本文介绍了如何在SpringBoot中结合Shiro框架自定义登录过滤器,以返回自定义的状态码和错误信息。通过创建`ShiroLoginFilter`类并覆盖`onAccessDenied`方法,设置响应头、状态码和消息,实现了当用户未登录时返回401状态码。在`ShiroConfig`配置中,将这个过滤器应用到特定的API路径上,确保了在postman调用时能够接收到正确的响应。
springboot +shiro自定义状态码返回
- 编写自定义Filter
public class ShiroLoginFilter extends FormAuthenticationFilter {
private Integer code;
private String message;
public ShiroLoginFilter(Integer code,String message){
this.code = code;
this.message = message;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
//这里是个坑,如果不设置的接受的访问源,那么前端都会报跨域错误,因为这里还没到corsConfig里面
httpServletResponse.setHeader("Access-Control-Allow-Origin", ((HttpServletRequest) request).getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
httpServletResponse.setStatus(code);
httpServletResponse.getWriter().write(message);
return false;
}
}
- ShiroConfig里面
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
Map<String, Filter> filters = new LinkedHashMap<>(); //过滤链
PassUrlSingleton.INSTANCE.patterns(filterChainDefinitionMap);
filters.put("authLogin", new ShiroLoginFilter(401,"User not logged in"));//自定义状态码
shiroFilterFactoryBean.setFilters(filters);
filterChainDefinitionMap.put("/api/**", "authLogin");
3.postman调用
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
