重写FormAuthenticationFilter 类的onAccessDenied方法,并判断如果请求是ajax请求,就在header中添加一个需要登录的标识,并且设置response status为401,避免还是200而继续走ajax的成功回调。然后Ajax添加全局事件,当有需要登录的标识时,将页面定位到登录画面。
重写filter方法
public class MyShiroAuthcFilter extends FormAuthenticationFilter { public MyShiroAuthcFilter() { super(); } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if (isLoginRequest(request, response)) { return super.onAccessDenied(request, response); } else { if (isAjax((HttpServletRequest) request)) { HttpServletResponse httpServletResponse = WebUtils.toHttp(response); httpServletResponse.addHeader("REQUIRE_AUTH", "true"); httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value()); } else { saveRequestAndRedirectToLogin(request, response); } return false; } } private boolean isAjax(HttpServletRequest request) { String requestedWithHeader = request.getHeader("X-Requested-With"); return "XMLHttpRequest".equals(requestedWithHeader); } }配置filter
@Configuration public class ShiroConfig { 。。。。。 @Bean public MyShiroAuthcFilter myShiroAuthcFilter() { return new MyShiroAuthcFilter(); } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } @Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean(); filter.setSecurityManager(securityManager); filter.setLoginUrl("/login"); filter.setSuccessUrl("/index"); filter.setUnauthorizedUrl("/403"); filter.setUnauthorizedUrl("/404"); filter.setUnauthorizedUrl("/500"); Map<String, Filter> filters = filter.getFilters(); filters.put("authd", myShiroAuthcFilter()); filters.put("anon", new AnonymousFilter()); filters.put("logout", new LogoutFilter()); filter.setFilters(filters); Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); filterChainDefinitionMap.put("/resources/**", "anon"); filterChainDefinitionMap.put("/loginSubmit", "anon"); filterChainDefinitionMap.put("/logout", "logout"); filterChainDefinitionMap.put("/**", "authd"); filter.setFilterChainDefinitionMap(filterChainDefinitionMap); return filter; } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } }ajax全局事件
$(document).ready(function() { // 解决session超时,Ajax请求页面不跳转的问题 $(document).ajaxComplete(function(event, xhr, settings) { if (xhr.getResponseHeader('REQUIRE_AUTH') === 'true') { window.location.href = ctx + "/index"; } }); });作者:ilaoke 链接:https://www.jianshu.com/p/bc7c839f5bc4 来源:简书 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
