这是roleFilter:
public class RolesOrAuthorizationFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request,
ServletResponse response, Object mappedValue) throws Exception {
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
//no roles specified, so nothing to check - allow access.
return true;
}
Set<String> roles = CollectionUtils.asSet(rolesArray);
// 自定义部分
for (String role : roles) {
if(subject.hasRole(role)){
return true;
}
}
return false;
}
}
这是动态取出url:
public class ChainDefinitionSectionMetaSource implements
FactoryBean<Ini.Section> {
@Autowired
private Sys_RoleService roleService;
@Autowired
private Sys_RoleRighService roleRightService;
@Autowired
private Sys_RightService rightService;
@Autowired
private Sys_RightResourceService rightResourcesService;
@Autowired
private Sys_ResourceService resourcesService;
private String filterChainDefinitions;
/**
* 默认permission的字符串
*/
public Section getObject() throws Exception {
// 查找出所有的资源
List<Sys_resource> resources = resourcesService.findAll();
// 加载默认的url
Ini ini = new Ini();
ini.load(filterChainDefinitions);
Ini.Section section = ini.getSection(ini.DEFAULT_SECTION_NAME);
if (resources != null && resources.size() > 0) {
for (Sys_resource resource : resources) {
String url = resource.getUrl();
List<String> rightIds = resourcesService
.findRightStrByResourceId(resource.getId());
if (rightIds != null && rightIds.size() > 0) {
for (String rightId : rightIds) {
List<String> roleIds = roleRightService
.findRoleIdByRightId(rightId);
if (roleIds != null && roleIds.size() > 0) {
String roles = "";
for (String roleId : roleIds) {
String roleName = roleService.findById(roleId)
.getRname();
roles += "," + roleName;
}
// 分隔
roles = roles.substring(1);
// 添加到section中
section.put(url, "rolesOr[\"" + roles + "\"]");
}
}
}
}
}
System.out.println("权限:" + section.values());
return section;
}
public Class<?> getObjectType() {
return this.getClass();
}
public boolean isSingleton() {
return false;
}
public void setFilterChainDefinitions(String filterChainDefinitions) {
this.filterChainDefinitions = filterChainDefinitions;
}
}
配置文件:
<bean id="chainDefinitionSectionMetaSource" class="com.hxzSaas.shiro.ChainDefinitionSectionMetaSource">
<property name="filterChainDefinitions">
<value>
<!-- 只有登陆之后才可以访问 -->
/index.jsp = anon
/index.do = anon
/resources/** = anon
/templates/** = anon
/logout.do = logout
/user/UserManager/list.do = rolesOr["admin,超级管理员"]
/** = authc
</value>
</property>
</bean>
<!-- 配置在web.xml 中配置的bean的名称 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login.do" />
<property name="unauthorizedUrl" value="/common/noright.do" />
<property name="filters">
<map>
<entry key="rolesOr" >
<bean class="com.hxzSaas.shiro.RolesOrAuthorizationFilter" />
</entry>
</map>
</property>
<property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />
在配置文件中写url的时候,自定义roleOr过滤器可以使用,比如:/user/UserManager/list.do = rolesOr["管理员"] ,这样配置的角色是管用的,但是,当从数据库中的取出的时候,就会不经过自定义的过滤器,这是什么原因呢??求大神解答,小弟初学者,搞了一个上午,是在无法解决,多谢了
