shiro+mybatis+springmvc实例记录（二）——shiro支持ajax请求

来源：互联网发布：linux cat和more 编辑：程序博客网时间：2024/06/04 01:36

接上文，页面跳转显然不适合动静分离ajax交互的架构模式，因此就需要对框架进行改造优化，使得后台能够返回json数据给前端请求。

自定义拦截器

shiro对权限、用户信息的校验实在默认的拦截器中进行的，要改写数据返回方式，则需要重写拦截器。这里我们分别对authc,perms进行重写。
分别定义两个拦截器，并使用printWriter将json字符串写入response中。
LoginFilter

package com.testshiro.filter;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.subject.Subject;import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;    //用户登录校验失败回调方法，也可以自己重写校验方法isAccessAllowed    @Override    protected boolean onAccessDenied(ServletRequest request,            ServletResponse response) throws Exception {        HttpServletRequest httpServletRequest = (HttpServletRequest) request;        HttpServletResponse httpServletResponse = (HttpServletResponse) response;        //设置编码格式，header的content-type也要设置，否则浏览器不会以utf8解析，还是乱码。设置application/json可以让js不需要eval即可使用对象        httpServletResponse.setCharacterEncoding("UTF-8");        httpServletResponse.setHeader("Content-type",                "application/json;charset=UTF-8");        PrintWriter out;        try {            out = httpServletResponse.getWriter();            out.println("{\"code\":-1,\"msg\":\"未登录用户！\"}");            out.flush();            out.close();        } catch (IOException e1) {            log.info(e1.getMessage());        }        return false;    }    @Override    protected boolean onLoginFailure(AuthenticationToken token,            AuthenticationException e, ServletRequest request,            ServletResponse response) {        HttpServletRequest httpServletRequest = (HttpServletRequest) request;        HttpServletResponse httpServletResponse = (HttpServletResponse) response;        httpServletResponse.setCharacterEncoding("UTF-8");        httpServletResponse.setHeader("Content-type",                "application/json;charset=UTF-8");        PrintWriter out;        try {            out = httpServletResponse.getWriter();            out.println("{\"code\":-1,\"msg\":\"系统错误\"}");            out.flush();            out.close();        } catch (IOException e1) {            log.info(e1.getMessage());        }        return false;    }    @Override    protected boolean onLoginSuccess(AuthenticationToken token,            Subject subject, ServletRequest request, ServletResponse response)            throws Exception {        return super.onLoginSuccess(token, subject, request, response);    }    private final static Logger log =    Logger.getLogger(LoginFilter.class);}

PermsFilter

package com.testshiro.filter;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.subject.Subject;import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;public class PermsFilter extends PermissionsAuthorizationFilter {    private final static Logger log = Logger.getLogger(PermsFilter.class);    @Override    protected boolean onAccessDenied(ServletRequest arg0, ServletResponse arg1)            throws IOException {        HttpServletRequest httpServletRequest = (HttpServletRequest) arg0;        HttpServletResponse httpServletResponse = (HttpServletResponse) arg1;        httpServletResponse.setCharacterEncoding("UTF-8");        httpServletResponse.setHeader("Content-type",                "application/json;charset=UTF-8");        PrintWriter out;        try {            out = httpServletResponse.getWriter();            out.println("{\"code\":-1,\"msg\":\"登录用户无权执行该操作！\"}");            out.flush();            out.close();        } catch (IOException e1) {            log.info(e1.getMessage());        }        return false;    }}

接下来在配置文件中配置自定义拦截器
spring-shiro.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"    xmlns:mvc="http://www.springframework.org/schema/mvc"    xmlns:util="http://www.springframework.org/schema/util"      xsi:schemaLocation="http://www.springframework.org/schema/beans       http://www.springframework.org/schema/beans/spring-beans-4.0.xsd       http://www.springframework.org/schema/tx       http://www.springframework.org/schema/tx/spring-tx-4.0.xsd      http://www.springframework.org/schema/context      http://www.springframework.org/schema/context/spring-context-4.0.xsd    http://www.springframework.org/schema/util    http://www.springframework.org/schema/util/spring-util-4.0.xsd"  >     <!-- Shiro Filter 拦截器相关配置 -->      <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">          <!-- securityManager -->          <property name="securityManager" ref="securityManager" />         <property name="loginUrl" value="/login.jsp" />          <property name="unauthorizedUrl" value="/403.jsp" />        <property name="filters">            <util:map>                <entry key="authc" value-ref="loginFilter"/>                <entry key="perms" value-ref="authoFilter"/>            </util:map>        </property>        <!-- 过滤链定义 -->          <property name="filterChainDefinitions">              <value>                  /data/sysaccount/login*=anon                /data/sysaccount/**=authc,perms[sysAccount]                /data/sysautho/**=authc,perms[sysAutho]                /data/sysrole/**=authc,perms[sysRole]             </value>          </property>      </bean>      <bean id="loginFilter" class="com.testshiro.filter.LoginFilter"/>    <bean id="authoFilter" class="com.testshiro.filter.PermsFilter"/>    <!-- securityManager -->    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">          <property name="realm" ref="myRealm" />      </bean>      <!-- 自定义Realm实现 -->     <bean id="myRealm" class="com.testshiro.realm.CustomRealm" />      <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /></beans>

启动服务器即可。

js页面部分代码

.ajax({                url : xxxx,                type : "GET",                success : function(data) {                    if("code" in data&&data.code==-1){                        alert(data.msg);                        return;                    }                }            })            ......

运行效果

未登录情况：

要求登录
json数据直观

未授权，post请求情况

未授权

正常情况

阅读全文

0 0