spring整合shiro自定义shiro授权filter

public class roleOrFilter extends AuthorizationFilter {
    /**
     *
     * @param servletRequest
     * @param servletResponse
     * @param o                 传过来的权限或者角色
     * @return
     * @throws Exception
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        //获取主体
        Subject subject = getSubject(servletRequest,servletResponse);
        String[] roles = (String[]) o;
        if(roles == null)return true;//为空说明都可以访问
        for (String role : roles) {
           if(subject.hasRole(role)){
               return true;
           }
        }
        return false;
    }
}

spring主 配置文件中，因为shiro自带的roles["user","admin"] 授权filter需要同时满足所有的角色，是&&的关系，所以需要定制filter，使得满足其中一个角色就可以访问。

红色字体是需要添加的部分

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="
           http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/mvc
           http://www.springframework.org/schema/mvc/spring-mvc.xsd
           http://www.springframework.org/schema/context
           http://www.springframework.org/schema/context/spring-context.xsd
           http://www.springframework.org/schema/aop
        http://www.springframework.org/schema/aop/spring-aop.xsd
           ">

    <import resource="spring-dao.xml"/>
    <context:component-scan base-package="com.imooc"/>
    <!--配置SQLSessionFactory，执行dao的操作-->
    <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
        <property name="dataSource" ref="dataSource"/>
        <!--扫描pojo对象所在的包，给 pojo包下的对象起别名--><!--扫描pojo包，给包下的pojo对象起别名-->
        <property name="typeAliasesPackage" value="com.heng.domain"/>


    </bean>
    <!--扫描接口所在的包路径，创建接口的代理对象，并且交给IOC容器管理-->
    <bean id="mapperScanner" class="org.mybatis.spring.mapper.MapperScannerConfigurer">
        <property name="basePackage" value="com.imooc.dao"/>
    </bean>



    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="login.html"/>
        <property name="unauthorizedUrl" value="403.html"/>
        <property name="filterChainDefinitions">
            <value>
                /login.html = anon
                /login.jsp = anon
                /subLogin.do = anon
                /bbb.do = roles["admin","admin1"]
                /ccc.do = roleOr["admin","admin1"]
                /pages/* = anon
                /* = authc
            </value>
        </property>
        <property name="filters">
            <map>
                <entry key="roleOr" value-ref="roleOrFilter"/>
            </map>
        </property>
    </bean>

　　　　//配置自定义的filter
    <bean id="roleOrFilter" class="com.imooc.filter.roleOrFilter"></bean>
    <!--创建SecurityManager对象-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="realm"/>
    </bean>
    <!--自定义realm-->
    <bean id="realm" class="com.imooc.realm.CustomRealm">
        <property name="credentialsMatcher" ref="credentialsMatcher"/>
    </bean>
　　　　

　　　　// 加密
    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <property name="hashAlgorithmName" value="md5"/>
        <property name="hashIterations" value="1"/>
    </bean>



</beans>