shiro是基於過濾器機制的,只要重寫不同模塊下的過濾器就可以達到自己想要的效果。
1、重寫方法
public class LoginFilter extends UserFilter {
/**
* 這個方法用於處理未登錄時頁面重定向的邏輯
* 因此,只要進入了這個方法,就意味着登錄失效了
* 我們只需要在這個方法裏,給前端返回一個登錄失效的狀態碼即可
* @param request
* @param response
* @throws IOException
*/
@Override
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
response.setContentType("application/json; charset=utf-8");
// 自定義返回內容
response.getWriter().write(JSONObject.toJSONString(new MyResponse<>(ResultEnum.NOT_LOGIN)));
}
}
配置到shiro中
@Configuration
public class ShiroConfig {
/**
* 創建ShiroFilterFactoryBean
*/
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
// 設置安全管理器
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 配置filter,解決認證失敗返回login.jsp的問題
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("authc",new LoginFilter());
/**
* 訪問規則配置
* anon:無需認證可以訪問
* authc:必須認證才能訪問
* user:如果使用rememberMe的功能可以直接訪問
* perms:該資源必須得到權限纔可以訪問
* role:該資源必須得到角色權限纔可以訪問
*/
Map<String, String> filterMap = Maps.newHashMap();
filterMap.put("/*/login", "anon");
filterMap.put("/*/register", "anon");
filterMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 注入DefaultSecurityManager
*/
@Bean
public SecurityManager securityManager(AdminRealm adminRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 關聯realm
securityManager.setRealm(adminRealm);
return securityManager;
}
/**
* 注入Realm
*/
@Bean
public AdminRealm adminRealm() {
return new AdminRealm();
}
/**
* 以下三個Bean是解決Shiro註解不生效問題,官方給出,不要問爲什麼
* @return
*/
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}