roles中只有“admin”,而rolesOr[“admin”,“admin1”],每次都能通过验证?打印role也只有一个“admin”,这是为什么呢?浏览器,idea,tomcat都重启过了,缓存也清了。
public class RolesAuthorizationFilter extends AuthorizationFilter {
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
//no roles specified, so nothing to check - allow access.
return true;
}
Set<String> roles = CollectionUtils.asSet(rolesArray);
return subject.hasAllRoles(roles);
}
}
rolesOr这个自定义的filter就是实现满足数组参数中的任意一个角色都能通过的,过滤实现的是or的关系。而shiro自带的roles角色过滤是and的关系.