package com.feige.admin.web.shiro;import com.alibaba.fastjson.JSONObject;import com.feige.common.responce.ResponceStatus;import com.feige.common.responce.RestResponceBody;import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;import org.springframework.http.HttpStatus;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * shiro请求拦截器(解决登录校验跨域问题) */public class AuthenticationFilter extends FormAuthenticationFilter {    @Override    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {        // 错误异常提示        HttpServletResponse httpResponse = (HttpServletResponse) response;        HttpServletRequest httpRequest = (HttpServletRequest) request;        setHeader(httpRequest,httpResponse);        httpResponse.setCharacterEncoding("UTF-8");        httpResponse.setContentType("application/json");        httpResponse.getWriter().write(JSONObject.toJSONString(new RestResponceBody(ResponceStatus.USER_NOT_LOGIN, "请先登录!")));        return false;    }    /**     * 为response设置header，实现跨域     */    private void setHeader(HttpServletRequest request,HttpServletResponse response){        //跨域的header设置        response.setHeader("Access-control-Allow-Origin", request.getHeader("Origin"));        response.setHeader("Access-Control-Allow-Methods", request.getMethod());        response.setHeader("Access-Control-Allow-Credentials", "true");        response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));        //防止乱码，适用于传输JSON数据        //Content-Type, Content-Length, Authorization, Accept, X-Requested-With , yourHeaderFeild        response.setHeader("Content-Type","application/json;charset=UTF-8");        response.setStatus(HttpStatus.OK.value());    }    @Override    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {        if (request instanceof HttpServletRequest) {            if (((HttpServletRequest) request).getMethod().toUpperCase().equals("OPTIONS")) {                return true;            }        }        return super.isAccessAllowed(request, response, mappedValue);    }}需要配置对应的拦截

/** * 定义shiroFilter过滤器并注入securityManager * @param manager * @return */@Beanpublic ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();    //设置securityManager    bean.setSecurityManager(manager);    bean.getFilters().put("authc", new AuthenticationFilter());    //定义过滤器    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();    filterChainDefinitionMap.put("/static/**", "anon");    filterChainDefinitionMap.put("/sys/sysUser/login", "anon");    filterChainDefinitionMap.put("/swagger-ui.html", "anon");    filterChainDefinitionMap.put("/swagger-resources/**", "anon");    filterChainDefinitionMap.put("/v2/api-docs", "anon");    filterChainDefinitionMap.put("/error", "anon");    filterChainDefinitionMap.put("/webjars/**", "anon");    filterChainDefinitionMap.put("/**", "authc");    bean.setFilterChainDefinitionMap(filterChainDefinitionMap);    return bean;}