Shiro和Spring结合对请求路径进行过滤和记住我过滤操作
2016-12-20 17:39
316 查看
一,请求路径的过滤器
SessionExpireFilter.java如下:
package com.innotek.core.support.filter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import com.innotek.core.Constants;
/********
* 会话超时控制过滤器
*
* @author qiuzq
* <p/>
* 类功能: 用于ajax和普通请求,会话超时情况下:
* 1. ajax进行全局监测complete事件,浏览器通过发现SESSIONSTATUS=TIMEOUT,采取跳转。
* 2. 普通请求直接进行redirect。
*/
public class SessionExpireFilter extends AccessControlFilter {
// @Autowired
// private UserService userService;
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession();
// 判断session是否失效
if (session.getAttribute(Constants.CURRENT_USER) != null) {
return true;
}
// contextPath
String cxtPath = req.getContextPath();
// XMLHttpRequest
String type = req.getHeader("X-Requested-With") == null ? "" : req.getHeader("X-Requested-With");
// BASEPATH
String basePath = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort() + cxtPath + "/";
if (type.equals("XMLHttpRequest")) {
// 处理ajax请求, 设置响应header:超时标识以及重定向路径
resp.setHeader("SESSIONSTATUS", "TIMEOUT");
resp.setHeader("CONTEXTPATH", basePath + "login.jsp");
// 处理ajax请求, 设置状态 为403 未授权
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
} else {
// 普通请求直接进行redirect
resp.sendRedirect(cxtPath + "/login.jsp?TIME_OUT_REQ=1");
}
//WEB服务上其他受控资源。
return false;
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
return true;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
return true;
}
}
二,shiro.xml的文件配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.lily.com/schema/dubbo"
xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://code.alibabatech.lily.com/schema/dubbo http://code.alibabatech.lily.com/schema/dubbo/dubbo.xsd">
<!-- 拦截器使用对象,使用Spring注入 -->
<dubbo:reference id="sysUserProvider" interface="com.innotek.provider.sys.SysUserProvider" check="false"/>
<!-- 这里主要是设置自定义的单Realm应用,若有多个Realm,可使用'realms'属性代替 -->
<bean id="realm" class="com.innotek.core.support.shiro.Realm"/>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="realm"/>
</bean>
<!-- 记录菜单 -->
<bean id="rememberMenuFilter" class="com.innotek.core.support.filter.RememberMenuFilter">
<property name="redirectUrl" value="/login.jsp"/>
</bean>
<bean id="sessionExpireFilter" class="com.innotek.core.support.filter.SessionExpireFilter" />
<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager"/>
<!-- 要求登录时的链接 -->
<property name="loginUrl" value="/login.jsp"/>
<!-- 用户访问未对其授权的资源时,所显示的连接 -->
<property name="unauthorizedUrl" value="/forbidden"/>
<!-- Shiro连接约束配置,即过滤链的定义 -->
<!-- anon:它对应的过滤器里面是空的,什么都没做 -->
<!-- authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
<property name="filters">
<util:map>
<entry key="rememberMenu" value-ref="rememberMenuFilter"></entry>
<entry key="sessionExpire" value-ref="sessionExpireFilter"></entry>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/login.jsp = anon
/login=anon
/noPermission.jsp = anon
/sunflower/bill/getParkFee*=anon
/logout = anon
/*.ico=anon
/upload/*=anon
/theme/**=anon
/unauthorized=anon
/forbidden=anon
/**=user,sessionExpire,authc,perms,rememberMenu
</value>
</property>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
</beans>
三、记住点击过的菜单
RememberMenuFilter.java如下:
package com.innotek.core.support.filter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
import com.innotek.core.Constants;
import com.innotek.core.support.data.permission.model.UserSession;
import com.innotek.core.util.JsonUtil;
import com.innotek.core.util.RedisUtil;
import com.innotek.core.util.WebUtil;
import com.innotek.model.cfg.generator.Paramter;
/***
* 记住点击哪个菜单
*/
public class RememberMenuFilter extends AdviceFilter {
private static Logger logger = Logger.getLogger(RememberMenuFilter.class);
private String redirectUrl = "/login.jsp";
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest req = (HttpServletRequest) request;
UserSession currentUserSession = WebUtil.getCurrentUserSession();
if (currentUserSession == null) {
WebUtils.issueRedirect(request, response, getRedirectUrl());
return false;
}
//是否显示工作台
Integer status = WebUtil.getCurrentUserSession().getShowStatus();
req.getSession().setAttribute("showStatus", status);
req.getSession().setAttribute("userName", currentUserSession.getUserName());
String systemArray = JsonUtil.list2json(WebUtil.getCurrentUserSession()
.getSystemManageSession());
req.getSession().setAttribute("systemList", systemArray);
//返回工作台路径
Paramter param = (Paramter) RedisUtil.getNoExpiry(Constants.PARAMTER_CACHE + "WORK_URL");
if (param != null) {
req.getSession().setAttribute("workUrl", param.getParamValue());
}
return true;
}
/**
* 页面跳转
*
* @return
*/
public String getRedirectUrl() {
return redirectUrl;
}
public void setRedirectUrl(String redirectUrl) {
this.redirectUrl = redirectUrl;
}
}
四、然后再spring.xml配置文件中加入
<import
resource="spring/shiro-cas.xml"/>
即可,
SessionExpireFilter.java如下:
package com.innotek.core.support.filter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import com.innotek.core.Constants;
/********
* 会话超时控制过滤器
*
* @author qiuzq
* <p/>
* 类功能: 用于ajax和普通请求,会话超时情况下:
* 1. ajax进行全局监测complete事件,浏览器通过发现SESSIONSTATUS=TIMEOUT,采取跳转。
* 2. 普通请求直接进行redirect。
*/
public class SessionExpireFilter extends AccessControlFilter {
// @Autowired
// private UserService userService;
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession();
// 判断session是否失效
if (session.getAttribute(Constants.CURRENT_USER) != null) {
return true;
}
// contextPath
String cxtPath = req.getContextPath();
// XMLHttpRequest
String type = req.getHeader("X-Requested-With") == null ? "" : req.getHeader("X-Requested-With");
// BASEPATH
String basePath = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort() + cxtPath + "/";
if (type.equals("XMLHttpRequest")) {
// 处理ajax请求, 设置响应header:超时标识以及重定向路径
resp.setHeader("SESSIONSTATUS", "TIMEOUT");
resp.setHeader("CONTEXTPATH", basePath + "login.jsp");
// 处理ajax请求, 设置状态 为403 未授权
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
} else {
// 普通请求直接进行redirect
resp.sendRedirect(cxtPath + "/login.jsp?TIME_OUT_REQ=1");
}
//WEB服务上其他受控资源。
return false;
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
return true;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
return true;
}
}
二,shiro.xml的文件配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.lily.com/schema/dubbo"
xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://code.alibabatech.lily.com/schema/dubbo http://code.alibabatech.lily.com/schema/dubbo/dubbo.xsd">
<!-- 拦截器使用对象,使用Spring注入 -->
<dubbo:reference id="sysUserProvider" interface="com.innotek.provider.sys.SysUserProvider" check="false"/>
<!-- 这里主要是设置自定义的单Realm应用,若有多个Realm,可使用'realms'属性代替 -->
<bean id="realm" class="com.innotek.core.support.shiro.Realm"/>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="realm"/>
</bean>
<!-- 记录菜单 -->
<bean id="rememberMenuFilter" class="com.innotek.core.support.filter.RememberMenuFilter">
<property name="redirectUrl" value="/login.jsp"/>
</bean>
<bean id="sessionExpireFilter" class="com.innotek.core.support.filter.SessionExpireFilter" />
