使用 Shiro.ini ,如何阻止已登录用户的页面? (只有未登录的用户才能看到页面)
With Shiro.ini , How I can block a page of a logged users? (only NOT logged user can see a page)
我必须 "block" login.xhtml 页面到登录用户,他们必须注销才能使用 login.xhtml 页面。
我在 urls 配置上设置了 anon 或 authc,登录后仍然可以转到 login.xhtml。
[main]
...
...
authc=org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /login.xhtml
[urls]
/javax.faces.resource/** = anon
/login.xhtml=anon
/admin/** = authc
/logout = logout
/** = anon
我只使用 shiro.ini 文件来配置
(它不应该离开我直到注销)
这取决于当授权用户点击您的登录页面时您想做什么。
如果您只想将他们重定向回某个着陆页
您可以通过编程方式检查当前用户是否已通过身份验证:https://shiro.apache.org/subject.html#the-currently-executing-subject
Create a new class filter
public class OnlyNotAutenticated extends AccessControlFilter{
String welcomeurl="";
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
Subject subject = getSubject(request, response);
return !subject.isAuthenticated(); // THE POINT
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
WebUtils.issueRedirect(request, response, welcomeurl);
return false;//What to do if try to go to login -> go welcome page of auth ursers
}
public String getWelcomeurl() {
return welcomeurl;
}
public void setWelcomeurl(String welcomeurl) {
this.welcomeurl = welcomeurl;
}
}
在Shiro.ini中:
[main]
...
onlynot=edu.eci.cvds.security.OnlyNotAutenticated ; path of you filter
onlynot.welcomeurl=/bienvenida.xhtml ; url redirect if you try go to login.xhtml
[urls]
/=onlynot ; this is if you <welcome-file> on web.xml is the login page.
/login.xhtml=onlynot
我必须 "block" login.xhtml 页面到登录用户,他们必须注销才能使用 login.xhtml 页面。
我在 urls 配置上设置了 anon 或 authc,登录后仍然可以转到 login.xhtml。
[main]
...
...
authc=org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /login.xhtml
[urls]
/javax.faces.resource/** = anon
/login.xhtml=anon
/admin/** = authc
/logout = logout
/** = anon
我只使用 shiro.ini 文件来配置 (它不应该离开我直到注销)
这取决于当授权用户点击您的登录页面时您想做什么。 如果您只想将他们重定向回某个着陆页
您可以通过编程方式检查当前用户是否已通过身份验证:https://shiro.apache.org/subject.html#the-currently-executing-subject
Create a new class filter
public class OnlyNotAutenticated extends AccessControlFilter{
String welcomeurl="";
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
Subject subject = getSubject(request, response);
return !subject.isAuthenticated(); // THE POINT
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
WebUtils.issueRedirect(request, response, welcomeurl);
return false;//What to do if try to go to login -> go welcome page of auth ursers
}
public String getWelcomeurl() {
return welcomeurl;
}
public void setWelcomeurl(String welcomeurl) {
this.welcomeurl = welcomeurl;
}
}
在Shiro.ini中:
[main]
...
onlynot=edu.eci.cvds.security.OnlyNotAutenticated ; path of you filter
onlynot.welcomeurl=/bienvenida.xhtml ; url redirect if you try go to login.xhtml
[urls]
/=onlynot ; this is if you <welcome-file> on web.xml is the login page.
/login.xhtml=onlynot