This article controls whether the Controller method can be accessed based on the Shiro permission annotation mode.
For example, use to annotations:
@RequiresPermissions
To control whether there is a corresponding permission to access
@RequiresUser
To control the presence of a user's logon status to access
Want to know how Shiro through annotations to control permissions, you can view the source code AopAllianceAnnotationsAuthorizingMethodInterceptor
, its construction method has added several corresponding permissions annotation method Interceptor (not detailed here).
When a user requests a method that uses these annotation methods, if the permission check is not passed. Shiro throws the following two sets of types of exceptions.
Login Authentication class Exception Unauthenticatedexception.class, Authenticationexception.class
Privilege Authentication class Exception Unauthorizedexception.class, Authorizationexception.class
(Each specific exception corresponding to which annotation, we look at the source code to understand)
To get to the point, directly on the code, through the code to explain the purpose of this article "to make an AJAX request, if the requested URL is controlled by the annotation permission, in the absence of permission or login failure, if the return of the JSON method (if the user is not logged in, most of the direct jump to the login page)".
Through a basecontroller to the unified processing, and then by the other Controller to inherit, for JSON and page jump, we only need to do an AJAX judgment processing.
The code is as follows:
/** * Basecontroller * * @author Tan Hongyu (365384722) * @myblog http://blog.csdn.net/catoop/* @creat E April 4, 2017 * / Public Abstract class basecontroller { /** * Login Authentication exception * / @ExceptionHandler({unauthenticatedexception.class, authenticationexception.class}) PublicStringauthenticationexception(HttpServletRequest request, httpservletresponse response) {if(Webutilspro.isajaxrequest (Request)) {//Output JSONmap<string,object> map =NewHashmap<> (); Map.put ("Code"," -999"); Map.put ("Message","not logged in"); Writejson (map, response);return NULL; }Else{return "Redirect:/system/login"; } }/** * Privilege Exception * / @ExceptionHandler({unauthorizedexception.class, authorizationexception.class}) PublicStringauthorizationexception(HttpServletRequest request, httpservletresponse response) {if(Webutilspro.isajaxrequest (Request)) {//Output JSONmap<string,object> map =NewHashmap<> (); Map.put ("Code"," -998"); Map.put ("Message","No Permissions"); Writejson (map, response);return NULL; }Else{return "redirect:/system/403"; } }/** * Output JSON * * @param response * @author shanhy * @create April 2017 4th * / Private void Writejson(map<string,object> Map, httpservletresponse response) {PrintWriter out =NULL;Try{response.setcharacterencoding ("UTF-8"); Response.setcontenttype ("Application/json; Charset=utf-8 "); out = Response.getwriter (); Out.write (Jsonutil.maptojson (map)); }Catch(IOException e) {E.printstacktrace (); }finally{if(Out! =NULL) {out.close (); } } }}
Public class webutilspro { /** * is an AJAX request * * @param request * @return * @author shanhy * @create April 4, 2017 * / Public Static Boolean isajaxrequest(HttpServletRequest request) {String Requestedwith = Request.getheader ("X-requested-with");if(Requestedwith! =NULL&& Requestedwith.equalsignorecase ("XMLHttpRequest")) {return true; }Else{return false; } }}
Here's a normal Controller.
@Controller@RequestMapping Public class pagecontroller extends basecontroller{ @RequiresUser @RequestMapping(value="/main", Method=requestmethod.get) PublicStringMain(Model model) {return "Main"; }@RequiresUser @RequestMapping(value="/getdata", Method=requestmethod.post)@ResponseBody PublicList<string>GetData(Model model) {List<string> List =NewArraylist<> (); List.add ("Data1"); List.add ("Data2");returnList }}
When we use Ajax to request/getdata, if the user is not logged in. The JSON result corresponding to no login is returned.
When a page makes an AJAX request, it discovers that the user is not logged in and may need to interact with the page based on the response results, rather than directly redirecting the violence to the login page.
Shiro Ajax request does not have permission to return JSON, no login to return JSON