1.shiro提供以下内置过滤器,用于web项目资源请求验证
anon(匿名) org.apache.shiro.web.filter.authc.AnonymousFilterauthc(身份验证) org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic(http基本验证) org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout(退出) org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation(不创建session) org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms(许可验证) org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port(端口验证) org.apache.shiro.web.filter.authz.PortFilter
rest (rest方面) org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles(权限验证) org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl (ssl方面) org.apache.shiro.web.filter.authz.SslFilter
user (用户方面) org.apache.shiro.web.filter.authc.UserFilter
2.自定过滤器
package com.springshirodemo.Realm; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authz.AuthorizationFilter; // 角色验证 //import org.apache.shiro.web.filter.authc.AuthenticatingFilter; //权限认证 public class Authorizatonfilter extends AuthorizationFilter { @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { // TODO Auto-generated method stub Subject subject= getSubject(request, response); // 获得主体 String[] roles = (String[]) mappedValue; //角色数组 if(roles == null || roles.length == 0) { return true; } for(String role:roles) { if(subject.hasRole(role)) { //是否有角色 return true; } } return false; } }
3.Spring.Xml
<!--注入URL拦截规则 --> <property name="filterChainDefinitions"> <value> /login.html = anon /login33 = anon /login2 = perms["user:update","user:delect"] /login2 = rolesOr["user","user11"] //使用自定义 /page/base/staff* = perms["staffList"] </value> </property > <property name="filters"> /配置Filters <util:map> <entry key="rolesOr" value-ref="rolesOrfilter"></entry> </util:map> </property> </bean> <bean class="com.springshirodemo.Realm.Authorizatonfilter" id="rolesOrfilter"></bean> //将自定义过滤器注入
注:
使用util:map时需要配置
xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd“