happy-tao/AnyRolesAuthorizationFilter.java

## AnyRolesAuthorizationFilter.java
package com.iit.core.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
import java.util.Arrays;

/**
 * 允许定义的任意一个角色通过即算验证成功
 *
 * Created by wurt on 2015/5/6.
 */
public class AnyRolesAuthorizationFilter extends RolesAuthorizationFilter {

    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        Subject subject = this.getSubject(request, response);
        String[] rolesArray = (String[]) mappedValue;
        if (rolesArray != null && rolesArray.length != 0) {
            for (String roleName : rolesArray) {
                if (subject.hasRole(roleName)) {
                    return true;
                }
            }
            return false;
        } else {
            return true;
        }
    }
}

## shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
	<bean id="anyRolesAuthorizationFilter" class="com.iit.core.shiro.AnyRolesAuthorizationFilter" />
	<!-- 配置shiro的过滤器工厂类，id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<!-- 调用我们配置的权限管理器 -->
		<property name="securityManager" ref="securityManager" />
		<property name="filters">
			<map>
				<entry key="anyRoles" value-ref="anyRolesAuthorizationFilter" />
			</map>
		</property>
		<!-- 配置我们的登录请求地址 -->
		<property name="loginUrl" value="/account/login.html" />
		<!-- 配置我们在登录页登录成功后的跳转地址，如果你访问的是非/login地址，则跳到您访问的地址 -->
		<property name="successUrl" value="/" />
		<!-- 如果您请求的资源不再您的权限范围，则跳转到/error请求地址 -->
		<!-- 		<property name="unauthorizedUrl" value="/error.html" /> -->
		<!-- 权限配置 -->
		<property name="filterChainDefinitions">
			<value>
				/user = anyRoles["shop","admin"]
			</value>
		</property>
	</bean>
</beans>
	package com.iit.core.shiro;

	import org.apache.shiro.subject.Subject;
	import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;

	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import java.io.IOException;
	import java.util.Arrays;

	/**
	* 允许定义的任意一个角色通过即算验证成功
	*
	* Created by wurt on 2015/5/6.
	*/
	public class AnyRolesAuthorizationFilter extends RolesAuthorizationFilter {

	@Override
	public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
	Subject subject = this.getSubject(request, response);
	String[] rolesArray = (String[]) mappedValue;
	if (rolesArray != null && rolesArray.length != 0) {
	for (String roleName : rolesArray) {
	if (subject.hasRole(roleName)) {
	return true;
	}
	}
	return false;
	} else {
	return true;
	}
	}
	}
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
	<bean id="anyRolesAuthorizationFilter" class="com.iit.core.shiro.AnyRolesAuthorizationFilter" />
	<!-- 配置shiro的过滤器工厂类，id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
	<!-- 调用我们配置的权限管理器 -->
	<property name="securityManager" ref="securityManager" />
	<property name="filters">
	<map>
	<entry key="anyRoles" value-ref="anyRolesAuthorizationFilter" />
	</map>
	</property>
	<!-- 配置我们的登录请求地址 -->
	<property name="loginUrl" value="/account/login.html" />
	<!-- 配置我们在登录页登录成功后的跳转地址，如果你访问的是非/login地址，则跳到您访问的地址 -->
	<property name="successUrl" value="/" />
	<!-- 如果您请求的资源不再您的权限范围，则跳转到/error请求地址 -->
	<!-- <property name="unauthorizedUrl" value="/error.html" /> -->
	<!-- 权限配置 -->
	<property name="filterChainDefinitions">
	<value>
	/user = anyRoles["shop","admin"]
	</value>
	</property>
	</bean>
	</beans>