改写源代码,使得认证成功后跳转到successUrl路径

原创
2016/03/31 14:56
阅读数 656
package com.sniper.shiro.security.web.interceptor;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.SavedRequest;
import org.apache.shiro.web.util.WebUtils;

public class MyFormAuthenticationFilter extends FormAuthenticationFilter {
    
    /**
     * 改写源代码,使得认证成功后跳转到successUrl路径
     */
    @Override
    protected boolean onLoginSuccess(AuthenticationToken token,
            Subject subject, ServletRequest request, ServletResponse response)
            throws Exception {
        //return super.onLoginSuccess(token, subject, request, response);
        
        String fallbackUrl = this.getSuccessUrl();
        
        String successUrl = null;
        boolean contextRelative = true;
        SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
        if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {
            successUrl = savedRequest.getRequestUrl();
            contextRelative = false;
        }

        if(!StringUtils.isEmpty(fallbackUrl) && !AuthenticationFilter.DEFAULT_SUCCESS_URL.equals(fallbackUrl)) {
            successUrl = ((HttpServletRequest)request).getContextPath() + fallbackUrl;
        }
        
        if (successUrl == null) {
            successUrl = this.getSuccessUrl();
        }

        if (successUrl == null) {
            throw new IllegalStateException("Success URL not available via saved request or via the " +
                    "successUrlFallback method parameter. One of these must be non-null for " +
                    "issueSuccessRedirect() to work.");
        }

        WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
        
        return false;
    }
    
}

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
     http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
     http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
    
    <!-- Shiro 的Web过滤器 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        
        <property name="filters">
            <map>
                <entry key="authc" value-ref="formAuthenticationFilter" />
            </map>
        </property>
        
        <!-- 访问所有需要认证的路径都跳转到该地址 -->
        <property name="loginUrl" value="/login.do" />
        
        <!-- 认证成功统一跳转到index.do,如果不配置,就跳转到上一请求路径 -->
        <property name="successUrl" value="/index.do" />
        
        <!-- 过虑器链,从上向下顺序执行 -->
        <property name="filterChainDefinitions">
            <value>
                <!-- 可匿名访问   -->
                /login.jsp = anon
                
                /refuse.jsp = anon
                <!-- 静态资源可匿名访问 -->
                /images/** = anon
                /js/** = anon
                <!-- 登出过滤器,自动清空缓存,清空session中数据,不需要有实际的logout方法 -->
                /logout.do = logout
                <!-- 必须通过认证,默认为FormAuthenticationFilter过滤器 -->
                /** = authc
            </value>
        </property>
    </bean>
    
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>
    
    <!-- 安全管理器 -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="myRealm" />
        <property name="cacheManager" ref="cacheManager" />
    </bean>
    
    <bean id="myRealm" class="com.sniper.shiro.security.realm.MyRealm">
        <property name="credentialsMatcher" ref="credentialsMatcher" />
    </bean>
    
    <!-- 改写源代码,使得认证成功后跳转到successUrl路径 -->
    <bean id="formAuthenticationFilter"  class="com.sniper.shiro.security.web.interceptor.MyFormAuthenticationFilter">
        <property name="usernameParam" value="username" />
        <property name="passwordParam" value="password" />
    </bean>
    
</beans>


展开阅读全文
打赏
1
2 收藏
分享
加载中
更多评论
打赏
0 评论
2 收藏
1
分享
在线直播报名
返回顶部
顶部