com.wang.config.shiro.jwt

Class JwtFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

org.apache.shiro.web.filter.AccessControlFilter

org.apache.shiro.web.filter.authc.AuthenticationFilter

org.apache.shiro.web.filter.authc.AuthenticatingFilter

org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

com.wang.config.shiro.jwt.JwtFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor

public class JwtFilter
extends org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

JWT过滤

Author:

dolyw.com

Field Summary

Fields inherited from class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

AUTHENTICATE_HEADER, AUTHORIZATION_HEADER

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

PERMISSIVE

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

DEFAULT_SUCCESS_URL

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor and Description
JwtFilter()

Method Summary

Modifier and Type	Method and Description
protected boolean	executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) 进行AccessToken登录认证授权
protected boolean	isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) 这里我们详细说明下为什么最终返回的都是true，即允许访问 例如我们提供一个地址 GET /article 登入用户和游客看到的内容是不同的 如果在这里返回了false，请求会被直接拦截，用户看不到任何东西 所以我们在这里返回true，Controller中可以通过 subject.isAuthenticated() 来判断用户是否登入 如果有些资源只有登入用户才能访问，我们只需要在方法上面加上 @RequiresAuthentication 注解即可 但是这样做有一个缺点，就是不能够对GET,POST等请求进行分别过滤鉴权(因为我们重写了官方的方法)，但实际上对应用影响不大
protected boolean	isLoginAttempt(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) 检测Header里面是否包含Authorization字段，有就进行Token登录认证授权
protected boolean	onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) 这里我们详细说明下为什么重写 可以对比父类方法，只是将executeLogin方法调用去除了 如果没有去除将会循环调用doGetAuthenticationInfo方法
protected boolean	preHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) 对跨域提供支持

Methods inherited from class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

createToken, getApplicationName, getAuthcScheme, getAuthzHeader, getAuthzScheme, getPrincipalsAndCredentials, getPrincipalsAndCredentials, isLoginAttempt, isLoginRequest, sendChallenge, setApplicationName, setAuthcScheme, setAuthzScheme

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

cleanup, createToken, createToken, getHost, isPermissive, isRememberMe, onLoginFailure, onLoginSuccess

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

getSuccessUrl, issueSuccessRedirect, setSuccessUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

getLoginUrl, getSubject, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

JwtFilter

public JwtFilter()

Method Detail

isAccessAllowed

protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)

这里我们详细说明下为什么最终返回的都是true，即允许访问 例如我们提供一个地址 GET /article 登入用户和游客看到的内容是不同的 如果在这里返回了false，请求会被直接拦截，用户看不到任何东西 所以我们在这里返回true，Controller中可以通过 subject.isAuthenticated() 来判断用户是否登入 如果有些资源只有登入用户才能访问，我们只需要在方法上面加上 @RequiresAuthentication 注解即可 但是这样做有一个缺点，就是不能够对GET,POST等请求进行分别过滤鉴权(因为我们重写了官方的方法)，但实际上对应用影响不大

Overrides:

isAccessAllowed in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

onAccessDenied

protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception

这里我们详细说明下为什么重写 可以对比父类方法，只是将executeLogin方法调用去除了 如果没有去除将会循环调用doGetAuthenticationInfo方法

Overrides:

onAccessDenied in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

Throws:

Exception

isLoginAttempt

protected boolean isLoginAttempt(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)

检测Header里面是否包含Authorization字段，有就进行Token登录认证授权

Overrides:

isLoginAttempt in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

executeLogin

protected boolean executeLogin(javax.servlet.ServletRequest request,
                               javax.servlet.ServletResponse response)
                        throws Exception

进行AccessToken登录认证授权

Overrides:

executeLogin in class org.apache.shiro.web.filter.authc.AuthenticatingFilter

Throws:

Exception

preHandle

protected boolean preHandle(javax.servlet.ServletRequest request,
                            javax.servlet.ServletResponse response)
                     throws Exception

对跨域提供支持

Overrides:

preHandle in class org.apache.shiro.web.filter.PathMatchingFilter

Throws:

Exception