Shiro 自定义角色 认证

转载,原博文的地址在:https://ailongni.iteye.com/blog/2086022

由于Shiro filterChainDefinitions中 roles默认是and,
/** = user,roles[system,general]
比如:roles[system,general] ,表示同时需要“system”和“general” 2个角色才通过认证
所以需要自定义 继承 AuthorizationFilter

public class RolesAuthorizationFilter extends AuthorizationFilter{

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
            throws Exception {
        Subject subject = getSubject(request, response); 
        String[] rolesArray = (String[]) mappedValue; 

        if (rolesArray == null || rolesArray.length == 0) { 
            //no roles specified, so nothing to check - allow access. 
            return true; 
        } 

        for(int i=0;i<rolesArray.length;i++){  
            if(subject.hasRole(rolesArray[i])){  
                return true;  
            }  
        }  
        return false;  
    }

}

shiro过滤器xml配置:

<!-- Shiro Filter -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/login" />
        <property name="successUrl" value="/success" />
        <property name="filters">
            <map>
                <entry key="anyRoles" value-ref="anyRoles"/>
            </map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /login = authc
                /login/logout = anon
                / = anon
                /XXX/** = user,anyRoles[system,general]
                                /TTT = role[system]
                /** = user
            </value>
        </property>
    </bean>
    
    <!--自定义的Roles Filter-->
    <bean id="anyRoles" class="com.jianfei.p.web.common.RolesAuthorizationFilter" />

注意:/XXX/** = user,anyRoles[system,general], 注意红色的"anyRoles"一定要和 

  <entry key="anyRoles" value-ref="anyRoles"/> key一样就行,否则过滤器不起作用

posted @ 2019-01-28 17:20  护花使者  Views(594)  Comments(0Edit  收藏  举报