shiro 判断ajax是否通过身份验证

这篇文章主要是针对使用shiro后ajax请求判断是否经过验证的问题。

---

代码:

public class RoleAuthorizationFilter extends AuthenticationFilter {    private static int bytes = 1024;    private static int startByte = 0;    private static int endByte = 0;    /**     * shiro 授权失败会进入此方法 判断是否是ajax请求     */    @Override    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {        HttpServletRequest httpRequest = (HttpServletRequest) request;        HttpServletResponse httpResponse = (HttpServletResponse) response;        String serlvetPath = httpRequest.getServletPath();        Subject subject = getSubject(request, response);        if (subject.getPrincipal() == null) {            // 这里判断是否为ajax请求且是以.do结尾的            // 如果不是会走shiro默认的权限流程             if (isAjax(httpRequest) && serlvetPath.contains(".do")) {                returnJsonResult(httpResponse, "您尚未登录或登录时间过长,请重新登录!");            } else {                saveRequestAndRedirectToLogin(request, response);            }        }        return false;    }    private void returnJsonResult(HttpServletResponse httpResponse, String message) {        httpResponse.setStatus(301);        httpResponse.setHeader("Content-type", "application/json;charset=UTF-8");        Result result = new Result();        result.setCode(Const.FAIL);        result.setMessage(message);        Gson gson = new Gson();        String jsonStr = gson.toJson(result);        try {            OutputStream os = httpResponse.getOutputStream();            byte[] jsonByte = jsonStr.getBytes("UTF-8");            int count = jsonByte.length;            while (count > 0) {                if (count < 1024) {                    endByte = endByte + count;                } else {                    endByte = endByte + bytes;                }                os.write(jsonByte, startByte, endByte);                startByte = endByte;                count = count - bytes;            }        } catch (Exception e) {        }    }    /**     * 判断ajax请求     *      * @param request     * @return     */    private boolean isAjax(HttpServletRequest request) {        return (request.getHeader("X-Requested-With") != null                && "XMLHttpRequest".equals(request.getHeader("X-Requested-With").toString()));    }}

这里说明saveRequestAndRedirectToLogin

进入这个方法是会将当前的请求redirect到spring-shiro.xml配置中的loginUrl