需求:
springboot结合shiro,开启端口登录拦截,shiro会自动返回302(记不清了),项目需求要返回自己封装的result,code 401
主要借鉴:
http://chenrd.com/detail-141.html
实现
新建类:
public class ShiroLoginFilter extends FormAuthenticationFilter {
/**
* 在访问controller前判断是否登录,返回json,不进行重定向。
*
* @param request
* @param response
* @return true-继续往下执行,false-该filter过滤器已经处理,不继续执行其他过滤器
* @throws Exception
*/
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
//这里是个坑,如果不设置的接受的访问源,那么前端都会报跨域错误,因为这里还没到corsConfig里面
httpServletResponse.setHeader("Access-Control-Allow-Origin", ((HttpServletRequest) request).getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
Result result = new Result(401, "Need to log in frist to access");
httpServletResponse.getWriter().write(JSONObject.toJSON(result).toString());
return false;
}
}
修改
shiroConfig
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filtersMap = shiroFilterFactoryBean.getFilters();
filtersMap.put("authc", new ShiroLoginFilter());
shiroFilterFactoryBean.setFilters(filtersMap);
Map<String, String> filterMap = new LinkedHashMap<>();
//正常权限管理设置
//修改跳转页面
shiroFilterFactoryBean.setLoginUrl("/api/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/api/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}