版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_37164847/article/details/89234544
1.自定义realm中抛出异常信息
/**
* @description:自定义Realm
* @author: Administrator
* @date: 2019-03-27 13:30
*/
@Component
public class MyRealm extends AuthorizingRealm {
public static Log log = LogFactory.getLog(MyRealm.class);
@Autowired
private ShiroService shiroService;
/**
* 必须重写此方法,不然Shiro会报错
*/
@Override
public boolean supports(AuthenticationToken token) {
return token instanceof JwtToken;
}
/**
* 认证(登录时调用)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
log.info("自定义Realm:1.认证登录方法");
String accessToken = (String) token.getPrincipal();
log.info("1.1获取token:"+accessToken);
//根据accessToken,查询用户信息
SysUserTokenEntity tokenEntity = shiroService.queryByToken(accessToken);
//token失效
if(tokenEntity == null || tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()){
throw new IncorrectCredentialsException("token失效,请重新登录");
}
//查询用户信息
SysUserEntity user = shiroService.queryUser(tokenEntity.getUserId());
log.info("1.2查询用户信息:"+ JSON.toJSONString(user));
//账号锁定
if(user.getStatus() == 0){
throw new LockedAccountException("账号已被锁定,请联系管理员");
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, accessToken, getName());
return info;
}
/**
* 授权(验证权限时调用)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SysUserEntity user = (SysUserEntity)principals.getPrimaryPrincipal();
log.info("2.权限验证方法-》principals=="+JSON.toJSONString(principals));
Long userId = user.getUserId();
//用户权限列表
Set<String> permsSet = shiroService.getUserPermissions(userId);
log.info("2.1用户权限列表:"+JSON.toJSONString(permsSet));
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setStringPermissions(permsSet);
return info;
}
}
2.过滤器中把信息返回给前端:
/**
* @description: oauth2过滤器
* @author: Administrator
* @date: 2019-04-12 11:49
*/
public class OAuth2Filter extends AuthenticatingFilter {
public static Log log = LogFactory.getLog(OAuth2Filter.class);
@Override
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
//获取请求token
String token = getRequestToken((HttpServletRequest) request);
if(StringUtils.isBlank(token)){
return null;
}
return new JwtToken(token);
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if(((HttpServletRequest) request).getMethod().equals(RequestMethod.OPTIONS.name())){
return true;
}
return false;
}
// 表示当访问拒绝时是否已经处理了;如果返回true表示需要继续处理;
// 如果返回false表示该拦截器实例已经处理了,将直接返回即可。
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//获取请求token,如果token不存在,直接返回401
String token = getRequestToken((HttpServletRequest) request);
if(StringUtils.isBlank(token)){
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setContentType("application/json;charset=utf-8");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
String json = JSON.toJSONString(AppResultBuilder.faile(ResultCode.USER_NOT_LOGGED_IN));
httpResponse.getWriter().print(json);
return false;
}
return executeLogin(request, response);
}
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setContentType("application/json;charset=utf-8");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
try {
//处理登录失败的异常
Throwable throwable = e.getCause() == null ? e : e.getCause();
MyException myException=new MyException(110,throwable.getMessage());
String json =JSON.toJSONString(AppResultBuilder.faileexception(myException));
httpResponse.getWriter().print(json);
} catch (IOException e1) {
}
return false;
}
/**
* 获取请求的token
*/
private String getRequestToken(HttpServletRequest httpRequest){
//从header中获取token
String token = httpRequest.getHeader("Authorization");
//如果header中不存在token,则从参数中获取token
// log.info("如果header中不存在token,则从参数中获取token=="+token);
if(StringUtils.isBlank(token)){
token = httpRequest.getParameter("token");
}
return token;
}
}
测试: