<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="login.html" />
<property name="unauthorizedUrl" value="403.html" />
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin.shtml = anon
/login.jsp = anon
/testRole = roles["admin"]
/testRole1 = roles["admin", "admin1"]
/testPerms = perms["user:delete"]
/testPerms1 = perms["user:delete", "user:update"]
/testRole = roles["admin", "admin1"]
/* = authc
</value>
</property>
</bean>
自定义过滤器
public class RolesOrFilter extends AuthorizationFilter {
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
Subject subject = getSubject(servletRequest, servletResponse);
String [] roles = (String[]) o;
if (roles == null || roles.length == 0) {
return true;
}
for (String role : roles) {
if (subject.hasRole(role)) {
return true;
}
}
return false;
}
}
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="login.html" />
<property name="unauthorizedUrl" value="403.html" />
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/testRole = roles["admin", "admin1"]
/testRole1 = rolesOr["admin", "admin1"]
/* = authc
</value>
</property>
<property name="filters">
<map>
<entry key="rolesOr" value-ref="rolesOrFilter" />
</map>
</property>
</bean>
<bean class="com.fengwenyi.ssmshiroweb.filter.RolesOrFilter" id="rolesOrFilter" />