
shiro解决ajax访问拦截返回json串
在shiro自定义拦击的时候一般会继承AuthorizationFilter类重写isAccessAllowed()方法。该方法会根据我们自定义的规则通过返回true,不通过放回false。
根据框架的一般规则,必然有一个回调方法监控着isAccessAllowed()方法。点进AccessControlFilter类中
在AccessControlFilter类中会发现有一个onAccessDenied()方法。这个方法正是isAccessAllowed()方法的回调方法,当isAccessAllowed方法返回false的时候调用onAccessDenied()方法进行善后处理,是到登录页,还是错误页等。。。那我们就在这个方法中进行改进。重写onAccessDenied()方法。
package com.dzqc.model.common.shiro;
import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;
import com.alibaba.fastjson.JSONObject;
import com.dzqc.model.common.entity.ResultData;
/**
* @author JIAJIAJIA
* @data 2018年8月31日 下午2:56:12
* @description TODO
*/
public class CustomRolesAuthorizationFilter extends AuthorizationFilter {
/***
* 请求过滤的回调方法
*/
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = getSubject(request, response);
if (subject.getPrincipal() == null) {
if (isAjaxRequest((HttpServletRequest)request)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
ResultData resultData = new ResultData();
resultData.setResult(1);
resultData.setCode(401);
resultData.setMessage("登录认证失效,请重新登录!");
response.getWriter().write(JSONObject.toJSONString(resultData));
}else {
saveRequestAndRedirectToLogin(request, response);
}
} else {
String unauthorizedUrl = getUnauthorizedUrl();
if(isAjaxRequest((HttpServletRequest)request)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
ResultData resultData = new ResultData();
resultData.setResult(2);
resultData.setCode(402);
resultData.setMessage("您没有权限执行该操作!");
response.getWriter().write(JSONObject.toJSONString(resultData));
}else {
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
}
return false;
}
/**
* 请求过滤
*/
@Override
protected boolean isAccessAllowed(ServletRequest req, ServletResponse resp, Object mappedValue) throws Exception {
Subject subject = getSubject(req, resp);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) { //没有角色限制,有权限访问
return true;
}
for (int i = 0; i < rolesArray.length; i++) {
if (subject.hasRole(rolesArray[i])) { //若当前用户是rolesArray中的任何一个,则有权限访问
return true;
}
}
return false;
}
public static boolean isAjaxRequest(HttpServletRequest request) {
String requestedWith = request.getHeader("x-requested-with");
if (requestedWith != null && requestedWith.equalsIgnoreCase("XMLHttpRequest")) {
return true;
} else {
return false;
}
}
}
这样对于ajax请求就会返回我们定义的json串
当访问有权限的路径
当访问没有权限的路径时: