shiro 判断ajax是否通过身份验证

这篇文章主要是针对使用shiro后ajax请求判断是否经过验证的问题。

代码:

public class RoleAuthorizationFilter extends AuthenticationFilter {

private static int bytes = 1024;
private static int startByte = 0;
private static int endByte = 0;

/**
* shiro 授权失败会进入此方法 判断是否是ajax请求
*/
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String serlvetPath = httpRequest.getServletPath();
Subject subject = getSubject(request, response);
if (subject.getPrincipal() == null) {
// 这里判断是否为ajax请求且是以.do结尾的
// 如果不是会走shiro默认的权限流程
if (isAjax(httpRequest) && serlvetPath.contains(".do")) {
returnJsonResult(httpResponse, "您尚未登录或登录时间过长,请重新登录!");
} else {
saveRequestAndRedirectToLogin(request, response);

}
}
return false;
}

private void returnJsonResult(HttpServletResponse httpResponse, String message) {
httpResponse.setStatus(301);
httpResponse.setHeader("Content-type", "application/json;charset=UTF-8");
Result result = new Result();
result.setCode(Const.FAIL);
result.setMessage(message);
Gson gson = new Gson();
String jsonStr = gson.toJson(result);
try {
OutputStream os = httpResponse.getOutputStream();
byte[] jsonByte = jsonStr.getBytes("UTF-8");
int count = jsonByte.length;
while (count > 0) {
if (count < 1024) {
endByte = endByte + count;
} else {
endByte = endByte + bytes;
}
os.write(jsonByte, startByte, endByte);
startByte = endByte;
count = count - bytes;
}
} catch (Exception e) {
}

}

/**
* 判断ajax请求
*
* @param request
* @return
*/
private boolean isAjax(HttpServletRequest request) {
return (request.getHeader("X-Requested-With") != null
&& "XMLHttpRequest".equals(request.getHeader("X-Requested-With").toString()));
}

}

这里说明saveRequestAndRedirectToLogin

进入这个方法是会将当前的请求redirect到spring-shiro.xml配置中的loginUrl