shiro 判断ajax是否通过身份验证

这篇文章主要是针对使用shiro后ajax请求判断是否经过验证的问题。

代码:

public class RoleAuthorizationFilter extends AuthenticationFilter {

    private static int bytes = 1024;
    private static int startByte = 0;
    private static int endByte = 0;

    /** * shiro 授权失败会进入此方法 判断是否是ajax请求 */
    @Override
    protected boolean onAccessDenied(ServletRequest request,ServletResponse response) throws Exception {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        String serlvetPath = httpRequest.getServletPath();
        Subject subject = getSubject(request,response);
        if (subject.getPrincipal() == null) {
            // 这里判断是否为ajax请求且是以.do结尾的
            // 如果不是会走shiro默认的权限流程 
            if (isAjax(httpRequest) && serlvetPath.contains(".do")) {
                returnJsonResult(httpResponse,"您尚未登录或登录时间过长,请重新登录!");
            } else {
                saveRequestAndRedirectToLogin(request,response);

            }
        }
        return false;
    }

    private void returnJsonResult(HttpServletResponse httpResponse,String message) {
        httpResponse.setStatus(301);
        httpResponse.setHeader("Content-type","application/json;charset=UTF-8");
        Result result = new Result();
        result.setCode(Const.FAIL);
        result.setMessage(message);
        Gson gson = new Gson();
        String jsonStr = gson.toJson(result);
        try {
            OutputStream os = httpResponse.getOutputStream();
            byte[] jsonByte = jsonStr.getBytes("UTF-8");
            int count = jsonByte.length;
            while (count > 0) {
                if (count < 1024) {
                    endByte = endByte + count;
                } else {
                    endByte = endByte + bytes;
                }
                os.write(jsonByte,startByte,endByte);
                startByte = endByte;
                count = count - bytes;
            }
        } catch (Exception e) {
        }

    }

    /** * 判断ajax请求 * * @param request * @return */
    private boolean isAjax(HttpServletRequest request) {
        return (request.getHeader("X-Requested-With") != null
                && "XMLHttpRequest".equals(request.getHeader("X-Requested-With").toString()));
    }

}

这里说明saveRequestAndRedirectToLogin

进入这个方法是会将当前的请求redirect到spring-shiro.xml配置中的loginUrl