Shiro学习(七) Shiro 过滤器

作者: JiangCheng97 | 来源:发表于2020-02-24 21:44 被阅读0次

Shiro9-Shiro 与项目整合
Shiro学习(七) Shiro 过滤器
02_Spring整合Shiro实现认证授权
Shiro【授权过滤器、与ehcache整合、验证码、记住我】
SpirngBoot + Shiro 实现多种登录方式的身份认证
shiro springboot 认证
Shiro实现单一登录，并保留使用RememberMe功能。
Shiro【授权、整合Spirng、Shiro过滤器】
《shiro源码分析【整合spring】》（二）——Shiro过
springboot集成shiro跨域问题

Shiro内置过滤器

认证过滤

anon 不需要任何认证
authBasic Http认证
authc 需要认证之后才可以访问
user 需要当前存在用户才可以访问
logout 退出

授权过滤

perms 需要相关权限才可以访问
roles 需要相关角色才可以访问
ssl 安全的协议
port 相关端口

1、在UserController添加相关的接口

   @RequestMapping(value = "/testRole",method = RequestMethod.GET)
   @ResponseBody
   public String testRole(){
       return "testRole success";
   }

   @RequestMapping(value = "/testRole1",method = RequestMethod.GET)
   @ResponseBody
   public String testRole1(){
       return "testRole1 success";
   }


   @RequestMapping(value = "/testPerms",method = RequestMethod.GET)
   @ResponseBody
   public String testPerms(){
       return "testPerms success";
   }

   @RequestMapping(value = "/testPerms1",method = RequestMethod.GET)
   @ResponseBody
   public String testPerms1(){
       return "testPerms1 success";
   }

2-1、在spring.xml修改shiro过滤器

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"></property>
        <property name="loginUrl" value="login.html"></property>
        <property name="unauthorizedUrl" value="403.html"></property>
        <property name="filterChainDefinitions">
            <value>
                /login.html = anon
                /subLogin = anon
                /testRole = roles["admin"]
                <!-- 需要roles里面全部的角色  -->
                /testRole1 = roles["admin","admin1"]
                /testPerms = perms["user:delete"]
             <!-- 需要perms里面全部的权限  -->
                /testPerms1 = perms["user:delete","user:update"]
                /* = authc
            </value>
        </property>
    </bean>

2-2、自定义filter

package com.zjc.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class RolesOrFilter extends AuthorizationFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        Subject subject = getSubject(request,response);
        String[] roles = (String[])mappedValue;
        if (roles == null || roles.length == 0){
            return true;
        }
        for (String role : roles){
            if (subject.hasRole(role)){
                return true;
            }
        }
        return false;
    }
}

修改Spring.xml

    <!--自定义roles过滤器-->
    <bean class="com.zjc.filter.RolesOrFilter" id="rolesOrFilter"></bean>

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"></property>
        <property name="loginUrl" value="login.html"></property>
        <property name="unauthorizedUrl" value="403.html"></property>
        <property name="filterChainDefinitions">
            <value>
                /login.html = anon
                /subLogin = anon
                /testRole = roles["admin"]
                /testRole1 = rolesOr["admin","admin1"]
                /testPerms = perms["user:delete"]
                /testPerms1 = perms["user:delete","user:update"]
                /* = authc
            </value>
        </property>
        <property name="filters">
            <util:map>
                <entry key="rolesOr" value-ref="rolesOrFilter"></entry>
            </util:map>
        </property>
    </bean>