Shiro 3 filter
来源:互联网 发布:大数据优缺点 编辑:程序博客网 时间:2024/05/29 09:25
首先Shiro提供的过滤器继承关系
过滤器的过滤方法是dofilter,最终可以找到AdviceFilter中的doFilterInternal
这个类中还有一个preHandle方法 返回true or false决定是否通过过滤器,这个方法供子类继承重写,实现不同过滤器业务
比如LogoutFilter中的
@Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { Subject subject = getSubject(request, response); String redirectUrl = getRedirectUrl(request, response, subject); //try/catch added for SHIRO-298: try { subject.logout(); } catch (SessionException ise) { log.debug("Encountered session exception during logout. This can generally safely be ignored.", ise); } issueRedirect(request, response, redirectUrl); return false; }
subject注销,重定向到 redirectUrl,返回false
PathMatchingFilter继承了AdviceFilter,在重写的preHandle中加入了对于url配置的其他权限的验证,最后提供了一个方法供重写,其中第三个参数类型为
String[] s = {"role1","role2"} 等
protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return true; }
所以匿名过滤器AnonymousFilter继承PathMatchingFilter,它的onPreHandle直接返回true,可以通过
@Override protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) { // Always return true since we allow access to anyone return true; }
AccessControlFilter extends PathMatchingFilter
public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue); }这两个方法都是有子类实现,这个类还提供了一个方法saveRequestAndRedirectToLogin,不和条件的情况会调用此方法转到登录页
剩下的都是功能业务的过滤器了,只需要分析它们对于上面方法的实现
比如RolesAuthorizationFilter检测subject是否有这些role
@SuppressWarnings({"unchecked"}) public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { Subject subject = getSubject(request, response); String[] rolesArray = (String[]) mappedValue; if (rolesArray == null || rolesArray.length == 0) { //no roles specified, so nothing to check - allow access. return true; } Set<String> roles = CollectionUtils.asSet(rolesArray); return subject.hasAllRoles(roles); }
比如PermissionsAuthorizationFilter检测subject是否有这些permission
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { Subject subject = getSubject(request, response); String[] perms = (String[]) mappedValue; boolean isPermitted = true; if (perms != null && perms.length > 0) { if (perms.length == 1) { if (!subject.isPermitted(perms[0])) { isPermitted = false; } } else { if (!subject.isPermittedAll(perms)) { isPermitted = false; } } } return isPermitted; }
认证过滤器FormAuthenticationFilter extends AuthenticatingFilter extends AuthenticationFilter extends AccessControlFilter
检测是否登录
AuthenticationFilter
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { Subject subject = getSubject(request, response); return subject.isAuthenticated(); }
FormAuthenticationFilter
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if (isLoginRequest(request, response)) { if (isLoginSubmission(request, response)) { if (log.isTraceEnabled()) { log.trace("Login submission detected. Attempting to execute login."); } return executeLogin(request, response); } else { if (log.isTraceEnabled()) { log.trace("Login page view."); } //allow them to see the login page ;) return true; } } else { if (log.isTraceEnabled()) { log.trace("Attempting to access a path which requires authentication. Forwarding to the " + "Authentication url [" + getLoginUrl() + "]"); } saveRequestAndRedirectToLogin(request, response); return false; } }
Shiro提供的这些过滤器的封装还是比较清晰的,由这条继承线,我们可以根据业务需要继承它的过滤器很方便的实现自己需要的业务。
0 0
- Shiro 3 filter
- shiro讲解之 Shiro Filter
- shiro filter的入口
- shiro 自定义认证filter
- Shiro Filter -- 拦截器
- shiro Filter--拦截器
- shiro默认filter
- shiro 认证filter 的原理
- shiro自定义filter 以及调用
- Shiro添加自己的Filter
- Springboot 集成Shiro自定义Filter
- 我的shiro之旅: 三 浅谈shiro的filter
- Shiro 之 Filter(上):ShiroFilter
- shiro自定义filter之BasicHttpAuthenticationFilter解读
- 我的shiro之旅:自定义filter
- Shiro的Filter机制详解---源码分析
- springboot集成Shiro,添加自定义filter后shiro的默认filter无法使用
- Shiro 3
- Stm32_调试出现 Error:Flash Download Failed-"Cortex-M3" 解决方案。
- tomcat介绍
- 从存储器内部看uname结构
- 大数据教你挑选分析师
- 开发过程使用Tomcat Maven插件持续快捷部署Web项目
- Shiro 3 filter
- HotSpot是什么?
- 自制maven archetype
- 两种异常错误的解决
- sysbench 安装、使用和测试
- python问题--缩进,IndentationError:expected an indented block
- Linux内核通用队列的使用笔记(读linux内核设计与实现)
- 用DOM来创建XML文档
- Java泛型中通配符的使用