一,内置过滤器
认证过滤器:
- anon:不需要任何认证
- authBasic:HTTPS
- authc:需要认证
- user:需要当前存在用户
- logout:退出
授权过滤器:
- perms[参数]:需要同时具备相关权限才可以访问
- roles[参数]:需要同时具备相关角色才可以访问
- ssl:HTTPS
- port[端口]:要求中括号里的端口才可以访问
举例:
UserController
@RequestMapping(path="/testRole", method = RequestMethod.GET)
@ResponseBody
public String testRole(){
return "testRole success...";
}
@RequestMapping(path="/testRole1", method = RequestMethod.GET)
@ResponseBody
public String testRole1(){
return "testRole1 success...";
}
@RequestMapping(path="/testPerms", method = RequestMethod.GET)
@ResponseBody
public String testPerms(){
return "testPerms success...";
}
@RequestMapping(path="/testPerms1", method = RequestMethod.GET)
@ResponseBody
public String testPerms1(){
return "testPerms1 success...";
}
spring.xml
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="login.html" />
<property name="unauthorizedUrl" value="403.html" />
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/testRole = roles["admin"]
/testRole1 = roles["admin","user"]
/testPerms = perms["admin:query"]
/testPerms1 = perms["admin:select","user:select"]
/* = authc
</value>
</property>
</bean>
二,自定义过滤器
第一步:编写自定义过滤器,继承AuthorizationFilter或AuthenticatingFilter
package com.lmc.filter;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/**
* @Author lmc
* @Description
* @Date: Create in 17:52 2020/2/1
*/
public class RoleFilter extends AuthorizationFilter{
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
Subject subject = getSubject(servletRequest, servletResponse);
String[] roles = (String[]) o;
if (roles == null || roles.length == 0){
return true;
}
for (String s: roles) {
if (subject.hasRole(s)){
return true;
}
}
return false;
}
}
spring.xml
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="login.html" />
<property name="unauthorizedUrl" value="403.html" />
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/testRole = roles["user","lmc"]
/testRole1 = roleFi["user","lmc"]
/* = authc
</value>
</property>
<property name="filters" >
<util:map>
<entry key="roleFi" value-ref="roleFilter" />
</util:map>
</property>
</bean>
<!--自定义过滤器-->
<bean id="roleFilter" class="com.lmc.filter.RoleFilter" />
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/81651.html
