大家好,问一下,app一个带token的非登录请求,shiro会判断为未登录property name="loginUrl" value="/login" /> 重定向到登录jsp,如何做到免登录不跳转到jsp且正常访问接口
我继承了FormAuthenticationFilter,重写了issueSuccessRedirect,吧第一次的请求存到了缓存,但是第二次非登录请求不能做到免登正常访问,还给重定向了。。。
如果是只访问接口的话可以设置url不走shiro过滤器达到不跳进登录页
<!-- Shiro权限过滤过滤器定义 -->
<bean name="shiroFilterChainDefinitions" class="java.lang.String">
<constructor-arg>
<value>
/registration/smsRegistration/** = anon
/static/** = anon
/userfiles/** = anon
/updatep/** = anon
${commonPath}/** = user
${adminPath}/phone/** = anon
${adminPath}/cas = cas
${adminPath}/login = authc
${adminPath}/logout = anon
${adminPath}/** = user
/act/rest/service/editor/** = perms[act:model:edit]
/act/rest/service/model/** = perms[act:model:edit]
/act/rest/service/** = user
/ReportServer/** = user
</value>
</constructor-arg>
</bean>
<!-- 安全认证过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="${adminPath}/login" />
<property name="successUrl" value="${adminPath}?login" />
<property name="filters">
<map>
<entry key="cas" value-ref="casFilter"/>
<entry key="authc" value-ref="formAuthenticationFilter"/>
</map>
</property>
<property name="filterChainDefinitions">
<ref bean="shiroFilterChainDefinitions"/>
</property>
</bean>
/static/** = anon,配置为不过滤
${commonPath}/** = user,配置为登录后的才可以访问
${adminPath}/login = authc,这个是自定义的权限