1. spring-mvc.xml中 给shiro的配置增加一条属性:
<property name="filters"> <map> <entry key="authc"> <bean class="com.abc.realm.LoginAdviceFilter" /> </entry> </map> </property>
2.编写LoginAdviceFilter.java 类
package com.abc.realm;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.servlet.AdviceFilter;
import com.abc.entity.Result;
import com.abc.entity.User;
import net.sf.json.JSONObject;
/**
* shiro Filter,判定登录状态是否失效
*
* @author DaiHaijiao
*
*/
public class LoginAdviceFilter extends AdviceFilter {
/**
* 在访问controller前判断是否登录,返回json,不进行重定向
*
* @param request
* @param response
* @return
* @throws Exception
*/
public boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
User sysUser = getUser();
if (null == sysUser && !StringUtils.contains(httpServletRequest.getRequestURI(), "/login")) {
String requestedWith = httpServletRequest.getHeader("X-Requested-With");
if (StringUtils.isNotEmpty(requestedWith) && StringUtils.equals(requestedWith, "XMLHttpRequest")) {// 如果是ajax返回指定数据
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().write(JSONObject.fromObject(Result.genResult(Result.LOGIN_TO_OPERATE)) + "");
return false;
} else {// 不是ajax
return true;
}
}
return true;
}
/**
* 获取当前登录用户
*
* @return
*/
protected User getUser() {
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
return (User) subject.getPrincipal();
}
return null;
}
}
2. jsp页面引入ajaxhook.min.js 和 3.里面自己写的那个js
Ajax-hook其实就是实现了一个代理模式而已,实现的整体思路是实现一个XMLHttpRequest的代理对象,然后覆盖全局的XMLHttpRequest,这样一但上层调用 new XMLHttpRequest这样的代码时,其实创建的是Ajax-hook的代理对象实例。
!function(t){function r(i){if(n[i])return n[i].exports;var o=n[i]={exports:{},id:i,loaded:!1};return t[i].call(o.exports,o,o.exports,r),o.loaded=!0,o.exports}var n={};return r.m=t,r.c=n,r.p="",r(0)}([function(t,r,n){n(1)(window)},function(t,r){t.exports=function(t){t.hookAjax=function(t){function r(t){return function(){return this.hasOwnProperty(t+"_")?this[t+"_"]:this.xhr[t]}}function n(r){return function(n){var i=this.xhr,o=this;return 0!=r.indexOf("on")?void(this[r+"_"]=n):void(t[r]?i[r]=function(){t[r](o)||n.apply(i,arguments)}:i[r]=n)}}function i(r){return function(){var n=[].slice.call(arguments);if(!t[r]||!t[r].call(this,n,this.xhr))return this.xhr[r].apply(this.xhr,n)}}return window._ahrealxhr=window._ahrealxhr||XMLHttpRequest,XMLHttpRequest=function(){this.xhr=new window._ahrealxhr;for(var t in this.xhr){var o="";try{o=typeof this.xhr[t]}catch(t){}"function"===o?this[t]=i(t):Object.defineProperty(this,t,{get:r(t),set:n(t)})}},window._ahrealxhr},t.unHookAjax=function(){window._ahrealxhr&&(XMLHttpRequest=window._ahrealxhr),window._ahrealxhr=void 0},t.default=t}}]);
3. 再自定义一个js,添加拦截ajax后处理的公共方法<人为添加,可修改成自己想改的样子>
hookAjax({
// 拦截回调
onreadystatechange : function(xhr) {
// console.log("onreadystatechange called: %O", xhr)
},
onload : function(xhr) {
// console.log("onload called: %O", xhr)
// 此处的code是LoginAdviceFilter.java返回的json里的一个字段
if (JSON.parse(xhr.response).code == 2) {
try {
// TODO something...
} catch (Exception) {
// TODO something...
}
}
},
// 拦截函数
open : function(arg) {
// console.log("open called: method:%s,url:%s,async:%s", arg[0], arg[1], arg[2])
// arg[1]+="?hook_tag=123456";
},
send : function(arg, xhr) {
// console.log("send called: %O", arg[0])
// xhr.setRequestHeader:function("_custom_header_","ajaxhook")
},
setRequestHeader : function(arg, xhr) {
// console.log("setRequestHeader called!", arg)
}
})