The javadoc of this class states that this class is the filter that restricts whether the resources in the application can be accessed . Let's look at the onPreHandle method first:
publicboolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue);
}
It can be found that he calls the isAccessAllowed method and the onAccessDenied method, as long as there is one of the two, we can also understand from the name, his logic is as follows: call isAccessAllowed first , if the return is true , then directly release the execution For the following filter and servlet , if it returns false , it will continue to execute the following onAccessDenied method. If it returns true , it can also have permission to continue to execute the latter filter and servelt .
Only if both functions return false will the execution of the following filter and servlet be blocked .
The isAccessAllowed methods are abstract in this class and are implemented by the implementation class. The onAccessDenied method is not abstract, but calls another abstract method:
org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(ServletRequest, ServletResponse)
This method ignores the previously configured param parameter.
There are other properties in this class, such as getLoginUrl , this is easy to guess, it is redirected to the login interface when there is no login, this method is to get the location of the login interface, the default is /login.jsp , if our login If the interface is not like this, you need to override this method.
There is a particularly useful method
saveRequestAndRedirectToLogin(ServletRequest, ServletResponse) , the source code is as follows:
protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
saveRequest(request);
redirectToLogin(request, response);
}
Shows that the current request is saved , and then redirects.
The source code is as follows:
protected void saveRequest(ServletRequest request) {
WebUtils.saveRequest(request);//About webutils in other blogs.
}
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
String loginUrl = getLoginUrl();//The redirected interface is to the login page.
WebUtils.issueRedirect(request, response, loginUrl); //About webutils in other blogs.
}
If we need to redirect in other classes, we can use its WebUtils.issueRedirect(request, response, loginUrl) method directly.
In addition, this class also provides the function of judging whether the current request path is the login page:
protectedboolean isLoginRequest(ServletRequest request, ServletResponse response) {
return pathsMatch(getLoginUrl(), request);
}
This method may also be used.
Continue to look at his implementation class, notice that there are now two abstract methods, one is isAccessAllowed and the other is onAccessDenied , these two parameters are different.
Inherited class:
·AuthenticationFilter
·AuthorizationFilter
·UserFilter
<!--[endif]-->