The reason: When we use Shiro send AJAX requests, will automatically jump page (and AJAX can not jump page, add brick will be a lot of mistakes)
Because it is shiro own reasons, so we need to use our own definition of
In using this class PermissionsAuthorizationFilter shiro to filter requests so overwrite
AJAX Features
General request
AJAX
So we can determine whether the seven kinds of different AJAX request
Write a class inherits PermissionsAuthorizationFilter
Package cn.jiedada.aisell.web.shiro; Import org.apache.shiro.subject.Subject; Import org.apache.shiro.util.StringUtils; Import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter; Import ORG .apache.shiro.web.util.WebUtils; Import the javax.servlet.ServletRequest; Import javax.servlet.ServletResponse; Import the javax.servlet.http.HttpServletRequest; Import javax.servlet.http.HttpServletResponse; Import java.io.IOException; / ** * Shiro to write its own judge of what we need to deal with Ajax permissions * / public class AisellPermissionsAuthorizationFilterthe extends PermissionsAuthorizationFilter { @Override protected Boolean onAccessDenied (the ServletRequest Request, the ServletResponse Response) throws IOException { the Subject Subject = the this .getSubject (Request, Response); // determines whether the user login IF (subject.getPrincipal () == null ) { the this . saveRequestAndRedirectToLogin (request, Response); } the else { // only by HttpServletRequest to get data request header in order to determine HttpServletRequest httpRequest = (HttpServletRequest) request; the HttpServletResponse the httpResponse= (The HttpServletResponse) Response; // see if the request is AjAX String xRequested httpRequest.getHeader = ( "X--Requested-With" ); IF (! XRequested = null && "the XMLHttpRequest" .equals (xRequested)) { // Incoming need to pass before the first request in response, let him know that our data is returned AJAX request httpResponse.setContentType ( "text / json; charset = UTF-8" ); // back to the AJAX request, the data as circulate back here json requires outgoing standard data formats . httpResponse.getWriter () print ( "{ \" success \ ": false, \" msg \ ": \" no permissions \ "}" ); }else { String unauthorizedUrl = this.getUnauthorizedUrl(); if (StringUtils.hasText(unauthorizedUrl)) { WebUtils.issueRedirect(request, response, unauthorizedUrl); } else { WebUtils.toHttp(response).sendError(401); } } } return false; } }
The application-shiro.xml the default configuration settings for our own configuration
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <!-- DefaultSecurityManager securityManager = new DefaultSecurityManager();--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--引入到securityManager的realm--> <property name="realm" ref="myRealm"/> </bean> <-! Configure my own realm -> <bean the above mentioned id = "myrealm" class = "cn.jiedada.aisell.web.shiro.MyRealm"> <! - name does not matter -> <Property name = " name "value =" myrealm "/> ! <----> <Property name =" credentialsMatcher "> <-! set password parser hashedCredentialsMatcher hashedCredentialsMatcher = new new hashedCredentialsMatcher (); hashedCredentialsMatcher.setHashAlgorithmName ( " the MD5 " ); hashedCredentialsMatcher .setHashIterations ( 10); -> <bean class= "org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <Property name = "hashAlgorithmName" value = "the MD5" /> <Property name = "hashIterations" value = "10" /> </ the bean> </ Property > </ the bean> <-! delegated to the current page request -> <the bean ID = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <Property name = "securityManager" = REF " securityManager "/> <-! when we did not jump to the landing of whether the current page -> <Property name =" loginUrl "value =" / the login "/> <-! transferred to the successful landing page -> <Property name = "successUrl" value = "/ S / index.jsp" /> <-! privileged, if not then jump to that page -> <property name="unauthorizedUrl" value="/s/unauthorized.jsp"/> by key distinction is our own or shiro <-! / S / the Login = anon release /s/permission.jsp = PERMS [user: index] requires user: index permission to access / ** = authc -> <- <Property name = "filterChainDefinitions"! > <value> / S / Login = anon / Login = anon /s/permission.jsp = PERMS [User: index] / ** = authc </ value> </ Property> -> <Property name = "filterChainDefinitionMap" = REF "filterChainDefinitionMap"> </ Property> ! <- configuration can not apply a default connection to Shiro map.put(p.getUrl(),"perms["+p.getSn()+"]");这样是自带的 而 map.put(p.getUrl(),"aisellPers["+p.getSn()+"]");就变成了我们这个的权限 --> <property name="filters"> <map> <entry key="aisellPers" value-ref="aisellPermissionsAuthorizationFilter"></entry> </map> </property> </bean> <bean id="aisellPermissionsAuthorizationFilter" class="cn.jiedada.aisell.web.shiro.AisellPermissionsAuthorizationFilter"></bean> <bean id="filterChainDefinitionMap" factory-bean="shiroFilterMapFactory"Method-= Factory "CreateMap" /> <-! shiro configured permissions returned intercepted bean -> <bean id="shiroFilterMapFactory" class="cn.jiedada.aisell.web.shiro.ShiroFilterMapFactory"/> </beans>
In fact, this sentence
<property name="filters">
<map>
<entry key="aisellPers" value-ref="aisellPermissionsAuthorizationFilter"></entry>
</map>
</property>
</bean>
<bean id="aisellPermissionsAuthorizationFilter" class="cn.jiedada.aisell.web.shiro.AisellPermissionsAuthorizationFilter"></bean>
Then we need to shrio the default value to aisellPers the key value for us above
List<Permission> permissions = permissionService.findAll(); permissions.forEach(p->{ map.put(p.getUrl(),"aisellPers["+p.getSn()+"]"); });