前言
剛做完一個(gè)項(xiàng)目格了,然后回頭重新重構(gòu)之前的一個(gè)框架棉胀,之前重構(gòu)了一半村怪,然后最近對(duì)SpringBoot非常感興趣秽浇,所以想將框架與SpringBoot整合,簡(jiǎn)化配置甚负,結(jié)果各種被攔截
環(huán)境
shiro:1.3.2
配置
package cn.ims.configuration;
import cn.ims.common.shiro.CustomRealm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfiguration {
//將自己的驗(yàn)證方式加入容器
@Bean
public CustomRealm myShiroRealm() {
return new CustomRealm();
}
//權(quán)限管理柬焕,配置主要是Realm的管理認(rèn)證
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//Filter工廠审残,設(shè)置對(duì)應(yīng)的過(guò)濾條件和跳轉(zhuǎn)條件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> map = new LinkedHashMap<String, String>();
//不過(guò)濾
map.put("/images/**","anon");
map.put("/js/**","anon");
map.put("/css/**","anon");
map.put("/lib/**","anon");
map.put("/fonts/**","anon");
map.put("/icons/** ","anon");
map.put("/page/home/**","anon");
map.put("/page/login/**","anon");
map.put("/page/register/**","anon");
map.put("/page/404/**","anon");
map.put("/loginController/login","anon");
map.put("/","anon");
//對(duì)所有用戶認(rèn)證
map.put("/**","authc");
//登出
map.put("/logout","logout");
//登錄
shiroFilterFactoryBean.setLoginUrl("/page/login/login.html");
//首頁(yè)
//shiroFilterFactoryBean.setSuccessUrl("/index");
//錯(cuò)誤頁(yè)面,認(rèn)證不通過(guò)跳轉(zhuǎn)
//shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
//加入注解的使用斑举,不加入這個(gè)注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
坑
這里有2個(gè)坑:
- SecurityManager 有兩個(gè) 一個(gè)是包 java.lang 中的搅轿,一個(gè)是 org.apache.shiro.mgt 中的
- Map<String,String> map = new LinkedHashMap<String, String>(); 網(wǎng)上很多教程都是用的HashMap 看源碼后才發(fā)現(xiàn)應(yīng)該用LinkedHashMap,否則會(huì)出現(xiàn)資源只能加載一次然后就被攔截的情況
