Shiro内置过滤器笔记

1.shiro提供以下内置过滤器,用于web项目资源请求验证

anon（匿名）  org.apache.shiro.web.filter.authc.AnonymousFilter
authc（身份验证）      org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic（http基本验证）   org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout（退出）       org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation（不创建session） org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms(许可验证) org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port（端口验证）  org.apache.shiro.web.filter.authz.PortFilter
rest  (rest方面) org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles（权限验证） org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl （ssl方面）  org.apache.shiro.web.filter.authz.SslFilter

user （用户方面） org.apache.shiro.web.filter.authc.UserFilter

2.自定过滤器

package com.springshirodemo.Realm;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;       // 角色验证
//import org.apache.shiro.web.filter.authc.AuthenticatingFilter;    //权限认证
public class Authorizatonfilter extends  AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		// TODO Auto-generated method stub
		
		Subject subject= getSubject(request, response);              // 获得主体
		
		String[]  roles = (String[]) mappedValue;                    //角色数组
		if(roles == null || roles.length == 0) {
			return true;
		}
		
		for(String role:roles) {
			if(subject.hasRole(role)) {                          //是否有角色
				return true;
			}
		}
		
		return false;
	}

}

3.Spring.Xml

	  <!--注入URL拦截规则 -->  
	  <property name="filterChainDefinitions">  
	      <value>  
	      /login.html = anon
	      /login33 = anon 
	   	  /login2 = perms["user:update","user:delect"]
	   	  /login2 = rolesOr["user","user11"]     //使用自定义
	      /page/base/staff* = perms["staffList"]  
	     </value>  
	  </property > 
	  <property name="filters">                                                            /配置Filters
	  		<util:map>
	  			<entry  key="rolesOr" value-ref="rolesOrfilter"></entry>
	  		</util:map>
	  </property> 
	</bean>
	<bean class="com.springshirodemo.Realm.Authorizatonfilter" id="rolesOrfilter"></bean>   //将自定义过滤器注入

注：

    使用util:map时需要配置

xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd“