在实际项目上,我们针对不同的用户(guste,user,admin,mobile user)等等,需要进入不同的页面,比如,手机端用户需要进入Mobile/这个路径下的,这个时候,我们需要自定义拦截url,就比如下面的url:
电脑端用户登录页面 http://localhost:8080/login
手机端用户登录页面 http://localhost:8080/mobile/login
而在我们通用的配置中是这样配置的:
<!--Shiro配置 --><!-- Shiro 的Web过滤器 web.xml中shiro的filter对应的bean --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> ???<property name="securityManager" ref="securityManager" /> ???<property name="loginUrl" value="/login" /> ???<!-- 登陆成功后要跳转的连接 --> ???<!--<property name="successUrl" value="/success" />--> ???<!-- 没有权限要跳转的链接 --> ???<!--<property name="unauthorizedUrl" value="/regester" />--> ???<!-- 过虑器链定义,从上向下顺序执行,一般将/**放在最下边 --> ???<property name="filterChainDefinitions"> ???????<value> ???????????<!-- 对静态资源设置匿名访问 --> ???????????/resources/** = anon ???????????/login = anon ???????????/** = authc ???????</value> ???</property></bean>
这样的配置很明显,不符合我们的要求,那么怎么办呢?下面先看最终的配置的xml,然后一个一个解析:
<!--手机权限认证bean--><bean id="mobileFormAuthenticationFilter" class="com.unisits.zngkpt.framework.privilegeframe.bojo.CustomAccessControlFilter"> ???<!-- 手机登录的url --> ???<property name="mobileLoginUrl" value="/mobile/login" /></bean><!--Shiro配置 --><!-- Shiro 的Web过滤器 web.xml中shiro的filter对应的bean --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> ???<property name="securityManager" ref="securityManager" /> ???<property name="loginUrl" value="/login" /> ???<!-- 登陆成功后要跳转的连接 --> ???<!--<property name="successUrl" value="/success" />--> ???<!-- 没有权限要跳转的链接 --> ???<!--<property name="unauthorizedUrl" value="/regester" />--> ???<!-- 过虑器链定义,从上向下顺序执行,一般将/**放在最下边 --> ???<property name="filterChainDefinitions"> ???????<value> ???????????<!-- 对静态资源设置匿名访问 --> ???????????/resources/** = anon ???????????<!--手机登录路径--> ???????????/mobile/checkname = anon ???????????/mobile/login = anon ???????????/mobile/** = mobileAuthc ???????????/login = anon ???????????/** = authc ???????</value> ???</property> ???<!-- 自定义filter配置 --> ???<property name="filters"> ???????<map> ???????????<!-- 将自定义 的FormAuthenticationFilter注入shiroFilter中 --> ???????????<entry key="mobileAuthc" value-ref="mobileFormAuthenticationFilter" /> ???????</map> ???</property></bean>
这里,我们自定义了一个过滤规则:mobileAuthc,然后这个过滤规则对应一个过滤器:mobileFormAuthenticationFilter。
下面是自定义拦截器:
package com.unisits.zngkpt.framework.privilegeframe.bojo;import org.apache.shiro.subject.Subject;import org.apache.shiro.web.filter.AccessControlFilter;import org.apache.shiro.web.util.WebUtils;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;/** * @author:lyy * @Date: 2014/9/20 13:30 * @version: * @Description: 自定义url过滤器 */public class CustomAccessControlFilter extends AccessControlFilter { ???private String mobileLoginUrl; ???public String getMobileLoginUrl() { ???????return getLoginUrl(); ???} ???public void setMobileLoginUrl(String mobileLoginUrl) { ???????this.mobileLoginUrl = mobileLoginUrl; ???} ???@Override ???protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { ???????Subject subject = getSubject(request, response); ???????if (!subject.isAuthenticated() && !subject.isRemembered()) { ???????????WebUtils.issueRedirect(request, response, mobileLoginUrl); ???????????return false; ???????} ???????return true; ???} ???@Override ???protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { ???????Subject subject = getSubject(request, response); ???????if (!subject.isAuthenticated() && !subject.isRemembered()) { ???????????return false; ???????} ???????return true; ???}}其实,这个只是针对移动端新增了一个规则,但是普遍性还是不够,如果多个url都用一个过滤规则呢?其实也是可以的,可以自定义一个类,这个类有一个map对的属性,里面是规则,还有一个默认规则。然后根据url的匹配,来设定不同的规则对应不同的url
附录:
shiro的过滤器
Filter Name | Class |
anon | org.apache.shiro.web.filter.authc.AnonymousFilter |
authc | org.apache.shiro.web.filter.authc.FormAuthenticationFilter |
authcBasic | org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter |
logout | org.apache.shiro.web.filter.authc.LogoutFilter |
noSessionCreation | org.apache.shiro.web.filter.session.NoSessionCreationFilter |
perms | org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter |
port | org.apache.shiro.web.filter.authz.PortFilter |
rest | org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter |
roles | org.apache.shiro.web.filter.authz.RolesAuthorizationFilter |
ssl | org.apache.shiro.web.filter.authz.SslFilter |
user | org.apache.shiro.web.filter.authc.UserFilter |
shiro自定义拦截url
原文地址:https://www.cnblogs.com/ningheshutong/p/8133952.html