public class AnyRolesFilter extends AccessControlFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
String[] roles = (String[]) mappedValue;
if(roles != null){
for(String role:roles){
if(getSubject(request,response).hasRole(role)){
return true;
}
}
}
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//如果登陆了还没权限则表示真的权限
if(getSubject(request, response).isAuthenticated()){
WebUtils.issueRedirect(request,response,"/unauthorized.jsp");
}else{
//可能是没登陆才没权限
WebUtils.issueRedirect(request,response,"/login.jsp");
}
return false;
}
}
ini配置:
[filters]
anyRoles=com.test.shiro.filter.AnyRolesFilter
[urls]
/user=authc,anyRoles[user,admin]