zoukankan      html  css  js  c++  java
  • Shiro过滤器

    Shiro内置过滤器

    • anon、authBasic、authc、user、logout
    • perms、roles、ssl、port
    spring.xml
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="login.html" />
        <property name="unauthorizedUrl" value="403.html" />
        <property name="filterChainDefinitions">
            <value>
                /login.html = anon
                /subLogin = anon
                /testRole = roles["admin", "admin1"]
                /testRole1 = rolesOr["admin", "admin1"]
                /* = authc
            </value>
        </property>
        <property name="filters">
            <util:map>
                <entry key="rolesOr" value-ref="rolesOrFilter" />
            </util:map>
        </property>
    </bean>
    
    <bean class="com.imooc.filter.RolesOrFilter" id="rolesOrFilter" />
    
    Controller.java
    @RequestMapping(value="/testRole", method = RequestMethod.GET)
    @ResponseBody
    public String testRole() {
        return "testRole success";
    }
    
    @RequestMapping(value="/testRole1", method = RequestMethod.GET)
    @ResponseBody
    public String testRole1() {
        return "testRole1 success";
    }
    
    @RequestMapping(value="/testPerms", method = RequestMethod.GET)
    @ResponseBody
    public String testPerms() {
        return "testPerms success";
    }
    
    @RequestMapping(value="/testPerms1", method = RequestMethod.GET)
    @ResponseBody
    public String testPerms1() {
        return "testPerms1 success";
    }
    
    RolesOrFilter
    public class RolesOrFilter extends AuthorizationFilter {
        @Override
        protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
            Subject subject = getSubject(servletRequest, servletResponse);
            String[] roles = (String[]) o;
            if (roles == null || roles.length == 0) {
                return true;
            }
            for (String role : roles) {
                if (subject.hasRole(role)) {
                    return true;
                }
            }
            return false;
        }
    }
    
  • 相关阅读:
    spring Bean的完整生命周期
    idea+maven+ssm搭建boot_crm项目遇到的问题
    面试题:死锁的四个必要条件
    面试题:静态代理和动态代理的区别和联系 没用
    面试题: Struts2
    我所总结的设计模式 合应用场景
    hibernate 对象OID
    hibernate第三天 一对多 , 多对多
    hibernate里的实体类中不能重写toString
    存储前set方法相互关联 只关联了一方 分别set
  • 原文地址:https://www.cnblogs.com/sanjun/p/10007105.html
Copyright © 2011-2022 走看看