Fatal编程技术网
  • jsf/
  • Jsf ApacheShiro使用;“未经授权的文件”;

Jsf ApacheShiro使用;“未经授权的文件”;

jsf

Jsf ApacheShiro使用;“未经授权的文件”;,jsf,shiro,Jsf,Shiro,我想用权限保护我的所有JSF页面。 例如,只有用户具有“customer:create”权限,才能打开portal/customerEdit.jsf 这是我目前的shiro-web.ini # Using default form based security filter org.apache.shiro.web.filter.authc.FormAuthenticationFilter authc = org.apache.shiro.web.filter.authc.FormAut

我想用权限保护我的所有JSF页面。 例如,只有用户具有“customer:create”权限,才能打开portal/customerEdit.jsf

这是我目前的shiro-web.ini

    # Using default form based security filter org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /common/login.jsf
authc.successUrl = /portal/dashboard.jsf


# Redirect to an access denied page if user does not have access rights
[roles]
roles.unauthorizedUrl = /common/access-denied.jsf

# Protected URLs
[urls]
/portal/customerEdit** = authc, perms["customer:create"]

/WEB-INF/layout/portal/** = authc
/portal/** = authc
/admin/** = authc
安全性正在发挥作用(用户只有在有权限的情况下才能打开页面),但我只有一个带有简单文本的空白屏幕

我想做的是将用户重定向到一个access-denied.jsf页面(如我定义的),但这不起作用……
一个信息:我没有使用“角色”。。。我的所有角色都是数据库中的动态角色

你知道我该如何解决这个问题吗,用户将被重定向到access-denied.jsf页面?

你想针对你在顶部部分(而不是
角色
部分)使用的过滤器设置
unauthorizedUrl

或者使用
shiro.unauthorizedUrl全局设置它

我的猜测是这样的:


# Using default form based security filter org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /common/login.jsf
authc.successUrl = /portal/dashboard.jsf

# Redirect to an access denied page if user does not have access rights
perms.unauthorizedUrl = /common/access-denied.jsf

# Protected URLs
[urls]
/portal/customerEdit** = authc, perms["customer:create"]

/WEB-INF/layout/portal/** = authc
/portal/** = authc
/admin/** = authc



随时通知我们
 谢谢。。。。我尝试过这个,它似乎也起作用了:
anyofpermission=com.app.util.CustomPermissionsAuthorizationFilter#受保护的URL[URL]/portal/absenceReasonEdit**=authc,anyofpermission[customer:create,customer:showDetail]


# Using default form based security filter org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /common/login.jsf
authc.successUrl = /portal/dashboard.jsf

# Redirect to an access denied page if user does not have access rights
perms.unauthorizedUrl = /common/access-denied.jsf

# Protected URLs
[urls]
/portal/customerEdit** = authc, perms["customer:create"]

/WEB-INF/layout/portal/** = authc
/portal/** = authc
/admin/** = authc