The custom shiro implementation identifies the rejection of the ajax request and returns json, or the normal return page
Similar to other customizations, just override the corresponding method in the filter:
Client request flags:
String contentType = httpServletRequest.getHeader("content-type");
application/json : JSON data format (ajax)
application/x-www-form-urlencoded : form submission
null direct browser request
Not logged in, entering the login filter every time when logging in
At this time, the ajax request can return the failure in json format (not returning the entire failure page), and the normal request json can be requested only after the login is successful.
After logging in, each request enters the role filter and other filters
ajxa request, json does not have permission to handle the role of processing json without permission to return (not the entire page return), the general request can return to the login page
FormAuthenticationFilter : MyAuthenticationFilter
Entering onAccessDenied (distinguishing between ajax and ordinary requests, and controlling the jump return format) is already rejected, and here is the processing after rejection, or the processing of the first login
onLoginSuccess After successful login (jump to loginurl after login), what to do (setsession)
onLoginFailure: Handle the processing after login failure (ajax request returns json format (with custom rejection sign information, and error code), ordinary request returns rejection page)
AuthorizationFilter: RoleAuthorizationFilter
isAccessAllowed (defines the rules for judging whether there is permission)
Determine whether the role has access requirements
onAccessDenied
What to do when the role is not available (ajax request returns json format (with custom rejection flag information, and error code), ordinary request returns rejection page)
The login information will not be cleared when the two are unsuccessful, so these two situations are satisfied:
1. Jump to the login page if you refuse (all the menus you see are available if you have permission), unauthorizedUrl: The page that you have no permission to jump to by default.
2. When asked to show all menus, menus without permission
Just jump to the prompt page and prompt, other normal access (without clearing the user login information) cannot simply jump to the login page
AuthorizationFilter (logged in):
FormAuthenticationFilter (to log in):
When you need to log out without permission, call LogoutFilter in onAccessDenied to clear the login information
FormAuthenticationFilter : MyAuthenticationFilter
@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//String requestType = request.getHeader("X-Requested-With");
String requestType = (request .getHeader("X-Requested-With")==null?request .getHeader("x-requested-with"):null);
String contentType = request.getHeader("content-type");
request.getHeaderNames();
if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {
response.addHeader("loginStatus", "accessDenied");
response.sendError(HttpServletResponse.SC_FORBIDDEN);//403
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
//HttpServletResponse rs=new HttpServletResponse();
//response.
//ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);
//responseHeader.getHeaders().add("loginStatus", "accessDenied");
//response.getWriter().write(JSONObject.toJSONString(responseHeader));
return false;
}
//if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))) {
//
//response.addHeader("loginStatus", "accessDenied");
//response.sendError(HttpServletResponse.SC_FORBIDDEN);//403
//response.setCharacterEncoding("UTF-8");
//response.setContentType("application/json");
////HttpServletResponse rs=new HttpServletResponse();
////response.
////ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);
////responseHeader.getHeaders().add("loginStatus", "accessDenied");
////response.getWriter().write(JSONObject.toJSONString(responseHeader));
//return false;
//}
String method = request.getMethod();
if("GET".equalsIgnoreCase(method)){
WebUtils.issueRedirect(request, response, "/");
return false;
}
return super.onAccessDenied(request, response);
}
AuthorizationFilter: RoleAuthorizationFilter
Both onAccessDenied should be written like this
@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
//String requestType = httpServletRequest.getHeader("X-Requested-With");
String requestType = (httpServletRequest.getHeader("X-Requested-With")==null?httpServletRequest.getHeader("x-requested-with"):null);
String contentType = httpServletRequest.getHeader("content-type");
if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {
httpServletResponse.addHeader("loginStatus", "accessDenied");
httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);//403
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
//HttpServletResponse rs=new HttpServletResponse();
//response.
//ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);
//responseHeader.getHeaders().add("loginStatus", "accessDenied");
//response.getWriter().write(JSONObject.toJSONString(responseHeader));
return false;
} else {//Redirect if it is a normal request
httpServletResponse.sendRedirect("/");
}
return false;
}
Notice
The session.stop() in onLoginSuccess in MyAuthenticationFilter needs to be commented out, otherwise the onLoginSuccess will be used to log in with the framework and then clear the session will report an error
refer to:
http://blog.csdn.net/u014042146/article/details/72834582
http://blog.csdn.net/qq_20989105/article/details/78075660?locationNum=9&fps=1