DYBG/src/main/java/com/stone/conf/filter/AjaxPermissionsAuthorizatio...


								package com.stone.conf.filter;


								import cn.hutool.core.util.StrUtil;

								import com.alibaba.fastjson.JSONObject;

								import com.stone.api.enums.ResultCode;

								import com.stone.conf.redis.RedisHelper;

								import org.apache.shiro.SecurityUtils;

								import org.apache.shiro.subject.Subject;

								import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

								import org.apache.shiro.web.util.WebUtils;

								import org.springframework.boot.web.servlet.FilterRegistrationBean;

								import org.springframework.context.annotation.Bean;


								import javax.servlet.ServletRequest;

								import javax.servlet.ServletResponse;

								import javax.servlet.http.HttpServletRequest;

								import javax.servlet.http.HttpServletResponse;

								import java.io.PrintWriter;


								/**

								 * 对没有登录的请求进行拦截, 全部返回json信息.

								 * 覆盖掉shiro原本的跳转login.jsp的拦截方式

								 */

								public class AjaxPermissionsAuthorizationFilter extends FormAuthenticationFilter {


								    @Override

								    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) {

								        if ("OPTIONS".equals(WebUtils.toHttp(request).getMethod())) {

								            return true;

								        }

								        String token = WebUtils.toHttp(request).getHeader("Authorization");

								        if (StrUtil.isEmpty(token) || (StrUtil.isNotEmpty(token) && !RedisHelper.exists(token))) {

								            JSONObject jsonObject = new JSONObject();

								            jsonObject.put("returnCode", 20011);

								            jsonObject.put("returnMsg", "用户未登录");

								            PrintWriter out = null;

								            HttpServletResponse res = (HttpServletResponse) response;

								            // 接下来的几句话是个坑，一定要加上，跨域访问才可以正常退出。

								            res.setHeader("Access-Control-Allow-Origin", ((HttpServletRequest) request).getHeader("Origin"));

								            res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");

								            res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");

								            res.setHeader("Access-Control-Allow-Credentials", "true");

								            try {

								                res.setCharacterEncoding("UTF-8");

								                res.setContentType("application/json");

								                out = response.getWriter();

								                out.println(jsonObject);

								            } catch (Exception ignored) {

								            } finally {

								                if (out != null) {

								                    out.flush();

								                    out.close();

								                }

								            }

								            return false;

								        }

								        return true;

								    }


								    @Bean

								    public FilterRegistrationBean<AjaxPermissionsAuthorizationFilter> registration(AjaxPermissionsAuthorizationFilter filter) {

								        FilterRegistrationBean<AjaxPermissionsAuthorizationFilter> registration = new FilterRegistrationBean<>(filter);

								        registration.setEnabled(false);

								        return registration;

								    }


								}