67,513
社区成员
发帖
与我相关
我的任务
分享shiro自定义过滤器不管用
自己配置了自定义的过滤器,但当访问JSONController/post这个地址时没有反应,求大神指点
只是shiro配置文件的一部分:
<bean id="rolesAnyAuthorizationFilter" class="com.trs.xmtdb.filter.RolesAnyAuthorizationFilter"></bean>
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/sso/login" />
<property name="successUrl" value="/outline/dbg" />
<property name="filters">
<map>
<entry key="roleAAF" value-ref="rolesAnyAuthorizationFilter"/>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/sso/logout = logout
/sso/login = anon
/idsAgentPages/** = anon
/idsHalt.jsp = anon
/idsAgents/GetLongUrlServlet = anon
/TRSIdSSSOProxyServlet = anon
/static/** = anon
/JSONController/post=roleAAF
/api/** = anon
/register/** = anon
/admin/** = roles[admin]
/** = user
</value>
</property>
</bean>
这是自定义过滤器:
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import com.sun.tools.internal.ws.processor.model.Request;
public class RolesAnyAuthorizationFilter extends AuthorizationFilter {
@Override
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
String url=request.getParameter("url");
String reqUrl = ((HttpServletRequest) request).getRequestURL().toString();
System.out.println("请求地址:"+reqUrl);
System.out.println("参数地址:"+url);
String re = "\\/(.*?)\\/";
Pattern p = Pattern.compile(re);
Matcher m = p.matcher(url);
String server="";
int n=0;
while(m.find()){
server=m.group(1);
if(n==1){
break;
}
n++;
}
Subject subject = getSubject(request, response);
System.out.println("访问服务名:"+server+";用户角色是否存在:"+subject.hasRole(server));
if(subject.hasRole(server)){
return true;
}
// }
// try {
// request.getRequestDispatcher("sso/error").forward(request, response);
// } catch (ServletException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
return false;
}
}
只是shiro配置文件的一部分:
<bean id="rolesAnyAuthorizationFilter" class="com.trs.xmtdb.filter.RolesAnyAuthorizationFilter"></bean>
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/sso/login" />
<property name="successUrl" value="/outline/dbg" />
<property name="filters">
<map>
<entry key="roleAAF" value-ref="rolesAnyAuthorizationFilter"/>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/sso/logout = logout
/sso/login = anon
/idsAgentPages/** = anon
/idsHalt.jsp = anon
/idsAgents/GetLongUrlServlet = anon
/TRSIdSSSOProxyServlet = anon
/static/** = anon
/JSONController/post=roleAAF
/api/** = anon
/register/** = anon
/admin/** = roles[admin]
/** = user
</value>
</property>
</bean>
这是自定义过滤器:
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import com.sun.tools.internal.ws.processor.model.Request;
public class RolesAnyAuthorizationFilter extends AuthorizationFilter {
@Override
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
String url=request.getParameter("url");
String reqUrl = ((HttpServletRequest) request).getRequestURL().toString();
System.out.println("请求地址:"+reqUrl);
System.out.println("参数地址:"+url);
String re = "\\/(.*?)\\/";
Pattern p = Pattern.compile(re);
Matcher m = p.matcher(url);
String server="";
int n=0;
while(m.find()){
server=m.group(1);
if(n==1){
break;
}
n++;
}
Subject subject = getSubject(request, response);
System.out.println("访问服务名:"+server+";用户角色是否存在:"+subject.hasRole(server));
if(subject.hasRole(server)){
return true;
}
// }
// try {
// request.getRequestDispatcher("sso/error").forward(request, response);
// } catch (ServletException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
return false;
}
}
...全文
请发表友善的回复…
发表回复
乐创 2015-01-30
- 打赏
- 举报
我的问题已经解决了,留个答案给后人。
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="order" value="3"/>
<property name="prefix" value="/WEB-INF/view/"/>
<property name="suffix" value=".jsp"/>
</bean>乐创 2015-01-29
- 打赏
- 举报
楼主解决了么?我的情况是:jetty8部署没有问题,jetty9部署就出现了shiro不起作用的情况。
