Shiro学习(七) Shiro 过滤器
2020-02-24 本文已影响0人
JiangCheng97
Shiro内置过滤器
认证过滤
- anon 不需要任何认证
- authBasic Http认证
- authc 需要认证之后才可以访问
- user 需要当前存在用户才可以访问
- logout 退出
授权过滤
- perms 需要相关权限才可以访问
- roles 需要相关角色才可以访问
- ssl 安全的协议
- port 相关端口
1、在UserController添加相关的接口
@RequestMapping(value = "/testRole",method = RequestMethod.GET)
@ResponseBody
public String testRole(){
return "testRole success";
}
@RequestMapping(value = "/testRole1",method = RequestMethod.GET)
@ResponseBody
public String testRole1(){
return "testRole1 success";
}
@RequestMapping(value = "/testPerms",method = RequestMethod.GET)
@ResponseBody
public String testPerms(){
return "testPerms success";
}
@RequestMapping(value = "/testPerms1",method = RequestMethod.GET)
@ResponseBody
public String testPerms1(){
return "testPerms1 success";
}
2-1、在spring.xml修改shiro过滤器
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"></property>
<property name="loginUrl" value="login.html"></property>
<property name="unauthorizedUrl" value="403.html"></property>
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/testRole = roles["admin"]
<!-- 需要roles里面全部的角色 -->
/testRole1 = roles["admin","admin1"]
/testPerms = perms["user:delete"]
<!-- 需要perms里面全部的权限 -->
/testPerms1 = perms["user:delete","user:update"]
/* = authc
</value>
</property>
</bean>
2-2、自定义filter
package com.zjc.filter;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class RolesOrFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
Subject subject = getSubject(request,response);
String[] roles = (String[])mappedValue;
if (roles == null || roles.length == 0){
return true;
}
for (String role : roles){
if (subject.hasRole(role)){
return true;
}
}
return false;
}
}
修改Spring.xml
<!--自定义roles过滤器-->
<bean class="com.zjc.filter.RolesOrFilter" id="rolesOrFilter"></bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"></property>
<property name="loginUrl" value="login.html"></property>
<property name="unauthorizedUrl" value="403.html"></property>
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/testRole = roles["admin"]
/testRole1 = rolesOr["admin","admin1"]
/testPerms = perms["user:delete"]
/testPerms1 = perms["user:delete","user:update"]
/* = authc
</value>
</property>
<property name="filters">
<util:map>
<entry key="rolesOr" value-ref="rolesOrFilter"></entry>
</util:map>
</property>
</bean>
