Shiro 3 filter

首先Shiro提供的过滤器继承关系

过滤器的过滤方法是dofilter，最终可以找到AdviceFilter中的doFilterInternal

这个类中还有一个preHandle方法 返回true or false决定是否通过过滤器，这个方法供子类继承重写，实现不同过滤器业务

比如LogoutFilter中的

 @Override    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {        Subject subject = getSubject(request, response);        String redirectUrl = getRedirectUrl(request, response, subject);        //try/catch added for SHIRO-298:        try {            subject.logout();        } catch (SessionException ise) {            log.debug("Encountered session exception during logout.  This can generally safely be ignored.", ise);        }        issueRedirect(request, response, redirectUrl);        return false;    }

subject注销，重定向到 redirectUrl，返回false

PathMatchingFilter继承了AdviceFilter，在重写的preHandle中加入了对于url配置的其他权限的验证，最后提供了一个方法供重写，其中第三个参数类型为

String[] s = {"role1","role2"}  等

  protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {        return true;    }

所以匿名过滤器AnonymousFilter继承PathMatchingFilter，它的onPreHandle直接返回true,可以通过

    @Override    protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) {        // Always return true since we allow access to anyone        return true;    }

AccessControlFilter extends PathMatchingFilter

  public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {        return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue);    }

这两个方法都是有子类实现，这个类还提供了一个方法saveRequestAndRedirectToLogin，不和条件的情况会调用此方法转到登录页

剩下的都是功能业务的过滤器了，只需要分析它们对于上面方法的实现

比如RolesAuthorizationFilter检测subject是否有这些role

 @SuppressWarnings({"unchecked"})    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {        Subject subject = getSubject(request, response);        String[] rolesArray = (String[]) mappedValue;        if (rolesArray == null || rolesArray.length == 0) {            //no roles specified, so nothing to check - allow access.            return true;        }        Set<String> roles = CollectionUtils.asSet(rolesArray);        return subject.hasAllRoles(roles);    }

比如PermissionsAuthorizationFilter检测subject是否有这些permission

 public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {        Subject subject = getSubject(request, response);        String[] perms = (String[]) mappedValue;        boolean isPermitted = true;        if (perms != null && perms.length > 0) {            if (perms.length == 1) {                if (!subject.isPermitted(perms[0])) {                    isPermitted = false;                }            } else {                if (!subject.isPermittedAll(perms)) {                    isPermitted = false;                }            }        }        return isPermitted;    }

认证过滤器FormAuthenticationFilter extends AuthenticatingFilter extends AuthenticationFilter extends AccessControlFilter

检测是否登录

AuthenticationFilter

 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {        Subject subject = getSubject(request, response);        return subject.isAuthenticated();    }

FormAuthenticationFilter

protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {        if (isLoginRequest(request, response)) {            if (isLoginSubmission(request, response)) {                if (log.isTraceEnabled()) {                    log.trace("Login submission detected.  Attempting to execute login.");                }                return executeLogin(request, response);            } else {                if (log.isTraceEnabled()) {                    log.trace("Login page view.");                }                //allow them to see the login page ;)                return true;            }        } else {            if (log.isTraceEnabled()) {                log.trace("Attempting to access a path which requires authentication.  Forwarding to the " +                        "Authentication url [" + getLoginUrl() + "]");            }            saveRequestAndRedirectToLogin(request, response);            return false;        }    }

Shiro提供的这些过滤器的封装还是比较清晰的，由这条继承线，我们可以根据业务需要继承它的过滤器很方便的实现自己需要的业务。