shiro控制返回的三种形式

阅读更多

 

返回状态码,json格式适用于前后分离时,前段清一色的ajax,他们判断你登录成功,或者没有权限等,不能解析你的返回url页面,这时你重写在用url跳转的时候判断是ajax请求就返回状态码给前台,不做跳转

 

 response中的内容只要mvc返回了就自动会返回页面,在相应的结构可以看到,+return null;或者return;

用response.getWriter().print("未找到图片");/////////////打印普通字符或者response.getOutputStream().write(bytes,0,length);///打印流=@ResponseBody  最好加return null;

这是自动当着页面返回请求页(下载之类)

 

shiro控制返回的三种形式:

 

整个思路:url配置了不一样用,判断是ajax就返回状态码,普通请求就用url跳转

 

1,跳转:

 

自己写跳转:

@Override

protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {

 

RequestDispatcher rd=null;

try{

//this.saveRequestAndRedirectToLogin(request, response);

request.setAttribute("msg", "用户名或密码不正确");

rd = request.getRequestDispatcher("/login");

this.setFailureAttribute(request, e);

rd.forward(request, response);

}catch (Exception e1){

//rd.forward();

}

 

return true;

}

 

 

用框架的跳转:

  protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {

        this.issueSuccessRedirect(request, response);

        return false;

    }

 

 

 

 

2,返回json和状态码:

@Override

protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {

HttpServletRequest request = (HttpServletRequest) servletRequest;

HttpServletResponse response = (HttpServletResponse) servletResponse;

String requestType = request.getHeader("X-Requested-With");

String contentType = request.getHeader("content-type");

request.getHeaderNames();

if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {

 

response.addHeader("loginStatus", "accessDenied");

response.sendError(HttpServletResponse.SC_FORBIDDEN);

response.setCharacterEncoding("UTF-8");

response.setContentType("application/json");

return false;//状态码

}

 

String method = request.getMethod();

if("GET".equalsIgnoreCase(method)){//跳转

WebUtils.issueRedirect(request, response, "/");

return false;

}

return super.onAccessDenied(request, response);

}

 

 

 

 

我们shiro配置的successurl是在onLoginSuccess用

 

 

 

   protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {

        this.issueSuccessRedirect(request, response);

        return false;

    }

 

 protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {

        WebUtils.redirectToSavedRequest(request, response, this.getSuccessUrl());

    }

 

 

 

 

 

自定义的onLoginSuccess也可以像上面一样判断如果是ajax返回状态码(下面的代码没加)

@Override

protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {

Session session = subject.getSession();

Map attributes = new HashMap();

Collection keys = session.getAttributeKeys();

for (Object key : keys) {

attributes.put(key, session.getAttribute(key));

}

//session.stop();

session = subject.getSession();

for (Entry entry : attributes.entrySet()) {

session.setAttribute(entry.getKey(), entry.getValue());

}

setLoginSession(servletRequest, servletResponse);

 

return super.onLoginSuccess(token, subject, servletRequest, servletResponse);

}

 

 

你可能感兴趣的:(shiro,ajax)