spring整合shiro自定義shiro授權filter

public class roleOrFilter extends AuthorizationFilter {
    /**
     *
     * @param servletRequest
     * @param servletResponse
     * @param o                 傳過來的權限或者角色
     * @return
     * @throws Exception
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        //獲取主體
        Subject subject = getSubject(servletRequest,servletResponse);
        String[] roles = (String[]) o;
        if(roles == null)return true;//為空說明都可以訪問
        for (String role : roles) {
           if(subject.hasRole(role)){
               return true;
           }
        }
        return false;
    }
}

spring主 配置文件中，因為shiro自帶的roles["user","admin"] 授權filter需要同時滿足所有的角色，是&&的關系，所以需要定制filter，使得滿足其中一個角色就可以訪問。

紅色字體是需要添加的部分

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="
           http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/mvc
           http://www.springframework.org/schema/mvc/spring-mvc.xsd
           http://www.springframework.org/schema/context
           http://www.springframework.org/schema/context/spring-context.xsd
           http://www.springframework.org/schema/aop
        http://www.springframework.org/schema/aop/spring-aop.xsd
           ">

    <import resource="spring-dao.xml"/>
    <context:component-scan base-package="com.imooc"/>
    <!--配置SQLSessionFactory，執行dao的操作-->
    <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
        <property name="dataSource" ref="dataSource"/>
        <!--掃描pojo對象所在的包，給 pojo包下的對象起別名--><!--掃描pojo包，給包下的pojo對象起別名-->
        <property name="typeAliasesPackage" value="com.heng.domain"/>


    </bean>
    <!--掃描接口所在的包路徑，創建接口的代理對象，並且交給IOC容器管理-->
    <bean id="mapperScanner" class="org.mybatis.spring.mapper.MapperScannerConfigurer">
        <property name="basePackage" value="com.imooc.dao"/>
    </bean>



    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="login.html"/>
        <property name="unauthorizedUrl" value="403.html"/>
        <property name="filterChainDefinitions">
            <value>
                /login.html = anon
                /login.jsp = anon
                /subLogin.do = anon
                /bbb.do = roles["admin","admin1"] /ccc.do = roleOr["admin","admin1"] /pages/* = anon
                /* = authc
            </value>
        </property>
        <property name="filters"> <map> <entry key="roleOr" value-ref="roleOrFilter"/> </map> </property>
    </bean>

　　　　//配置自定義的filter
    <bean id="roleOrFilter" class="com.imooc.filter.roleOrFilter"></bean>
    <!--創建SecurityManager對象-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="realm"/>
    </bean>
    <!--自定義realm-->
    <bean id="realm" class="com.imooc.realm.CustomRealm">
        <property name="credentialsMatcher" ref="credentialsMatcher"/>
    </bean>
　　　　

　　　　// 加密
    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <property name="hashAlgorithmName" value="md5"/>
        <property name="hashIterations" value="1"/>
    </bean>



</beans>