先说一下思路,需要自定义过滤器,登录认证的需要继承FormAuthenticationFilter,授权的需要继承PermissionsAuthorizationFilter,并重写里面的 onAccessDenied 方法,shiro过滤器不是链式调用,所以判断逻辑要重新写,就是判断权限时需要先写判断登录的逻辑;最后需要在shiro配置类中注入自定义的过滤器;具体代码如下:
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
*
* @description:
* @author: Mr.Dream
* @create: 2022-05-05 11:01
**/
public class ShiroLoginFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setStatus(200);
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter out = httpServletResponse.getWriter();
JSONObject json = new JSONObject();
json.put("code","403");
json.put("msg","登录已失效,请重新登录!");
out.println(json);
out.flush();
out.close();
return false;
}
}
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
*
* @description:
* @author: Mr.Dream
* @create: 2022-05-05 11:34
**/
public class ShiroPermissionFilter extends PermissionsAuthorizationFilter {
??? @Override
??? protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
//??????? return super.onAccessDenied(servletRequest, servletResponse);
??????? HttpServletResponse httpServletResponse = (HttpServletResponse) response;
??????? httpServletResponse.setStatus(200);
??????? httpServletResponse.setContentType("application/json;charset=utf-8");
??????? PrintWriter out = httpServletResponse.getWriter();
??????? JSONObject json = new JSONObject();
??????? Subject subject = this.getSubject(request, response);
??????? if (subject.getPrincipal() == null) {
??????????? json.put("code","403");
??????????? json.put("msg","登录已失效,请重新登录!");
??????? } else {
??????????? json.put("code","401");
??????????? json.put("msg","您还没有该权限,请联系管理员!");
??????? }
??????? out.println(json);
??????? out.flush();
??????? out.close();
??????? return false;
??? }
}
配置类
相关资料
Filter Name
Class
anon
org.apache.shiro.web.filter.authc.AnonymousFilter
authc
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic
org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
perms
org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port
org.apache.shiro.web.filter.authz.PortFilter
rest
org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles
org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl
org.apache.shiro.web.filter.authz.SslFilter
user
org.apache.shiro.web.filter.authc.UserFilter
有时不知道怎么改时可以多看看shiro源码