1. Shiro provides the following built-in filters for web project resource request verification
anon (anonymous) org.apache.shiro.web.filter.authc.AnonymousFilterauthc (authentication) org.apache.shiro.web.filter.authc.FormAuthenticationFilter authcBasic (http basic authentication) org.apache.shiro.web.filter .authc.BasicHttpAuthenticationFilter logout (exit) org.apache.shiro.web.filter.authc.LogoutFilter noSessionCreation (no session creation) org.apache.shiro.web.filter.session.NoSessionCreationFilter perms (license verification) org.apache.shiro .web.filter.authz.PermissionsAuthorizationFilter port (port authentication)
org.apache.shiro.web.filter.authz.PortFilter
rest (rest aspect) org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter roles (authorization authentication) org.apache.shiro.web.filter.authz.RolesAuthorizationFilter ssl (ssl aspect)
org.apache.shiro.web.filter.authz.SslFilter
user (user side) org.apache.shiro.web.filter.authc.UserFilter
2. Custom Filters
package com.springshirodemo.Realm; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authz.AuthorizationFilter; // role authentication //import org.apache.shiro.web.filter.authc.AuthenticatingFilter; //Authorization authentication public class Authorizatonfilter extends AuthorizationFilter { @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { // TODO Auto-generated method stub Subject subject= getSubject(request, response); // 获得主体 String[] roles = (String[]) mappedValue; //roles array if(roles == null || roles.length == 0) { return true; } for(String role:roles) { if(subject.hasRole(role)) { //Is there a role return true; } } return false; } }
3.Spring.Xml
<!--Inject URL blocking rules--> <property name="filterChainDefinitions"> <value> /login.html = anon /login33 = anon /login2 = perms["user:update","user:delect"] /login2 = rolesOr["user","user11"] //Use custom /page/base/staff* = perms["staffList"] </value> </property > <property name="filters"> /配置Filters <util:map> <entry key="rolesOr" value-ref="rolesOrfilter"></entry> </util:map> </property> </bean> <bean class="com.springshirodemo.Realm.Authorizatonfilter" id="rolesOrfilter"></bean> //Inject custom filter
Note:
Configuration is required when using util:map
xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd“