public class MyShiroFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
Subject subject = getSubject(servletRequest, servletResponse);
String[] roles = (String[]) o;
if (roles == null || roles.length == 0) {
return true;
}
for (String role : roles) {
if (subject.hasRole(role)) {
return true;
}
}
return false;
}
}
spring-config.xml
<context:component-scan base-package="com.shiro.test.mvc">
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm">
<constructor-arg name="resourcePath" value="classpath:shiro-web.ini"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="iniRealm"/>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/gologin.html"/>
<property name="successUrl" value="/index.html"/>
<property name="unauthorizedUrl" value="/error.html"/>
<property name="filterChainDefinitions">
<value>
/login.html=anon
/gologin.html=anon
/index.html = authc
/role.html=authc,roles[admin]
/menu/** = authc,roles[admin,test]
</value>
</property>
<property name="filters">
<map>
<entry key="roles">
<bean class="com.shiro.test.mvc.filter.MyShiroFilter"/>
</entry>
</map>
</property>
</bean>
</beans>