="login">
<bean class="smarteffect.com.security.SinosoftLoginFilter">
<property name="usernameParam" value="loginName"/>
<property name="rememberMeParam" value="rememberMe"/>
</bean>
</entry>
<entry key="user">
<bean id="sinosoftUserFilter" class="smarteffect.com.security.SinosoftUserFilter">
<property name="accessDeniedUrl" value="/main/login"/>
</bean>
</entry>
<entry key="logout">
<bean class="smarteffect.com.security.SinosoftLogoutFilter">
<property name="redirectUrl" value="/main/index"/>
</bean>
</entry>
</map>
</property>
<property name="filterChainDefinitions">
<ref bean="shiroFilterChainDefinitions"/>
</property>
</bean>
二、SinosoftUserFilter extends UserFilter,UserFilter extends AccessControlFilter
都覆写其父类的isAccessAllowed(ServletRequest var1, ServletResponse var2, Object var3)
和onAccessDenied(ServletRequest var1, ServletResponse var2) ;
其中isAccessAllowed方法在浏览网页时,不管是刚打开,还是登录,点击出现新网页都会被拦截进入这个方法,被调用,使用频繁。
三、SinosoftAuthorizingRealm extends AuthorizingRealm,登录时被拦截进入此类中protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)方法,获得token