目的:通过拦截器实现对部分请求的拦截做自定义的鉴权处理,鉴权不通过时实现json返回
bug:通过继承 PermissionsAuthorizationFilter 实现了自定义的鉴权处理,但是前端报错302并做了请求转发
配置
1、在 ShrioConfig 定义的 shiroFilter
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login.jsp");
// 未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth.jsp");
// 自定义拦截器
Map filters = new HashMap<>();
//自定义拦截实现
filters.put("silence",new SilenceFilter());
//认证拦截
filters.put("authc",new AuthcFilter());
shiroFilterFactoryBean.setFilters(filters);
Map filterMap = new linkedHashMap();
filterMap.put("/aaaaa
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
if(这里加自定义的校检){
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
HttpServletRequest httpServletRequest = (HttpServletRequest)request;
httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
JSonObject result = new JSonObject();
result.put("success",false);
result.put("message", "错误");
httpServletResponse.getOutputStream().write(result.toString().getBytes());
httpServletResponse.getOutputStream().close();
}
return false;
}
