在实际项目上,我们针对不同的用户(guste,user,admin,mobile user)等等,需要进入不同的页面,比如,手机端用户需要进入Mobile/这个路径下的,这个时候,我们需要自定义拦截url,就比如下面的url:
电脑端用户登录页面 http://localhost:8080/login
而在我们通用的配置中是这样配置的:
/resources/** = anon
/login = anon
/** = authc
这样的配置很明显,不符合我们的要求,那么怎么办呢?下面先看最终的配置的xml,然后一个一个解析:
/resources/** = anon/mobile/checkname = anon
/mobile/login = anon
/mobile/** = mobileAuthc
/login = anon
/** = authc
这里,我们自定义了一个过滤规则:mobileAuthc,然后这个过滤规则对应一个过滤器:mobileFormAuthenticationFilter。
下面是自定义拦截器:
packagecom.unisits.zngkpt.framework.privilegeframe.bojo;importorg.apache.shiro.subject.Subject;importorg.apache.shiro.web.filter.AccessControlFilter;importorg.apache.shiro.web.util.WebUtils;importjavax.servlet.ServletRequest;importjavax.servlet.ServletResponse;importjavax.servlet.http.HttpServletRequest;/***@author:lyy
* @Date: 2014/9/20 13:30
*@version:
* @Description: 自定义url过滤器*/
public class CustomAccessControlFilter extendsAccessControlFilter {privateString mobileLoginUrl;publicString getMobileLoginUrl() {returngetLoginUrl();
}public voidsetMobileLoginUrl(String mobileLoginUrl) {this.mobileLoginUrl =mobileLoginUrl;
}
@Overrideprotected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throwsException {
Subject subject=getSubject(request, response);if (!subject.isAuthenticated() && !subject.isRemembered()) {
WebUtils.issueRedirect(request, response, mobileLoginUrl);return false;
}return true;
}
@Overrideprotected boolean onAccessDenied(ServletRequest request, ServletResponse response) throwsException {
Subject subject=getSubject(request, response);if (!subject.isAuthenticated() && !subject.isRemembered()) {return false;
}return true;
}
}
其实,这个只是针对移动端新增了一个规则,但是普遍性还是不够,如果多个url都用一个过滤规则呢?其实也是可以的,可以自定义一个类,这个类有一个map对的属性,里面是规则,还有一个默认规则。然后根据url的匹配,来设定不同的规则对应不同的url
附录:
shiro的过滤器
Filter Name
Class
anon
org.apache.shiro.web.filter.authc.AnonymousFilter
authc
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic
org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout
org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation
org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms
org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port
org.apache.shiro.web.filter.authz.PortFilter
rest
org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles
org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl
org.apache.shiro.web.filter.authz.SslFilter
user
org.apache.shiro.web.filter.authc.UserFilter