SpringBoot 整合Shiro 之 自定义Filter
结合上一篇 【Spring Boot 整合 Shiro】,第一次使用以后,但发现,Shiro过滤器对被 劫持 的API路径,若没“login.jsp”,则会直接返回 404 ,很不和谐。所以,捣鼓一下,自定义FIlter,经过自定义对其进行受权认证。java
项目源码直通车git
1. 自定义 Filter
@Slf4j
public class CustomFormAuthenticationFilter extends FormAuthenticationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue){
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
if (!isLoginSubmission(request, response)) {
if (log.isTraceEnabled()) {
log.trace("Attempting to access a path which requires authentication. Forwarding to the " +
"Authentication url [" + getLoginUrl() + "]");
}
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.setStatus(HttpStatus.CONFLICT.value());
JSONObject json = new JSONObject();
json.put("message","没有权限访问");
Writer writer = httpServletResponse.getWriter();
writer.write(json.toJSONString());
writer.flush();
writer.close();
}else {
return executeLogin(request, response);
}
}
return false;
}
}
复制代码
根据Shiro默认的过滤器链,咱们能够经过继承,并将自身Filter添加到其过滤器链中github
anon(AnonymousFilter.class),
authc(FormAuthenticationFilter.class),
authcBasic(BasicHttpAuthenticationFilter.class),
logout(LogoutFilter.class),
noSessionCreation(NoSessionCreationFilter.class),
perms(PermissionsAuthorizationFilter.class),
port(PortFilter.class),
rest(HttpMethodPermissionFilter.class),
roles(RolesAuthorizationFilter.class),
ssl(SslFilter.class),
user(UserFilter.class);
复制代码
2. 从新配置ShiroConfig
@Configuration
@ConfigurationProperties(prefix = "shiro")
public class ShiroConfig {
private final static String AUTHC_STR = "authc";
private final static String ANON_STR = "anon";
@Getter
@Setter
private List<String> anon_uri;
/** * 验证受权、认证 * * @return shiroRealm 受权认证 */
@Bean
public ShiroRealm shiroRealm(){
return new ShiroRealm();
}
/** * session manager * * @param shiroRealm 受权认证 * @return 安全管理 */
@Bean
@ConditionalOnClass(ShiroRealm.class)
public SecurityManager securityManager(ShiroRealm shiroRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(shiroRealm);
return securityManager;
}
@Bean
public CustomFormAuthenticationFilter customAuthenticationFilter(){
return new CustomFormAuthenticationFilter();
}
/** * Filter工厂,设置对应的过滤条件和跳转条件 * * @param securityManager session 管理 * @return shiro 过滤工厂 */
@Bean
@ConditionalOnClass(value = {CustomFormAuthenticationFilter.class,SecurityManager.class})
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager, CustomFormAuthenticationFilter customAuthenticationFilter) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 自定义过滤器
Map<String, Filter> filterMap = shiroFilterFactoryBean.getFilters();
filterMap.put("restful_return", customAuthenticationFilter);
shiroFilterFactoryBean.setFilters(filterMap);
//URI过滤
Map<String,String> map = Maps.newLinkedHashMap();
//可过滤的接口路径
anon_uri.forEach(item -> map.put(item,ANON_STR));
//全部路径进行校验
map.put("/api/**",AUTHC_STR);
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
}
复制代码
主要两点:spring
2.1.注入CustomFormAuthenticationFilter
@Bean
public CustomFormAuthenticationFilter customAuthenticationFilter(){
return new CustomFormAuthenticationFilter();
}
复制代码
2.2 加入过滤器链
// 自定义过滤器
Map<String, Filter> filterMap = shiroFilterFactoryBean.getFilters();
filterMap.put("restful_return", customAuthenticationFilter);
shiroFilterFactoryBean.setFilters(filterMap);
复制代码
3. 测试结果
相关文章
- 1. springboot集成shiro遭遇自定义filter异常(自定义FormAuthenticationFilter)
- 2. 细说shiro之自定义filter
- 3. Springboot整合Shiro
- 4. springboot整合shiro
- 5. springboot+shiro整合
- 6. shiro + springBoot 整合 JWT
- 7. SpringBoot整合Shiro
- 8. springboot集成Shiro,添加自定义filter后shiro的默认filter没法使用
- 9. shiro+jwt+springboot整合
- 10. Springboot 整合 shiro
- 更多相关文章...
- • 自定义TypeHandler - MyBatis教程
- • MySQL自定义函数(CREATE FUNCTION) - MySQL教程
- • RxJava操作符(十)自定义操作符
- • SpringBoot中properties文件不能自动提示解决方法
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. eclipse设置粘贴字符串自动转义
- 2. android客户端学习-启动模拟器异常Emulator: failed to initialize HAX: Invalid argument
- 3. android.view.InflateException: class com.jpardogo.listbuddies.lib.views.ListBuddiesLayout问题
- 4. MYSQL8.0数据库恢复 MYSQL8.0ibd数据恢复 MYSQL8.0恢复数据库
- 5. 你本是一个肉体,是什么驱使你前行【1】
- 6. 2018.04.30
- 7. 2018.04.30
- 8. 你本是一个肉体,是什么驱使你前行【3】
- 9. 你本是一个肉体,是什么驱使你前行【2】
- 10. 【资讯】LocalBitcoins达到每周交易比特币的7年低点
欢迎关注本站公众号,获取更多信息
相关文章