Shiro内置过滤器
- anon、authBasic、authc、user、logout
- perms、roles、ssl、port
spring.xml
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="login.html" />
<property name="unauthorizedUrl" value="403.html" />
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/testRole = roles["admin", "admin1"]
/testRole1 = rolesOr["admin", "admin1"]
/* = authc
</value>
</property>
<property name="filters">
<util:map>
<entry key="rolesOr" value-ref="rolesOrFilter" />
</util:map>
</property>
</bean>
<bean class="com.imooc.filter.RolesOrFilter" id="rolesOrFilter" />
Controller.java
@RequestMapping(value="/testRole", method = RequestMethod.GET)
@ResponseBody
public String testRole() {
return "testRole success";
}
@RequestMapping(value="/testRole1", method = RequestMethod.GET)
@ResponseBody
public String testRole1() {
return "testRole1 success";
}
@RequestMapping(value="/testPerms", method = RequestMethod.GET)
@ResponseBody
public String testPerms() {
return "testPerms success";
}
@RequestMapping(value="/testPerms1", method = RequestMethod.GET)
@ResponseBody
public String testPerms1() {
return "testPerms1 success";
}
RolesOrFilter
public class RolesOrFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
Subject subject = getSubject(servletRequest, servletResponse);
String[] roles = (String[]) o;
if (roles == null || roles.length == 0) {
return true;
}
for (String role : roles) {
if (subject.hasRole(role)) {
return true;
}
}
return false;
}
}