Nutz
  1. 主页/
  2. 问答
NutzCN Logo
问答 Nutzboot中引用shiro注解,@RequiresAuthentication没通过返回404?
发布于 2341天前 作者 songofhawk 3932 次浏览 复制 上一个帖子 下一个帖子
标签:

在一个Nutzboot项目中,引用了shiro的方法注解,一个加了@RequiresAuthentication的方法,调用时如果没有登录,会返回"404-找不到路径"?

按说这是一个检查权限的注解,期望能返回 "401 Unauthorized"

4 回复

看一眼NutShiro类

这个类么? 怎么理解, 是因为跳转到defaultUrl, 然后没找到"/user/login", 才404的是么?

public class NutShiro {

    public static String DefaultLoginURL = "/user/login";
    public static NutMap DefaultUnauthorizedAjax = new NutMap().setv("ok", false).setv("msg", "user.require.auth").setv("type", "user.require.auth");
    public static NutMap DefaultOtherAjax = new NutMap().setv("ok", false).setv("msg", "user.require.login").setv("type", "user.require.login");
    public static NutMap DefaultUnauthenticatedAjax = new NutMap().setv("ok", false).setv("msg", "user.require.unauthorized").setv("type", "user.require.unauthorized");
    public static String DefaultNoAuthURL; // 默认与DefaultLoginURL一致
    
    public static String SessionKey = "me";
    
    public static String AjaxEncode = Encoding.UTF8;
    
    public static final String DEFAULT_CAPTCHA_PARAM = "captcha";
	
	public static boolean isAjax(ServletRequest req) {
	    String value = ((HttpServletRequest)req).getHeader("X-Requested-With");
        if (value != null && "XMLHttpRequest".equalsIgnoreCase(value.trim())) {
            return true;
        }
		return false;
	}
	
	public static void rendAjaxResp(ServletRequest req, ServletResponse resp, Object re) {
		try {
			if (AjaxEncode != null)
				((HttpServletResponse)resp).setCharacterEncoding(AjaxEncode);
			new UTF8JsonView(JsonFormat.compact()).render((HttpServletRequest)req, (HttpServletResponse)resp, re);
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
	
    public static boolean match(Method method) {
        if (method.getAnnotation(RequiresRoles.class) != null 
                || method.getAnnotation(RequiresAuthentication.class) != null
                || method.getAnnotation(RequiresGuest.class) != null
                || method.getAnnotation(RequiresPermissions.class) != null
                || method.getAnnotation(RequiresUser.class) != null
                || method.getAnnotation(NutzRequiresPermissions.class) != null) {
            return true;
        }
        return false;
    }
    
    @SuppressWarnings("unchecked")
	public static Set<String>[] scanRolePermissionInPackage(String pkg, boolean publicOnly) {
    	Set<String> roles = new HashSet<String>();
    	Set<String> permissions = new HashSet<String>();
    	for (Class<?> klass : Scans.me().scanPackage(pkg)) {
			Method[] methods = publicOnly ? klass.getMethods() : klass.getDeclaredMethods();
			for (Method method : methods) {
				RequiresRoles rr = method.getAnnotation(RequiresRoles.class);
				if (rr != null && rr.value().length > 0) {
					for (String role : rr.value()) {
						roles.add(role);
					}
				}
                RequiresPermissions pr = method.getAnnotation(RequiresPermissions.class);
                if (pr != null && pr.value().length > 0) {
                    for (String permission : pr.value()) {
                        permissions.add(permission);
                    }
                }
                NutzRequiresPermissions pr2 = method.getAnnotation(NutzRequiresPermissions.class);
                if (pr2 != null && pr2.value().length > 0) {
                    for (String permission : pr2.value()) {
                        permissions.add(permission);
                    }
                }
			}
		}
    	return new Set[]{roles, permissions};
    }
}

可以修改DefaultNoAuthURL,指向一个入口方法

嗯, 我看到有: DefaultUnauthenticatedAjax 和 DefaultUnauthorizedAjax 两个常量,但没发现在哪里使用了,而我的请求确实也是一个ajax方法,有没有办法直接返回401呢?

添加回复
请先登陆
回到顶部