您的位置: 首页  >  文章  >  shiro拦截器

shiro拦截器

分类: 文章 2025-02-23 14:15:17

Shiro的Filter拦截器

这时候需要扩展一下Shiro的Filter,主要有AdviceFilter、RolesAuthorizationFilter、PermissionsAuthorizationFilter

  • AdviceFilter有点类似SpringMVC中的HandlerInterceptor拦截器,主要用于在访问Controller之前用于判断用户是否登录
  • RolesAuthorizationFilter主要扩展了在shiro在认证Roles失败时回调的onAccessDenied方法,用于返回JSON或是重定向,也是需要我们实现的。
  • PermissionsAuthorizationFilter主要是认证perms资源,也是一样重写onAccessDenied方法
  • 可以看到AccessControllerFilter主要是Shiro控制认证和授权的过滤器

下图为Shiro的Filter关系图 
shiro拦截器

登录拦截器:

   

import com.alibaba.fastjson.JSONObject;
import cxtech.insurance.entity.AdminUser;
import cxtech.insurance.enumeration.SessionKeyEnum;
import cxtech.insurance.utils.JsonResult;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.web.servlet.AdviceFilter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author star
 * @since 6/25/2018 1:15 PM
 */
public class ShiroLoginFilter extends AdviceFilter {

    /**
     * 在访问controller前判断是否登录,返回json,不进行重定向。
     * @param request
     * @param response
     * @return true-继续往下执行,false-该filter过滤器已经处理,不继续执行其他过滤器
     * @throws Exception
     */
    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        AdminUser adminUser = (AdminUser) httpServletRequest.getSession().getAttribute(SessionKeyEnum.ADMIN_LOGIN_INFO.getKey());
        if (null == adminUser && !StringUtils.contains(httpServletRequest.getRequestURI(), "/login")) {
            String requestedWith = httpServletRequest.getHeader("X-Requested-With");
            if (StringUtils.isNotEmpty(requestedWith) && StringUtils.equals(requestedWith, "XMLHttpRequest")) {//如果是ajax返回指定数据
                JsonResult jsonResult=new JsonResult(false,"登录超时,请重新登录");
                httpServletResponse.setCharacterEncoding("UTF-8");
                httpServletResponse.setContentType("application/json");
                httpServletResponse.getWriter().write(JSONObject.toJSONString(jsonResult));
                return false;
            } else {//不是ajax进行重定向处理
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath()+"/admin/login");
                return false;
            }
        }
        return true;
    }
}
<bean id="shiroLoginFilter" class="cxtech.insurance.interceptor.ShiroLoginFilter"/>
<property name="filters">
    <map>
        <entry key="user" value-ref="shiroLoginFilter"/>
    </map>
</property>

相关推荐