处理含有登录地址第二次没退出登录就404的问题
public class MyAuthenticationFilter extends FormAuthenticationFilter{
AdviceFilter
public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
Exception exception = null;
try {
boolean e = this.preHandle(request, response);
if(log.isTraceEnabled()) {
log.trace("Invoked preHandle method. Continuing chain?: [" + e + "]");
}
if(e) {
this.executeChain(request, response, chain);//含有登录地址的请求不走这里,就不会404,不走这里之前有登录还是登录,只是控制个跳转到登陆不会导致404
}
this.postHandle(request, response);
if(log.isTraceEnabled()) {
log.trace("Successfully invoked postHandle method");
}
} catch (Exception var9) {
exception = var9;
} finally {
this.cleanup(request, response, exception);
}
}
自己的默认或抽象,别人复写时使用
AccessControlFilter
public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
return this.isAccessAllowed(request, response, mappedValue) || this.onAccessDenied(request, response, mappedValue);
}
AuthenticatingFilter
校验登录地址不允许,只允许除此之外有权限的地址
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
return super.isAccessAllowed(request, response, mappedValue) || !this.isLoginRequest(request, response) && this.isPermissive(mappedValue);
}
为了处理第二次登录(没有退出),出现404这里在做一次过滤(只要有登录地址的就不允许向内部访问)
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
Subject subject = this.getSubject(request, response);
boolean flag= subject.isAuthenticated();(没退出为true)
return (flag && !((HttpServletRequest)request).getServletPath().contains("j_acegi_security_check")) || !this.isLoginRequest(request, response) && this.isPermissive(mappedValue);
}
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
AuthenticationToken token = this.createToken(request, response);
if(token == null) {
String e1 = "createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.";
throw new IllegalStateException(e1);
} else {
try {
Subject e = this.getSubject(request, response);
e.login(token);
return this.onLoginSuccess(token, e, request, response);
} catch (AuthenticationException var5) {
return this.onLoginFailure(token, var5, request, response);
}
}
}
//处理直接get请求登录的问题(浏览器直接输入登录地址请求)
@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//String requestType = request.getHeader("X-Requested-With");
String requestType = (request.getHeader("X-Requested-With")==null?request.getHeader("x-requested-with"):null);
String contentType = request.getHeader("content-type");
request.getHeaderNames();
if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && (contentType.equalsIgnoreCase("application/json; charset=utf-8")||contentType.equalsIgnoreCase("application/json")))) {
response.addHeader("loginStatus", "accessDenied");
response.sendError(HttpServletResponse.SC_FORBIDDEN);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
//HttpServletResponse rs=new HttpServletResponse();
//response.
//ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);
//responseHeader.getHeaders().add("loginStatus", "accessDenied");
//response.getWriter().write(JSONObject.toJSONString(responseHeader));
//ServletServerHttpResponse.ServletResponseHttpHeaders responseHeader=new ServletServerHttpResponse.ServletResponseHttpHeaders();
//responseHeader.
return false;
}
//if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))) {
//
//response.addHeader("loginStatus", "accessDenied");
//response.sendError(HttpServletResponse.SC_FORBIDDEN);
//response.setCharacterEncoding("UTF-8");
//response.setContentType("application/json");
////HttpServletResponse rs=new HttpServletResponse();
////response.
////ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);
////responseHeader.getHeaders().add("loginStatus", "accessDenied");
////response.getWriter().write(JSONObject.toJSONString(responseHeader));
//return false;
//}
String method = request.getMethod();
if("GET".equalsIgnoreCase(method)){
WebUtils.issueRedirect(request, response, "/");
return false;
}
return super.onAccessDenied(request, response);
}
}
注意
MyAuthenticationFilter中onLoginSuccess中的session.stop();需要注掉,否则用框架的登陆走了onLoginSuccess然后又清了session会报错