码上欢乐
相关内容   简体   繁体

shiro 下解决跨域请求

本文转载自  查看原文  2019-11-25 16:30  796  
package com.feige.admin.web.shiro;

import com.alibaba.fastjson.JSONObject;
import com.feige.common.responce.ResponceStatus;
import com.feige.common.responce.RestResponceBody;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.http.HttpStatus;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * shiro请求拦截器(解决登录校验跨域问题)
 */
public class AuthenticationFilter extends FormAuthenticationFilter {

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        // 错误异常提示
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        setHeader(httpRequest,httpResponse);
        httpResponse.setCharacterEncoding("UTF-8");
        httpResponse.setContentType("application/json");
        httpResponse.getWriter().write(JSONObject.toJSONString(new RestResponceBody(ResponceStatus.USER_NOT_LOGIN, "请先登录!")));
        return false;
    }

    /**
     * 为response设置header,实现跨域
     */
    private void setHeader(HttpServletRequest request,HttpServletResponse response){
        //跨域的header设置
        response.setHeader("Access-control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Methods", request.getMethod());
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));
        //防止乱码,适用于传输JSON数据
        //Content-Type, Content-Length, Authorization, Accept, X-Requested-With , yourHeaderFeild
        response.setHeader("Content-Type","application/json;charset=UTF-8");
        response.setStatus(HttpStatus.OK.value());
    }

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        if (request instanceof HttpServletRequest) {
            if (((HttpServletRequest) request).getMethod().toUpperCase().equals("OPTIONS")) {
                return true;
            }
        }
        return super.isAccessAllowed(request, response, mappedValue);
    }
}





需要配置对应的拦截
/**
 * 定义shiroFilter过滤器并注入securityManager
 * @param manager
 * @return
 */
@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    //设置securityManager
    bean.setSecurityManager(manager);
    bean.getFilters().put("authc", new AuthenticationFilter());
    //定义过滤器
    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/sys/sysUser/login", "anon");
    filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    filterChainDefinitionMap.put("/swagger-resources/**", "anon");
    filterChainDefinitionMap.put("/v2/api-docs", "anon");
    filterChainDefinitionMap.put("/error", "anon");
    filterChainDefinitionMap.put("/webjars/**", "anon");
    filterChainDefinitionMap.put("/**", "authc");
    bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return bean;
}


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 SpringBoot+Shiro放行OPTIONS请求,解决跨域问题 springboot shiro 前后端分离,解决跨域、过虑options请求、shiro管理session问题、模拟跨域请求 什么是跨域请求,怎么解决? springboot+shiro 跨域解决(OPTIONS) 解决ajax请求跨域 nginx解决跨域请求 SpringBoot下如何配置实现跨域请求? vue下axios和fetch跨域请求 跨域请求下cookie的理解 shiro 解决 跨域(仅端口不同) 登陆 问题
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM