SSM整合Shiro, 过滤器无效,直接显示登录之后才能看到的页面,请教大神这是怎么回事?

xiamu 发布于 2016/09/26 16:51
阅读 760
收藏 0


项目启动以后,直接显示登录成功之后才能返回的页面,debug的时候发现SecurityFilter 不执行,UserRealm 中添加角色和权限doGetAuthorizationInfo()方法也不执行。请教各位大神,这是哪里出了问题呢?感激不尽!!

controller:

@RequestMapping("/login.do") 

public String login(User user,HttpServletRequest request){

  Subject subject= SecurityUtils.getSubject();  

UsernamePasswordToken token=new UsernamePasswordToken(user.getUsername(),user.getPassword()); 

 try {  

subject.login(token);

  request.getSession().setAttribute("user", user);  

return "redirect:/dashboard/counts.do"; 

 } catch

(Exception e) {

  return "redirect:/login.html?error";  

}



过滤:

public class SecurityFilter extends AccessControlFilter {

        //是否允许访问;mappedValue就是[urls]配置中拦截器参数部分,如果允许访问返回true,否则false
    @Override
    protected boolean isAccessAllowed(ServletRequest request,
                                      ServletResponse response, Object mappedValue) throws Exception {

        // 获取当前网页地址
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String url = httpServletRequest.getRequestURI();

        if (null != token || isLoginRequest(request, response)) {
            return false;
        }
        return true;
    }

    //表示当访问拒绝时是否已经处理了;如果返回true表示需要继续处理;如果返回false表示该拦截器实例已经处理了,直接返回即可
    @Override
    protected boolean onAccessDenied(ServletRequest request,
                                     ServletResponse response) throws Exception {

        //保存Request和Response 到登录后的链接
        saveRequestAndRedirectToLogin(request, response);
        return false ;
    }
}


realm:

public class UserRealm extends AuthorizingRealm {   

 @Resource  

private UserService userService;  

 /**  * 用于权限的认证 

 * @param principalCollection  

* @return  */ 

 @Override  

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

  String username=principalCollection.getPrimaryPrincipal().toString(); 

 SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); 

 Set<String> roleName=userService.findRoles(username); 

 Set<String> permissions=userService.findPermissions(username);  

info.setRoles(roleName); 

info.setStringPermissions(permissions);  

return info;  

}   

/**  * 首先执行这个登录验证  

* @param token 

 * @return  

* @throws AuthenticationException 

 */  

@Override  

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

  //获取用户账号 

 String username=token.getPrincipal().toString();

  User user=userService.findUserByUsername(username); 

 if(user!=null){ 

  AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),user.getUsername()) ;

  return authenticationInfo;  }else {

  return null; 

 }    

}

加载中
返回顶部
顶部