@SuppressWarnings({"unchecked"}) public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { Subject subject = getSubject(request, response); String[] rolesArray = (String[]) mappedValue; if (rolesArray == null || rolesArray.length == 0) { //no roles specified, so nothing to check - allow access. return true; } Set<String> roles = CollectionUtils.asSet(rolesArray); return subject.hasAllRoles(roles); }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { boolean status = super.onPreHandle(request, response, mappedValue); if(Redis.getSession() == null || !status){ return false; } return true; } }
/** * Shiro的过滤器链 */ @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); shiroFilter.setLoginUrl("/login"); shiroFilter.setUnauthorizedUrl("/login"); shiroFilter.setSuccessUrl("/"); Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("anon", new AnonymousFilter()); filters.put("authc", new FormAuthenticationFilter()); filters.put("logout", new LogoutFilter()); filters.put("roles", new RolesAuthorizationFilter()); filters.put("user", new UserFilter()); shiroFilter.setFilters(filters); Map<String, String> chains = new LinkedHashMap<>(); chains.put("/login", "anon"); chains.put("/postLogin", "anon"); /** * 静态资源不拦截 * */ chains.put("/adminlte/**", "anon"); chains.put("/**","authc"); shiroFilter.setFilterChainDefinitionMap(chains); return shiroFilter; }