转载地址:https://blog.csdn.net/lilovfly/article/details/73477037
shiro修改没有登录或者session失效,根据ajax返回json
首先shiro默认的过滤器有哪些?
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login/login.htm" />
<property name="successUrl" value="/index/index.htm" />
<property name="unauthorizedUrl" value="/index/index.htm" />
<property name="filters">
<map>
<entry key="authc">
<bean class="com.zhihai.shirorealm.ShiroAccess" />
</entry>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/ = anon
/www.htm=anon
/register/** = anon
/login/** = anon
/index/** = authc
/analysis/** = authc
</value>
</property>
</bean>
那个filterChainDefinitions后面对应的链接后面的anon还是authc都是去filters中对应的key中去找,找不到就是默认的,我们相关的权限是authc,所以我们filters中要有这个key,我们要修改返回值就要修改authc对应的默认类org.apache.shiro.web.filter.authc.FormAuthenticationFilter,我们需要重写这个类,ShiroAccess就是对这个类的重写。
我们要写返回值我们需要重写该类的
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
我们对该方法的重写如下:
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if(this.isLoginRequest(request, response)) {
if(this.isLoginSubmission(request, response)) {
return this.executeLogin(request, response);
} else {
return true;
}
} else {
if(isAjax(request)){
Map<String,Object> result=new HashMap<String,Object>();
result.put("isLogin",false);
response.getWriter().print(JsonUtils.Bean2Json(result));
}else{
this.saveRequestAndRedirectToLogin(request, response);
}
return false;
}
}
public static boolean isAjax(ServletRequest request){
String header = ((HttpServletRequest) request).getHeader("X-Requested-With");
if("XMLHttpRequest".equalsIgnoreCase(header)){
System.out.println( "当前请求为Ajax请求");
return Boolean.TRUE;
}
System.out.println( "当前请求非Ajax请求");
return Boolean.FALSE;
}
这样就可以搞定了。还需努力。
首先shiro默认的过滤器有哪些?
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login/login.htm" />
<property name="successUrl" value="/index/index.htm" />
<property name="unauthorizedUrl" value="/index/index.htm" />
<property name="filters">
<map>
<entry key="authc">
<bean class="com.zhihai.shirorealm.ShiroAccess" />
</entry>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/ = anon
/www.htm=anon
/register/** = anon
/login/** = anon
/index/** = authc
/analysis/** = authc
</value>
</property>
</bean>
那个filterChainDefinitions后面对应的链接后面的anon还是authc都是去filters中对应的key中去找,找不到就是默认的,我们相关的权限是authc,所以我们filters中要有这个key,我们要修改返回值就要修改authc对应的默认类org.apache.shiro.web.filter.authc.FormAuthenticationFilter,我们需要重写这个类,ShiroAccess就是对这个类的重写。
我们要写返回值我们需要重写该类的
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
我们对该方法的重写如下:
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if(this.isLoginRequest(request, response)) {
if(this.isLoginSubmission(request, response)) {
return this.executeLogin(request, response);
} else {
return true;
}
} else {
if(isAjax(request)){
Map<String,Object> result=new HashMap<String,Object>();
result.put("isLogin",false);
response.getWriter().print(JsonUtils.Bean2Json(result));
}else{
this.saveRequestAndRedirectToLogin(request, response);
}
return false;
}
}
public static boolean isAjax(ServletRequest request){
String header = ((HttpServletRequest) request).getHeader("X-Requested-With");
if("XMLHttpRequest".equalsIgnoreCase(header)){
System.out.println( "当前请求为Ajax请求");
return Boolean.TRUE;
}
System.out.println( "当前请求非Ajax请求");
return Boolean.FALSE;
}
这样就可以搞定了。还需努力。