Shiro学习笔记--ajax认证失败处理

1. 自定义shiro认证过滤器

    <!--自定义form认证过滤器-->
    <bean id="formAuthenticationFilter" class="cn.org.celay.shiro.filter.UserFromAuthenticationFilter">
        <property name="usernameParam" value="username"/>
        <property name="passwordParam" value="password"/>
        <property name="rememberMeParam" value="rememberMe"/>
    </bean>

2. 重写onAccessDenied方法（认证失败时执行）

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {

        if(this.isLoginRequest(request, response)) {
            if(this.isLoginSubmission(request, response)) {
                    logger.info("Login submission detected.  Attempting to execute login.");

                return this.executeLogin(request, response);
            } else {
                    logger.info("Login page view.");

                return true;
            }
        } else {
                logger.info("Attempting to access a path which requires authentication.  Forwarding to the Authentication url [" + this.getLoginUrl() + "]");

            HttpServletRequest httpRequest = WebUtils.toHttp(request);

            if (isAjaxRequest(httpRequest)) {

                HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
                httpServletResponse.sendError(401);

                return false;

            } else {
                //  saveRequestAndRedirectToLogin(request, response);
                redirectToLogin(request, response);
            }

            return false;
        }
    }

3. 判断请求是否为ajax

  /**
     * 判断ajax请求
     */
    private boolean isAjaxRequest(HttpServletRequest request){
        return  (request.getHeader("X-Requested-With") != null  && "XMLHttpRequest".equalsIgnoreCase( request.getHeader("X-Requested-With"))) ;
    }

4. 前端调用时做具体处理（认证失败刷新当前页面自动跳转到登录页面）

Namespace.register("cn.org.celay.index");
cn.org.celay.index = {
    skipUrl: function (url, data) {
        $.ajax({
            url: ctx + "/" + url,
            type: 'GET',
            data: data,
            dataType: 'html',
            async: true,
            success: function (data) {
                $("#page").html(data);
            },
            error: function (jqXHR, textStatus, errorThrown) {
                //认证失败
                if(jqXHR.status == 401){
                    console.log('认证失败...');
                    window.location.reload(true);//刷新当前页
                }
            }

        });
    }
};

5. loginUrl配置--认证失败后shiro会自动跳转至登录页面

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login"/>
        <property name="successUrl" value="/index"/>
        <property name="unauthorizedUrl" value="/unauthorized"/>
         <property name="filters">
             <map>
                 <entry key="authc" value-ref="formAuthenticationFilter"/>
             </map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /favicon.ico = anon
                /resource-page/**=anon
                /druid/**=anon
                /login=anon
                /logout.action=logout
                /**=authc
            </value>
        </property>
    </bean>