Shiro登录成功后自定义操作


Shiro登录成功后,默认返回登录前访问的URL。但是有些时候,这样并不能满足程序的要求,例如要跳出IFrame,要实现这样的要求,可以覆盖FormAuthenticationFilter中的onLoginSuccess方法。

01 package com.ygsoft.security.shiro;
02   
03 import javax.servlet.ServletRequest;
04 import javax.servlet.ServletResponse;
05 import javax.servlet.http.HttpServletRequest;
06 import javax.servlet.http.HttpServletResponse;
07   
08 import org.apache.shiro.authc.AuthenticationToken;
09 import org.apache.shiro.subject.Subject;
10 import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
11 import org.apache.shiro.web.util.WebUtils;
12   
13 /**
14  *
15  * @author ketayao
16  * Version 1.1.0
17  * @since 2012-8-7 上午9:20:26
18  */
19   
20 public class CaptchaFormAuthenticationFilter extends FormAuthenticationFilter {
21   
22     private String captchaParam = SimpleCaptchaServlet.CAPTCHA_KEY;
23   
24     public String getCaptchaParam() {
25         return captchaParam;
26     }
27   
28     protected String getCaptcha(ServletRequest request) {
29         return WebUtils.getCleanParam(request, getCaptchaParam());
30     }
31   
32     @Override
33     protected AuthenticationToken createToken(ServletRequest request,
34             ServletResponse response) {
35         String username = getUsername(request);
36         String password = getPassword(request);
37         String captcha = getCaptcha(request);
38         boolean rememberMe = isRememberMe(request);
39         String host = getHost(request);
40         return new CaptchaUsernamePasswordToken(username, password, rememberMe,
41                 host, captcha);
42     }
43   
44     /**
45      * 覆盖默认实现,用sendRedirect直接跳出框架,以免造成js框架重复加载js出错。
46      * @param token
47      * @param subject
48      * @param request
49      * @param response
50      * @return
51      * @throws Exception 
52      * @see org.apache.shiro.web.filter.authc.FormAuthenticationFilter#onLoginSuccess(org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.subject.Subject, javax.servlet.ServletRequest, javax.servlet.ServletResponse)
53      */
54     @Override
55     protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,
56             ServletRequest request, ServletResponse response) throws Exception {
57         //issueSuccessRedirect(request, response);
58         //we handled the success redirect directly, prevent the chain from continuing:
59         HttpServletRequest httpServletRequest = (HttpServletRequest)request;
60         HttpServletResponse httpServletResponse = (HttpServletResponse)response;
61           
62         if (!"XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With"))
63                 || request.getParameter("ajax") == null) {// 不是ajax请求
64             httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.getSuccessUrl());
65         else {
66             httpServletRequest.getRequestDispatcher("/login/timeout/success").forward(httpServletRequest, httpServletResponse);
67         }
68           
69         return false;
70     }
71 }
然后修改配置文件。

view source
print ?
01
02     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
03         <property name="securityManager" ref="securityManager" />
04         <property name="loginUrl" value="/login" />
05         <property name="successUrl" value="/management/index" />
06         <property name="filters">
07             <map>
08                  <entry key="authc" value-ref="captchaFormAuthenticationFilter"/>
09             map>
10         property>
11         <property name="filterChainDefinitions">
12             <value>
13                 /Captcha.jpg = anon
14                 /styles/** = anon
15                 /Captcha.jpg = anon
16                 /login/timeout = anon
17                 /login = authc
18                 /logout = logout
19                 /** = user
20             value>
21         property>
22     bean>

你可能感兴趣的:(java)