Shiro built-in filter notes

1. Shiro provides the following built-in filters for web project resource request verification

anon (anonymous) org.apache.shiro.web.filter.authc.AnonymousFilter
authc (authentication)      org.apache.shiro.web.filter.authc.FormAuthenticationFilter authcBasic (http basic authentication)   org.apache.shiro.web.filter .authc.BasicHttpAuthenticationFilter logout (exit)       org.apache.shiro.web.filter.authc.LogoutFilter noSessionCreation (no session creation) org.apache.shiro.web.filter.session.NoSessionCreationFilter perms (license verification) org.apache.shiro .web.filter.authz.PermissionsAuthorizationFilter port (port authentication) 




org.apache.shiro.web.filter.authz.PortFilter
rest (rest aspect) org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter roles (authorization authentication) org.apache.shiro.web.filter.authz.RolesAuthorizationFilter ssl (ssl aspect) 

org.apache.shiro.web.filter.authz.SslFilter

user (user side) org.apache.shiro.web.filter.authc.UserFilter

2. Custom Filters

package com.springshirodemo.Realm;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter; // role authentication
//import org.apache.shiro.web.filter.authc.AuthenticatingFilter; //Authorization authentication
public class Authorizatonfilter extends  AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		// TODO Auto-generated method stub
		
		Subject subject= getSubject(request, response);              // 获得主体
		
		String[] roles = (String[]) mappedValue; //roles array
		if(roles == null || roles.length == 0) {
			return true;
		}
		
		for(String role:roles) {
			if(subject.hasRole(role)) { //Is there a role
				return true;
			}
		}
		
		return false;
	}

}

3.Spring.Xml

	  <!--Inject URL blocking rules-->  
	  <property name="filterChainDefinitions">  
	      <value>  
	      /login.html = anon
	      /login33 = anon
	   	  /login2 = perms["user:update","user:delect"]
	   	  /login2 = rolesOr["user","user11"] //Use custom
	      /page/base/staff* = perms["staffList"]  
	     </value>  
	  </property >
	  <property name="filters">                                                            /配置Filters
	  		<util:map>
	  			<entry  key="rolesOr" value-ref="rolesOrfilter"></entry>
	  		</util:map>
	  </property>
	</bean>
	<bean class="com.springshirodemo.Realm.Authorizatonfilter" id="rolesOrfilter"></bean> //Inject custom filter

Note:

    Configuration is required when using util:map

xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd“