shiro是基于过滤器机制的,只要重写不同模块下的过滤器就可以达到自己想要的效果。
1、重写方法
public class LoginFilter extends UserFilter {
/**
* 这个方法用于处理未登录时页面重定向的逻辑
* 因此,只要进入了这个方法,就意味着登录失效了
* 我们只需要在这个方法里,给前端返回一个登录失效的状态码即可
* @param request
* @param response
* @throws IOException
*/
@Override
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
response.setContentType("application/json; charset=utf-8");
// 自定义返回内容
response.getWriter().write(JSONObject.toJSONString(new MyResponse<>(ResultEnum.NOT_LOGIN)));
}
}
配置到shiro中
@Configuration
public class ShiroConfig {
/**
* 创建ShiroFilterFactoryBean
*/
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
// 设置安全管理器
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 配置filter,解决认证失败返回login.jsp的问题
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("authc",new LoginFilter());
/**
* 访问规则配置
* anon:无需认证可以访问
* authc:必须认证才能访问
* user:如果使用rememberMe的功能可以直接访问
* perms:该资源必须得到权限才可以访问
* role:该资源必须得到角色权限才可以访问
*/
Map<String, String> filterMap = Maps.newHashMap();
filterMap.put("/*/login", "anon");
filterMap.put("/*/register", "anon");
filterMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 注入DefaultSecurityManager
*/
@Bean
public SecurityManager securityManager(AdminRealm adminRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 关联realm
securityManager.setRealm(adminRealm);
return securityManager;
}
/**
* 注入Realm
*/
@Bean
public AdminRealm adminRealm() {
return new AdminRealm();
}
/**
* 以下三个Bean是解决Shiro注解不生效问题,官方给出,不要问为什么
* @return
*/
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}