1,如果一个文件夹下面的url可以有多个角色访问,则需要:
新建一个MyRolesAuthorizationFilter.java
在shiro.ini的[main]下面配置roles = com.pengchuntao.util.MyRolesAuthorizationFilter
在shiro.ini的[urls]下面配置/generalUser/** = roles[admin,generaluser]
这样就能表示WebContent/generalUser/下面所有的资源则admin,generaluser两个角色都能访问
默认情况下,shiro并不支持,必须要新建一个过滤器
2,
package com.pengchuntao.util;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
public class MyRolesAuthorizationFilter extends AuthorizationFilter {
@SuppressWarnings({ "unchecked" })
public boolean isAccessAllowed(ServletRequest request,
ServletResponse response, Object mappedValue) throws IOException {
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
// no roles specified, so nothing to check - allow access.
return false;
}
List<String> roles = CollectionUtils.asList(rolesArray);
boolean[] hasRoles = subject.hasRoles(roles);
for (boolean hasRole : hasRoles) {
if (hasRole) {
return true;
}
}
return false;
}
}