如需参考AccessControlFilter详细讲解请参考https://jinnianshilongnian.iteye.com/blog/2025656
简单配置如下:
配置文件:
<bean id="shiroAccess" class="com.util.ShiroAccess"> //对应自定义的拦截去
<property name="usernameParam" value="userid"/>
<property name="rememberMeParam" value="remember_me"/>
<property name="loginUrl" value="/login" /><!-- 登录地址 -->
</bean>
<!-- Shiro Filter 对应web.xml的配置-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" /><!-- 登录地址 -->
<property name="filters">
<map key-type="java.lang.String">
<entry key="authc" value-ref="shiroAccess"></entry>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/login = anon
/account/** = anon
/ajaxLoginCheck = anon
/api/**/** = anon
/res/** = anon
/gt-ui/** = anon
/webjars/** = anon
/doc.html = anon
/department/** = anon
/**/** = anon
</value>
</property>
</bean>
- 自定义拦截器
public class ShiroAccess extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if(this.isLoginRequest(request, response)) { //当前请求是否是登录请求
if(this.isLoginSubmission(request, response)) { //判断请求是否是post方法
return this.executeLogin(request, response); //执行登录验证
} else {
return true;
}
} else {
if(isAjax(request)){
Map<String,Object> result=new HashMap<String,Object>();
result.put(“result”,false);
result.put(“code”,“40001”);
response.getWriter().print(JsonUtils.toJsonStr(result));
}else{
this.saveRequestAndRedirectToLogin(request, response); //将当前请求保存起来并重定向到登录页面
}
return false;
}
}
public static boolean isAjax(ServletRequest request) {
String header = ((HttpServletRequest) request).getHeader(“X-Requested-With”);
if (“XMLHttpRequest”.equalsIgnoreCase(header)) {
System.out.println(“当前请求为Ajax请求”);
return Boolean.TRUE;
}
System.out.println(“当前请求非Ajax请求”);
return Boolean.FALSE;
}
}