- shiro放行失效,自定义注解实现接口跳过登录校验
- shiro过滤器放行失败
- 自定义@NoAuthentication注解放行接口
- 1.新建一个NoAuthentication注解类
- 2. 调用注解
- 3.注解使用
起因是我shiro的过滤器不生效,所有接口都被拦截,直接进入jwtFilter超级烦啊,起笔之前还是没解决,shiroFilter如下:
@Bean("shiroFilter")
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
System.out.println("------------------------------>执行请求过滤");
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// 添加自己的过滤器并且取名为jwt
Map filterMap = new linkedHashMap<>(Constant.Number.ONE);
filterMap.put("jwt", jwtFilter());
factoryBean.setFilters(filterMap);
factoryBean.setSecurityManager(securityManager);
factoryBean.setUnauthorizedUrl("/401");
Map filterRuleMap = new linkedHashMap<>(Constant.Number.TWO);
filterRuleMap.put("/messageUI
@Target({ ElementType.METHOD }) //作用在方法上
@Retention(RetentionPolicy.RUNTIME) //运行时有效
@documented //可生成文档
public @interface NoAuthentication {
}
2. 调用注解
既然请求都进入isAccessAllowed,那我就在这个方法中添加注解调用,即进入该方法后,若方法有@NoAuthentication注解,则返回true直接放行,不进行登录校验
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (isLoginAttempt(request, response)) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
WebApplicationContext ctx = RequestContextUtils.findWebApplicationContext(httpServletRequest);
RequestMappingHandlerMapping mapping = ctx.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
HandlerExecutionChain handler = null;
try {
handler = mapping.getHandler(httpServletRequest);
Annotation[] declaredAnnotations = ((HandlerMethod) handler.getHandler()).getMethod().getDeclaredAnnotations();
if (declaredAnnotations.length != 0) {
for (Annotation annotation : declaredAnnotations) {
if (NoAuthentication.class.equals(annotation.annotationType())) {
return true;
}
}
}
// 执行登录
executeLogin(request, response);
Subject subject = getSubject(request, response);
String[] perms = (String[]) mappedValue;
boolean isPermitted = true;
if (perms != null && perms.length > 0) {
if (perms.length == 1) {
if (!subject.isPermitted(perms[0])) {
isPermitted = false;
}
} else if (!subject.isPermittedAll(perms)) {
isPermitted = false;
}
}
return isPermitted;
} catch (Exception e) {
e.printStackTrace();
responseTimeOut(request, response);
}
}
return true;
}
3.注解使用
就酱紫,直接在方法上加上即可实现放行
@ApiOperation(value = "获取所有新闻(用户ui)")
@GetMapping("/getList")
@ResponseBody
@CrossOrigin
@NoAuthentication
public Result getAllMessage() {
QueryWrapper wrapper = new QueryWrapper<>();
wrapper.eq("deleted", 1);
List list = messageService.list(wrapper);
//按发布日期倒序
list.sort(Comparator.comparing(Message::getSendTime));
Collections.reverse(list);
return new Result<>().success().put(list);
}
