配置myFilter
@Bean("shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
// 加入自定义拦截器
Map<String, Filter> filters = shiroFilter.getFilters();
filters.put("myFilter",new MyFilter());
shiroFilter.setFilters(filters);
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/statics/**", "anon");
filterMap.put("/swagger/**", "anon");
filterMap.put("/login.html", "anon");
filterMap.put("/sys/login", "anon");
filterMap.put("/favicon.ico", "anon");
filterMap.put("/captcha.jpg", "anon");
filterMap.put("/zjy/refundResult", "anon");
filterMap.put("/ryx/order/receiveNotify", "anon");
filterMap.put("/**", "myFilter"); // 如果此处仍是authc则自定义拦截器无效。此处authc改为myFilter,因为myFilter继承了该类了
shiroFilter.setLoginUrl("/login.html");
shiroFilter.setUnauthorizedUrl("/");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
自定义Filter类
public class MyFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
if (isAjax(request)) {
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
Map<String, Object> resultData = new HashMap<>();
resultData.put("code",403);
resultData.put("message","认证失效,请刷新后重新登录");
httpServletResponse.getWriter().write(JSONObject.toJSON(resultData).toString());
} else {
//saveRequestAndRedirectToLogin(request, response);
/**
* @Mark 非ajax请求重定向为登录页面
*/
httpServletResponse.sendRedirect("/memoryTask/login.html");
}
return false;
}
/**
* 判断是否是ajax的请求
* @param request
* @return
*/
private boolean isAjax(ServletRequest request){
String header = ((HttpServletRequest) request).getHeader("X-Requested-With");
if("XMLHttpRequest".equalsIgnoreCase(header)){
return Boolean.TRUE;
}
return Boolean.FALSE;
}
}