package com.whyc.filter;
|
|
import com.whyc.pojo.User;
|
import org.apache.shiro.subject.Subject;
|
import org.apache.shiro.util.CollectionUtils;
|
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
|
|
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletResponse;
|
import java.util.Set;
|
|
/**
|
* 自定义过滤规则,只需要包含某个角色,就授权
|
*/
|
public class RolesOrAuthorizationFilter extends AuthorizationFilter {
|
@Override
|
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
|
Subject subject = getSubject(request, response);
|
String[] rolesArray = (String[]) mappedValue;
|
|
if (rolesArray == null || rolesArray.length == 0) {
|
return true;
|
}
|
|
Set<String> roles = CollectionUtils.asSet(rolesArray);
|
|
//判断为or
|
User user = (User) subject.getPrincipals().getPrimaryPrincipal();
|
for (String role :roles){
|
if (subject.hasRole(role)){
|
return true;
|
}
|
}
|
return false;
|
}
|
}
|
