问题产生背景:之前项目用过shiro做权限控制,新项目决定延用shiro做权限控制,但是新项目采用前后分离,session超时后,需要返回json结构给前端去处理,shiro默认处理方案是session超时后重定向到登陆链接,修改如下
1.创建SessionExpiredFilter
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
@Slf4j
public class SessionExpiredFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
if (isLoginSubmission(request, response)) {
return executeLogin(request, response);
} else {
return true;
}
} else {
response.setContentType("application/json;charset=utf-8");
try (PrintWriter pw = response.getWriter()) {
pw.write("{\"code\":17918}");
pw.flush();
} catch (IOException e) {
log.error(e.getMessage(), e);
}
return false;
}
}
}
|
2.将创建的SessionExpiredFilter放入ShiroFilterFactoryBean
1
2
3
4
5
6
7
8
9
| ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
Map<String, Filter> filters = new LinkedHashMap<>();
SessionExpiredFilter sessionExpiredFilter = new SessionExpiredFilter();
filters.put("authc", sessionExpiredFilter);
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> chains = new LinkedHashMap<>();
chains.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(chains);
|