没有重定向四郎过滤器 [英] Shiro Filter without redirect
本文介绍了没有重定向四郎过滤器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个REST接口,它被从前端code通过jQuery,Ajax的请求调用。被叫网址固定用以下shiro.ini:
I have a REST-Interface that gets called from the Front-End code via jquery-Ajax-Requests. The called url is secured with the following shiro.ini:
/api/** = authc
如果用户没有通过验证四郎要重定向到登录,URL和AJAX请求无法处理。我想preFER一个HTML状态code为答案。 什么是实现这一目标的最佳途径?感谢您的解答!
If the user is not authenticated Shiro wants to redirect to the login-Url and the ajax-Request can't handle that. I'd prefer a HTML status code as answer. What's the best way to achieve this? Thanks for any answers!
推荐答案
您需要实现自定义四郎过滤器。 事情是这样的:
You need to implement a custom shiro filter. Something like this:
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException ;
import javax.servlet.http.HttpServletResponse ;
import org.apache.shiro.web.filter.authz.AuthorizationFilter ;
import org.apache.shiro.web.util.WebUtils ;
public class LocalhostFilter extends AuthorizationFilter {
private static final String message = "Access denied.";
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
//do something when access allowed
return true;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
HttpServletResponse httpResponse ;
try { httpResponse = WebUtils.toHttp(response); }
catch (ClassCastException ex) {
// Not a HTTP Servlet operation
return super.onAccessDenied(request, response) ;
}
if ( message == null )
httpResponse.sendError(403) ;
else
httpResponse.sendError(403, message) ;
return false ; // No further processing.
}
}
这篇关于没有重定向四郎过滤器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文