12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- package com.yaozhitech.spring5.filter;
- import java.io.IOException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.http.HttpServletResponse;
- import org.apache.shiro.subject.Subject;
- import org.apache.shiro.web.filter.authz.AuthorizationFilter;
- import org.apache.shiro.web.util.WebUtils;
- import org.springframework.http.HttpStatus;
- public class AnyRolesAuthorizationFilter extends AuthorizationFilter {
-
- @Override
- protected void postHandle(ServletRequest request, ServletResponse response){
- }
- @Override
- protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object mappedValue) throws Exception {
- Subject subject = getSubject(servletRequest, servletResponse);
- String[] rolesArray = (String[]) mappedValue;
- if (rolesArray == null || rolesArray.length == 0) { //没有角色限制,有权限访问
- return true;
- }
- for (String role : rolesArray) {
- if (subject.hasRole(role)) //若当前用户是rolesArray中的任何一个,则有权限访问
- return true;
- }
- return false;
- }
- @Override
- protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
- HttpServletResponse httpResponse = WebUtils.toHttp(response);
- httpResponse.setCharacterEncoding("UTF-8");
- httpResponse.setContentType("application/json;charset=utf-8");
- httpResponse.setStatus(HttpStatus.UNAUTHORIZED.ordinal());
- return false;
- }
- }
|