shiro 一个url支持多个访问角色

直接上代码

 

package com.sys.zyjd.common.security;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;

/**
 * shiro自带的roles[admin，ss]多角色之间是and关系而非or，但是shiro自带的方法同一权限只能分配一个角色。
 * 本类要实现一个方法支持多个访问角色
 *
 * @Author agnils
 * @create 2022/1/27 10:17
 */
public class RoleFilter extends RolesAuthorizationFilter {
    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
//        return super.isAccessAllowed(request, response, mappedValue);
        Subject subject = getSubject(request, response);
        String[] roles = (String[]) mappedValue;
        if (roles == null || roles.length == 0) {
            return false;
        }

        for (String role : roles) {
            if (subject.hasRole(role)) {
                return true;
            }
        }
        return false;
    }
}