2 dmaker DMaker 于 2016.02.23 14:50 提问

shiro 与spring mvc整合,自定义过滤器的问题,求解,看详细内容

这是roleFilter:

 public class RolesOrAuthorizationFilter extends AuthorizationFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest request,
            ServletResponse response, Object mappedValue) throws Exception {

        Subject subject = getSubject(request, response);
        String[] rolesArray = (String[]) mappedValue;

        if (rolesArray == null || rolesArray.length == 0) {
            //no roles specified, so nothing to check - allow access.
            return true;
        }

        Set<String> roles = CollectionUtils.asSet(rolesArray);
        // 自定义部分
        for (String role : roles) {
            if(subject.hasRole(role)){
                return true;
            }
        }

        return false;
    }

}

这是动态取出url:

public class ChainDefinitionSectionMetaSource implements
        FactoryBean<Ini.Section> {

    @Autowired
    private Sys_RoleService roleService;
    @Autowired
    private Sys_RoleRighService roleRightService;
    @Autowired
    private Sys_RightService rightService;
    @Autowired
    private Sys_RightResourceService rightResourcesService;
    @Autowired
    private Sys_ResourceService resourcesService;

    private String filterChainDefinitions;

    /**
     * 默认permission的字符串
     */
    public Section getObject() throws Exception {

        // 查找出所有的资源
        List<Sys_resource> resources = resourcesService.findAll();

        // 加载默认的url
        Ini ini = new Ini();
        ini.load(filterChainDefinitions);
        Ini.Section section = ini.getSection(ini.DEFAULT_SECTION_NAME);

        if (resources != null && resources.size() > 0) {
            for (Sys_resource resource : resources) {
                String url = resource.getUrl();
                List<String> rightIds = resourcesService
                        .findRightStrByResourceId(resource.getId());
                if (rightIds != null && rightIds.size() > 0) {
                    for (String rightId : rightIds) {
                        List<String> roleIds = roleRightService
                                .findRoleIdByRightId(rightId);
                        if (roleIds != null && roleIds.size() > 0) {
                            String roles = "";
                            for (String roleId : roleIds) {
                                String roleName = roleService.findById(roleId)
                                        .getRname();
                                roles += "," + roleName;
                            }
                            // 分隔
                            roles = roles.substring(1);
                            // 添加到section中
                            section.put(url, "rolesOr[\"" + roles + "\"]");
                        }
                    }
                }
            }
        }

        System.out.println("权限:" + section.values());

        return section;
    }

    public Class<?> getObjectType() {
        return this.getClass();
    }

    public boolean isSingleton() {
        return false;
    }

    public void setFilterChainDefinitions(String filterChainDefinitions) {
        this.filterChainDefinitions = filterChainDefinitions;
    }

}

配置文件:

     <bean id="chainDefinitionSectionMetaSource" class="com.hxzSaas.shiro.ChainDefinitionSectionMetaSource">
            <property name="filterChainDefinitions">
                <value>
                    <!-- 只有登陆之后才可以访问 -->
                    /index.jsp = anon
                    /index.do = anon
                    /resources/** = anon
                    /templates/** = anon
                    /logout.do = logout
                    /user/UserManager/list.do = rolesOr["admin,超级管理员"]
                    /** = authc
                </value>
            </property>
         </bean>

        <!-- 配置在web.xml 中配置的bean的名称 -->
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager" />
            <property name="loginUrl" value="/login.do" />
            <property name="unauthorizedUrl" value="/common/noright.do" />
            <property name="filters">
                <map>
                    <entry key="rolesOr" >
                        <bean class="com.hxzSaas.shiro.RolesOrAuthorizationFilter" />
                    </entry>
                </map>
            </property>
            <property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />

在配置文件中写url的时候,自定义roleOr过滤器可以使用,比如:/user/UserManager/list.do = rolesOr["管理员"] ,这样配置的角色是管用的,但是,当从数据库中的取出的时候,就会不经过自定义的过滤器,这是什么原因呢??求大神解答,小弟初学者,搞了一个上午,是在无法解决,多谢了

1个回答

rui888
rui888   Ds   Rxr 2016.02.23 16:49

当从数据库中的取出的时候 经过reqeust 请求了吗?

Csdn user default icon
上传中...
上传图片
插入图片
准确详细的回答,更有利于被提问者采纳,从而获得C币。复制、灌水、广告等回答会被删除,是时候展现真正的技术了!