<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager"/>
<!-- 要求登录时的链接 -->
<property name="loginUrl" value="/login.jsp"/>
<!-- 用户访问未对其授权的资源时,所显示的连接 -->
<property name="unauthorizedUrl" value="/forbidden"/>
<!-- Shiro连接约束配置,即过滤链的定义 -->
<!-- anon:它对应的过滤器里面是空的,什么都没做 -->
<!-- authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
<property name="filters">
<util:map>
<entry key="rememberMenu" value-ref="rememberMenuFilter"></entry>
<entry key="sessionExpire" value-ref="sessionExpireFilter"></entry>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/login.jsp = anon
/login=anon
/noPermission.jsp = anon
/sunflower/bill/getParkFee*=anon
/logout = anon
/*.ico=anon
/upload/*=anon
/theme/**=anon
/unauthorized=anon
/forbidden=anon
/**=user,sessionExpire,authc,perms,rememberMenu
</value>
</property>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
</beans>
三、记住点击过的菜单
RememberMenuFilter.java如下:
package com.innotek.core.support.filter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
import com.innotek.core.Constants;
import com.innotek.core.support.data.permission.model.UserSession;
import com.innotek.core.util.JsonUtil;
import com.innotek.core.util.RedisUtil;
import com.innotek.core.util.WebUtil;
import com.innotek.model.cfg.generator.Paramter;
/***
* 记住点击哪个菜单
*/
public class RememberMenuFilter extends AdviceFilter {
private static Logger logger = Logger.getLogger(RememberMenuFilter.class);
private String redirectUrl = "/login.jsp";
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest req = (HttpServletRequest) request;
UserSession currentUserSession = WebUtil.getCurrentUserSession();
if (currentUserSession == null) {
WebUtils.issueRedirect(request, response, getRedirectUrl());
return false;
}
//是否显示工作台
Integer status = WebUtil.getCurrentUserSession().getShowStatus();
req.getSession().setAttribute("showStatus", status);
req.getSession().setAttribute("userName", currentUserSession.getUserName());
String systemArray = JsonUtil.list2json(WebUtil.getCurrentUserSession()
.getSystemManageSession());
req.getSession().setAttribute("systemList", systemArray);
//返回工作台路径
Paramter param = (Paramter) RedisUtil.getNoExpiry(Constants.PARAMTER_CACHE + "WORK_URL");
if (param != null) {
req.getSession().setAttribute("workUrl", param.getParamValue());
}
return true;
}
/**
* 页面跳转
*
* @return
*/
public String getRedirectUrl() {
return redirectUrl;
}
public void setRedirectUrl(String redirectUrl) {
this.redirectUrl = redirectUrl;
}
}
四、然后再spring.xml配置文件中加入
<import
resource="spring/shiro-cas.xml"/>
即可,
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- springMvc对请求路径进行过滤
- Spring结合Shiro进行权限控制
- HDFS java操作(二)FileStatus 获取文件属性,globStatus 进行路径过滤
- 在spring配置DataSource数据源进行数据库操作及spring结合hibernate操作
- springboot中通用mapper结合mybatis generator的使用 通用mapper是为了方便开发人员对单表进行crud操作而产生的一套通用方法。 通用mapper只支持单表操作,可以
- Spring 过滤器、分发器结合实现 只对某种类型数据 在 Ajax调用时候 进行过滤
- 每日一得--Spring 应用程序经常获取不到数据库连接,平时进行数据库操作也很慢
- 结合Spring2.0和ActiveMQ进行异步消息调用(转)
- BHO 进行IE9 保护模式下 请求过滤以及追踪,包括AJAX请求,以及其余ActiveX插件的请求
- Session过滤器 对指定路径下的请求进行session的失效验证,如失效则跳转到登录页面
- Spring中使用getSession()与通过HibernateTemplate进行数据操作的差别
- statViz结合GraphViz进行日志用户路径分析
- 通过Spring @PostConstruct 和 @PreDestroy 方法 实现初始化和销毁bean之前进行的操作
- Spring JQuery/Ajax 进行 Json请求
- Spring的依赖注入具体操作是怎样进行的
- 通过Spring @PostConstruct 和 @PreDestroy 方法 实现初始化和销毁bean之前进行的操作
- Spring中使用getSession()与通过HibernateTemplate进行数据操作的差别
- 使用spring提供的测试功能结合JUnit4进行单元测试
- .Net结合JQuery实现向aspx后台函数进行请求。
- VB 中如何在已得到的记录集中进行排序/过滤等操作sql