问题遇到的现象和发生背景
自定义ShiroFilter,在登陆成功后访问接口时,会一直被拦截并报错”登陆失败“
问题相关代码,请勿粘贴截图
public class AuthFilter extends BasicHttpAuthenticationFilter {
private static final Log logger = LogFactory.getLog(AuthFilter.class);
@Override
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
//获取请求token
String token = TokenUtil.getRequestToken((HttpServletRequest) request);
return new AuthToken(token);
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (((HttpServletRequest) request).getMethod().equals(RequestMethod.OPTIONS.name())) {
return true;
}
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//获取请求token,如果token不存在,直接返回
String token = null;
token = TokenUtil.getRequestToken((HttpServletRequest) request);
logger.info("从前端获取的token:" + token);
if (StringUtils.isBlank(token)) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtil.getOrigin());
httpResponse.setCharacterEncoding("UTF-8");
httpResponse.setContentType("application/json");
JSONObject result = new JSONObject();
result.put("errorCode",ReturnUtil.NO_LOGIN);
result.put("status",403);
result.put("errorMsg", "验证失败,token为空,请重新登录");
httpResponse.getOutputStream().write(result.toString().getBytes());
httpResponse.getOutputStream().close();
logger.info("onLoginFailure --------> 验证失败,token为空,请重新登录");
return false;
}
return executeLogin(request, response);
}
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setContentType("application/json;charset=utf-8");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtil.getOrigin());
httpResponse.setCharacterEncoding("UTF-8");
try {
//处理登录失败的异常
JSONObject result = new JSONObject();
result.put("errorCode",ReturnUtil.NO_LOGIN);
result.put("status",403);
result.put("errorMsg", "登录失败");
httpResponse.getOutputStream().write(result.toString().getBytes());
httpResponse.getOutputStream().close();
logger.info("onLoginFailure --------> 登录失败");
} catch (IOException exception) {
exception.printStackTrace();
logger.error("e:" + e);
}
return false;
}
/**
* 对跨域提供支持
*/
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
// 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态
if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
httpServletResponse.setStatus(Integer.parseInt(ReturnUtil.SUCCESS));
return false;
}
return super.preHandle(request, response);
}
}
运行结果及报错内容
在登录成功后,进入首页,访问接口时,最后会进入onLoginFailure这个方法,并返回前端提示错误信息
我的解答思路和尝试过的方法
我想要达到的结果
能够成功的访问接口