我必须对登录的用户“阻止” login.xhtml页面,他们必须注销才能使用login.xhtml页面。
我将anon或authc放在urls配置上,登录后仍然可以转到login.xhtml。
[main]
...
...
authc=org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /login.xhtml
[urls]
/javax.faces.resource/** = anon
/login.xhtml=anon
/admin/** = authc
/logout = logout
/** = anon
我仅使用shiro.ini文件进行配置 (在退出之前不应该离开我)
答案 0 :(得分:0)
这取决于授权用户点击登录页面时要执行的操作。 如果您只想将其重定向回某些登录页面
您可以通过编程方式检查当前用户是否已通过身份验证:https://shiro.apache.org/subject.html#the-currently-executing-subject
答案 1 :(得分:0)
创建一个新的类过滤器
public class OnlyNotAutenticated extends AccessControlFilter{
String welcomeurl="";
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
Subject subject = getSubject(request, response);
return !subject.isAuthenticated(); // THE POINT
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
WebUtils.issueRedirect(request, response, welcomeurl);
return false;//What to do if try to go to login -> go welcome page of auth ursers
}
public String getWelcomeurl() {
return welcomeurl;
}
public void setWelcomeurl(String welcomeurl) {
this.welcomeurl = welcomeurl;
}
}
在Shiro.ini中:
[main]
...
onlynot=edu.eci.cvds.security.OnlyNotAutenticated ; path of you filter
onlynot.welcomeurl=/bienvenida.xhtml ; url redirect if you try go to login.xhtml
[urls]
/=onlynot ; this is if you <welcome-file> on web.xml is the login page.
/login.xhtml=onlynot