博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
SpringBoot 整合Shiro 之 自定义Filter
阅读量:5737 次
发布时间:2019-06-18

本文共 4322 字,大约阅读时间需要 14 分钟。

结合上一篇 【Spring Boot 整合 Shiro】,第一次使用之后,但发现,Shiro过滤器对被 劫持 的API路径,若没“login.jsp”,则会直接返回 404 ,很不和谐。因此,捣鼓一下,自定义FIlter,通过自定义对其进行授权认证。

1. 自定义 Filter

@Slf4jpublic class CustomFormAuthenticationFilter extends FormAuthenticationFilter {    @Override    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue){        return false;    }    @Override    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {        if (isLoginRequest(request, response)) {            if (!isLoginSubmission(request, response)) {                if (log.isTraceEnabled()) {                    log.trace("Attempting to access a path which requires authentication.  Forwarding to the " +                            "Authentication url [" + getLoginUrl() + "]");                }                HttpServletResponse httpServletResponse = (HttpServletResponse) response;                httpServletResponse.setContentType("application/json;charset=UTF-8");                httpServletResponse.setStatus(HttpStatus.CONFLICT.value());                JSONObject json = new JSONObject();                json.put("message","没有权限访问");                Writer writer = httpServletResponse.getWriter();                writer.write(json.toJSONString());                writer.flush();                writer.close();            }else {                return executeLogin(request, response);            }        }        return false;    }}复制代码

根据Shiro默认的过滤器链,我们可以通过继承,并将自身Filter添加到其过滤器链中

anon(AnonymousFilter.class),authc(FormAuthenticationFilter.class),authcBasic(BasicHttpAuthenticationFilter.class),logout(LogoutFilter.class),noSessionCreation(NoSessionCreationFilter.class),perms(PermissionsAuthorizationFilter.class),port(PortFilter.class),rest(HttpMethodPermissionFilter.class),roles(RolesAuthorizationFilter.class),ssl(SslFilter.class),user(UserFilter.class);复制代码

2. 重新配置ShiroConfig

@Configuration@ConfigurationProperties(prefix = "shiro")public class ShiroConfig {    private final static String AUTHC_STR = "authc";    private final static String ANON_STR = "anon";    @Getter    @Setter    private List
    
      anon_uri;    /**     * 验证授权、认证     *     * @return shiroRealm 授权认证     */    @Bean    public ShiroRealm shiroRealm(){        return new ShiroRealm();    }    /**     * session manager     *     * @param shiroRealm  授权认证     * @return  安全管理     */    @Bean    @ConditionalOnClass(ShiroRealm.class)    public SecurityManager securityManager(ShiroRealm shiroRealm){        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();        securityManager.setRealm(shiroRealm);        return securityManager;    }        @Bean    public CustomFormAuthenticationFilter customAuthenticationFilter(){        return new CustomFormAuthenticationFilter();    }    /**     * Filter工厂,设置对应的过滤条件和跳转条件     *     * @param securityManager session 管理     * @return shiro 过滤工厂     */    @Bean    @ConditionalOnClass(value = {CustomFormAuthenticationFilter.class,SecurityManager.class})    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager, CustomFormAuthenticationFilter customAuthenticationFilter) {        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();        shiroFilterFactoryBean.setSecurityManager(securityManager);        // 自定义过滤器        Map
     
       filterMap = shiroFilterFactoryBean.getFilters();        filterMap.put("restful_return", customAuthenticationFilter);        shiroFilterFactoryBean.setFilters(filterMap);        //URI过滤        Map
      
        map = Maps.newLinkedHashMap();                //可过滤的接口路径        anon_uri.forEach(item -> map.put(item,ANON_STR));        //所有路径进行校验        map.put("/api/**",AUTHC_STR);        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);        return shiroFilterFactoryBean;    }}复制代码

主要两点:

2.1.注入CustomFormAuthenticationFilter

@Beanpublic CustomFormAuthenticationFilter customAuthenticationFilter(){	return new CustomFormAuthenticationFilter();}复制代码

2.2 加入过滤器链

// 自定义过滤器Map
    
      filterMap = shiroFilterFactoryBean.getFilters();filterMap.put("restful_return", customAuthenticationFilter);shiroFilterFactoryBean.setFilters(filterMap);复制代码

3. 测试结果

转载于:https://juejin.im/post/5ce5ef645188250640004fab

你可能感兴趣的文章
fopen打开文件失败的问题
查看>>
【HTTP协议】---HTTP协议详解
查看>>
参数请求post, get , delete中的基本使用(1)
查看>>
CABasicAnimation 脉冲效果
查看>>
用例分析技术
查看>>
Easy-mapper教程——模型转换工具
查看>>
多平台同步更新博客
查看>>
VR_物体边框高亮(变红)
查看>>
卡尔曼滤波——20.卡尔曼预测
查看>>
servlet(4) - servletAPI - 小易Java笔记
查看>>
php给app写接口进行接口的加密
查看>>
django基础-Form组件
查看>>
结对编程之数组长度要求和大数溢出
查看>>
图形化设备管理器
查看>>
request.getRequestDispatcher("")跳转的一些理解
查看>>
css3渐变
查看>>
第六章-linux磁盘管理
查看>>
Android入门第十六篇之Style与Theme [转]
查看>>
开发者视频地址
查看>>
Ubuntu下搭建Android NDK开发环境
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-12-19 01:05:06   当前IP: 3.14.131.194   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我