shiro 下解決跨域請求

本文轉載自查看原文 2019-11-25 16:30 796

package com.feige.admin.web.shiro;

import com.alibaba.fastjson.JSONObject;
import com.feige.common.responce.ResponceStatus;
import com.feige.common.responce.RestResponceBody;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.http.HttpStatus;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * shiro請求攔截器(解決登錄校驗跨域問題)
 */
public class AuthenticationFilter extends FormAuthenticationFilter {

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        // 錯誤異常提示
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        setHeader(httpRequest,httpResponse);
        httpResponse.setCharacterEncoding("UTF-8");
        httpResponse.setContentType("application/json");
        httpResponse.getWriter().write(JSONObject.toJSONString(new RestResponceBody(ResponceStatus.USER_NOT_LOGIN, "請先登錄!")));
        return false;
    }

    /**
     * 為response設置header，實現跨域
     */
    private void setHeader(HttpServletRequest request,HttpServletResponse response){
        //跨域的header設置
        response.setHeader("Access-control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Methods", request.getMethod());
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));
        //防止亂碼，適用於傳輸JSON數據
        //Content-Type, Content-Length, Authorization, Accept, X-Requested-With , yourHeaderFeild
        response.setHeader("Content-Type","application/json;charset=UTF-8");
        response.setStatus(HttpStatus.OK.value());
    }

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        if (request instanceof HttpServletRequest) {
            if (((HttpServletRequest) request).getMethod().toUpperCase().equals("OPTIONS")) {
                return true;
            }
        }
        return super.isAccessAllowed(request, response, mappedValue);
    }
}





需要配置對應的攔截

/**
 * 定義shiroFilter過濾器並注入securityManager
 * @param manager
 * @return
 */
@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    //設置securityManager
    bean.setSecurityManager(manager);
    bean.getFilters().put("authc", new AuthenticationFilter());
    //定義過濾器
    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/sys/sysUser/login", "anon");
    filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    filterChainDefinitionMap.put("/swagger-resources/**", "anon");
    filterChainDefinitionMap.put("/v2/api-docs", "anon");
    filterChainDefinitionMap.put("/error", "anon");
    filterChainDefinitionMap.put("/webjars/**", "anon");
    filterChainDefinitionMap.put("/**", "authc");
    bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return bean;
}

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 解決ajax請求跨域 vue下axios和fetch跨域請求 shiro 解決跨域(僅端口不同) 登陸問題解決Geoserver請求跨域的幾種思路解決前端跨域請求（SpringBoot）前后端分離djangorestframework——解決跨域請求 Django解決跨域請求的問題 Django解決跨域請求的問題谷歌解決跨域請求SameSite 解決ajax跨域請求（總結）