自定义shiro实现识别ajax请求的拒绝返回json,还是普通返回页面

企业开发 2018-05-09 13:06:41 阅读次数: 1

自定义shiro实现识别ajax请求的拒绝返回json,还是普通返回页面

类似其他的自定义只要重写过滤器中相应的方法即可:

客户端请求标志:

 String contentType = httpServletRequest.getHeader("content-type");

application/json    : JSON数据格式(ajax)

application/x-www-form-urlencoded  :表单提交

null   浏览器直接请求

没有登录,正在登陆时每次进入登录过滤器

这时ajax请求用json格式返回失败即可(就不是返回整个失败页面),登录成功才可以请求正常请求json

登录后每次请求进入角色过等滤器

ajxa请求,json没有权限处理角色中处理json没有权限的返回即可(就不是整个页面返回),一般的请求返回登录页面也即可

FormAuthenticationFilter:MyAuthenticationFilter

进入onAccessDenied(区分ajax和普通请求,控制跳转返回格式)就已经是拒绝了,这里做拒绝后的处理,或者首次登陆的处理

onLoginSuccess登录成功之后(登录之后跳转到loginurl),做的事情(setsession)

onLoginFailure:处理登录失败后的处理(ajax请求返回json格式(里面带有自定义拒绝标志信息,和错误代码),普通请求返回拒绝页面)

AuthorizationFilter: RoleAuthorizationFilter

isAccessAllowed(定义判断是否有权限的规则)

判断角色是否具备访问要求

onAccessDenied

角色不具备的时候做的处理(ajax请求返回json格式(里面带有自定义拒绝标志信息,和错误代码),普通请求返回拒绝页面)

这两个未成功的时候都不会清除登录信息,才满足这两种情况:

1,拒绝就跳登录页面(见到的菜单都是自己有权限的情况下可以),unauthorizedUrl:没有权限默认跳转的页面。

2,当要求全部显示菜单,没有权限的菜单

就跳到提示页就提示,其他正常访问(并没有清除用户登录信息)就不能简单跳到登陆页

AuthorizationFilter(已登录):

FormAuthenticationFilter(要登录):

当需要没有权限就登出的时候在onAccessDenied中调用LogoutFilter清除登录信息

FormAuthenticationFilter:MyAuthenticationFilter

@Override

protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {

HttpServletRequest request = (HttpServletRequest) servletRequest;

HttpServletResponse response = (HttpServletResponse) servletResponse;

//String requestType = request.getHeader("X-Requested-With");

String requestType = (request .getHeader("X-Requested-With")==null?request .getHeader("x-requested-with"):null);

String contentType = request.getHeader("content-type");

request.getHeaderNames();

if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {

response.addHeader("loginStatus", "accessDenied");

response.sendError(HttpServletResponse.SC_FORBIDDEN);//403

response.setCharacterEncoding("UTF-8");

response.setContentType("application/json");

//HttpServletResponse rs=new HttpServletResponse();

//response.

//ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);

//responseHeader.getHeaders().add("loginStatus", "accessDenied");

//response.getWriter().write(JSONObject.toJSONString(responseHeader));

return false;

}

//if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))) {

//

//response.addHeader("loginStatus", "accessDenied");

//response.sendError(HttpServletResponse.SC_FORBIDDEN);//403

//response.setCharacterEncoding("UTF-8");

//response.setContentType("application/json");

////HttpServletResponse rs=new HttpServletResponse();

////response.

////ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);

////responseHeader.getHeaders().add("loginStatus", "accessDenied");

////response.getWriter().write(JSONObject.toJSONString(responseHeader));

//return false;

//}

String method = request.getMethod();

if("GET".equalsIgnoreCase(method)){

WebUtils.issueRedirect(request, response, "/");

return false;

}

return super.onAccessDenied(request, response);

}

AuthorizationFilter: RoleAuthorizationFilter

这两个的onAccessDenied都应如此写

@Override

protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {

HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;

HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;

//String requestType = httpServletRequest.getHeader("X-Requested-With");

String requestType = (httpServletRequest.getHeader("X-Requested-With")==null?httpServletRequest.getHeader("x-requested-with"):null);

String contentType = httpServletRequest.getHeader("content-type");

if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {

httpServletResponse.addHeader("loginStatus", "accessDenied");

httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);//403

httpServletResponse.setCharacterEncoding("UTF-8");

httpServletResponse.setContentType("application/json");

//HttpServletResponse rs=new HttpServletResponse();

//response.

//ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);

//responseHeader.getHeaders().add("loginStatus", "accessDenied");

//response.getWriter().write(JSONObject.toJSONString(responseHeader));

return false;

} else {//如果是普通请求进行重定向

httpServletResponse.sendRedirect("/");

}

return false;

}

  注意

MyAuthenticationFilter中onLoginSuccess中的session.stop();需要注掉,否则用框架的登陆走了onLoginSuccess然后又清了session会报错

参考:

http://blog.csdn.net/u014042146/article/details/72834582

http://blog.csdn.net/qq_20989105/article/details/78075660?locationNum=9&fps=1

猜你喜欢

转载自yuhuiblog6338999322098842.iteye.com/blog/2406657
今日推荐
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
周排行
Java自定义时间格式
同步整形电路
在开发中最最最常用的字符串的属性大集合
Linux 查看端口占用并杀掉
Java基础四:ArrayList
多线程之死锁就是这么简单
mysql 基础命令集
awk 命令详解
Centos6.3编译安装nginx+php步骤
OCR (Optical Character Recognition,光学字符识别)
每日归档
更多
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022