标签:
public class AnyRolesFilter extends AccessControlFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
String[] roles = (String[]) mappedValue;
if(roles != null){
for(String role:roles){
if(getSubject(request,response).hasRole(role)){
return true;
}
}
}
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//如果登陆了还没权限则表示真的权限
if(getSubject(request, response).isAuthenticated()){
WebUtils.issueRedirect(request,response,"/unauthorized.jsp");
}else{
//可能是没登陆才没权限
WebUtils.issueRedirect(request,response,"/login.jsp");
}
return false;
}
}
ini配置: [filters] anyRoles=com.test.shiro.filter.AnyRolesFilter [urls] /user=authc,anyRoles[user,admin]
标签:
原文地址:http://my.oschina.net/scjelly/blog/526625
