我用accesstokenFilter和permission,因为是前后端分离,每次都是无登陆状态,shiro直接判断无权限跳转login了,也不进去actionfilter, 两者不能同时用吗?
10 回复
兽总早啊!
shiro.ini
[main]
nutzdao_realm = me.cdroid.nutz.shiro.realm.SimpleAuthorizingRealm
authc = org.nutz.integration.shiro.SimpleAuthenticationFilter
authc.loginUrl = /user/login
logout.redirectUrl= /user/login
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile=classpath:ehcache.xml
nutzdao_realm.cacheManager = $cacheManager
[urls]
/rs/* = anon
/user/logout = logout
/user/error = anon
/user/login = anon
/user/profile/active/mail = anon
入口函数, url是 /monitor/list
@At
@Filters(@By(type = AccessTokenFilter.class))
@RequiresPermissions("monitor:query")
public Object list(@Param("searchkey")String searchkey, @Param("..")Pager pager) {
Cnd cnd = Strings.isBlank(searchkey)? Cnd.NEW() : Cnd.where("name", "like", "%"+searchkey+"%");
cnd.asc("createTime");
return ajaxOk(query(Monitor.class, cnd, pager, null));
}
把mvc-chain.js贴一下, 就是MainModule的@ChainBy(args = "xxx")引用的那个文件, 调整一下NutShiroProcessor与ActionFiltersProcessor的前后关系就可以了
本来nutzShiroProcessor 是在上面的,我改到下面了,可以了!感谢兽总!
var chain={
"default" : {
"ps" : [
"me.cdroid.nutz.mvc.LogTimeProcessor",
"org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor",
"org.nutz.mvc.impl.processor.EncodingProcessor",
"org.nutz.mvc.impl.processor.ModuleProcessor",
"org.nutz.mvc.impl.processor.ActionFiltersProcessor",
"org.nutz.integration.shiro.NutShiroProcessor",
"org.nutz.mvc.impl.processor.AdaptorProcessor",
"org.nutz.mvc.impl.processor.MethodInvokeProcessor",
"org.nutz.mvc.impl.processor.ViewProcessor"
],
"error" : 'org.nutz.mvc.impl.processor.FailProcessor'
}
};
@chafferer 兽总,axios 请求访问后台,我header 加了 Api-* 这几个自定义的header ,acctokenTokenFilter 里面的request 老是找不到,有啥建议木有
@wendal 兽总,axios 请求访问后台,我header 加了 Api-* 这几个自定义的header ,acctokenTokenFilter 里面的request 老是找不到,有啥建议木有
添加回复
请先登陆