原因:當我們使用Shiro發送AJAX請求的時候,會自動跳轉頁面(而AJAX不能跳轉頁面,添磚會出很多錯誤)
因為是shiro自己的原因,所以我們需要使用我們自己定義的
在shiro中使用這個類PermissionsAuthorizationFilter來過濾請求所以覆寫
AJAX特點
普通請求
AJAX
所以我們可以通過七種不同來判斷是否為AJAX請求
寫一個類繼承PermissionsAuthorizationFilter
package cn.jiedada.aisell.web.shiro; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.StringUtils; import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter; import org.apache.shiro.web.util.WebUtils; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 寫一個自己的Shiro來判斷出我們需要的東西處理Ajax權限 */ public class AisellPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter { @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException { Subject subject = this.getSubject(request, response); //判斷用戶是否登陸 if (subject.getPrincipal() == null) { this.saveRequestAndRedirectToLogin(request, response); } else { //只用通過HttpServletRequest才能獲得請求頭中的數據才能判斷 HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse=(HttpServletResponse)response; //查看是否是AjAX請求 String xRequested = httpRequest.getHeader("X-Requested-With"); if(xRequested!=null&&"XMLHttpRequest".equals(xRequested)){ //傳入前需要在請求頭中傳入響應,讓他知道我們返回的數據是AJAX請求 httpResponse.setContentType("text/json; charset=UTF-8"); //帶回AJAX請求,把數據作為流傳回去這里需要傳出標准的json數據格式 httpResponse.getWriter().print( "{\"success\":false,\"msg\":\"沒有權限\"}"); }else { String unauthorizedUrl = this.getUnauthorizedUrl(); if (StringUtils.hasText(unauthorizedUrl)) { WebUtils.issueRedirect(request, response, unauthorizedUrl); } else { WebUtils.toHttp(response).sendError(401); } } } return false; } }
把application-shiro.xml中默認的配置設置為我們自己的配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <!-- DefaultSecurityManager securityManager = new DefaultSecurityManager();--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--引入到securityManager的realm--> <property name="realm" ref="myRealm"/> </bean> <!--配置我自己的realm--> <bean id="myRealm" class="cn.jiedada.aisell.web.shiro.MyRealm"> <!--name無關緊要--> <property name="name" value="myRealm"/> <!----> <property name="credentialsMatcher"> <!-- 設置密碼解析器 HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5"); hashedCredentialsMatcher.setHashIterations(10); --> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="MD5"/> <property name="hashIterations" value="10"/> </bean> </property> </bean> <!--下放請求到當前頁面--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <!--當我們沒登陸的是否跳到當前頁面--> <property name="loginUrl" value="/login"/> <!--登陸成功調到該頁面--> <property name="successUrl" value="/s/index.jsp"/> <!--有權限的,如果沒有則跳轉到該頁面--> <property name="unauthorizedUrl" value="/s/unauthorized.jsp"/> <!--/s/login = anon放行 /s/permission.jsp = perms[user:index]需要user:index權限才能訪問 /** = authc --> <!-- <property name="filterChainDefinitions"> <value> /s/login = anon /login = anon /s/permission.jsp = perms[user:index] /** = authc </value> </property>--> <property name="filterChainDefinitionMap" ref="filterChainDefinitionMap"></property> <!--配置一個可以不適用默認連接Shiro的 通過key區分是我們的shiro還是自帶的 map.put(p.getUrl(),"perms["+p.getSn()+"]");這樣是自帶的 而 map.put(p.getUrl(),"aisellPers["+p.getSn()+"]");就變成了我們這個的權限 --> <property name="filters"> <map> <entry key="aisellPers" value-ref="aisellPermissionsAuthorizationFilter"></entry> </map> </property> </bean> <bean id="aisellPermissionsAuthorizationFilter" class="cn.jiedada.aisell.web.shiro.AisellPermissionsAuthorizationFilter"></bean> <bean id="filterChainDefinitionMap" factory-bean="shiroFilterMapFactory" factory-method="createMap" /> <!--配置返回shiro權限攔截的bean--> <bean id="shiroFilterMapFactory" class="cn.jiedada.aisell.web.shiro.ShiroFilterMapFactory"/> </beans>
其實就是這一句
<property name="filters">
<map>
<entry key="aisellPers" value-ref="aisellPermissionsAuthorizationFilter"></entry>
</map>
</property>
</bean>
<bean id="aisellPermissionsAuthorizationFilter" class="cn.jiedada.aisell.web.shiro.AisellPermissionsAuthorizationFilter"></bean>
然后需要把我們shrio中默認的值改為aisellPers這個為我們上面的key值
List<Permission> permissions = permissionService.findAll(); permissions.forEach(p->{ map.put(p.getUrl(),"aisellPers["+p.getSn()+"]"); });