解决方法
重写
FormAuthenticationFilter
类的onAccessDenied方法,并判断如果请求是ajax请求,就在header中添加一个需要登录的标识,并且设置response status为401,避免还是200而继续走ajax的成功回调。然后Ajax添加全局事件,当有需要登录的标识时,将页面定位到登录画面。
重写filter方法
public class MyShiroAuthcFilter extends FormAuthenticationFilter {
public MyShiroAuthcFilter() {
super();
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
return super.onAccessDenied(request, response);
} else {
if (isAjax((HttpServletRequest) request)) {
HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
httpServletResponse.addHeader("REQUIRE_AUTH", "true");
httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
} else {
saveRequestAndRedirectToLogin(request, response);
}
return false;
}
}
private boolean isAjax(HttpServletRequest request) {
String requestedWithHeader = request.getHeader("X-Requested-With");
return "XMLHttpRequest".equals(requestedWithHeader);
}
}配置filter
@Configuration
public class ShiroConfig {
。。。。。
@Bean
public MyShiroAuthcFilter myShiroAuthcFilter() {
return new MyShiroAuthcFilter();
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
filter.setSecurityManager(securityManager);
filter.setLoginUrl("/login");
filter.setSuccessUrl("/index");
filter.setUnauthorizedUrl("/403");
filter.setUnauthorizedUrl("/404");
filter.setUnauthorizedUrl("/500");
Map<String, Filter> filters = filter.getFilters();
filters.put("authd", myShiroAuthcFilter());
filters.put("anon", new AnonymousFilter());
filters.put("logout", new LogoutFilter());
filter.setFilters(filters);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/resources/**", "anon");
filterChainDefinitionMap.put("/loginSubmit", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "authd");
filter.setFilterChainDefinitionMap(filterChainDefinitionMap);
return filter;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}ajax全局事件
$(document).ready(function() {
// 解决session超时,Ajax请求页面不跳转的问题
$(document).ajaxComplete(function(event, xhr, settings) {
if (xhr.getResponseHeader('REQUIRE_AUTH') === 'true') {
window.location.href = ctx + "/index";
}
});
}); 作者:ilaoke
链接:https://www.jianshu.com/p/bc7c839f5bc4
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。