spring boot使用shiro 遇到几个问题。
@Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); // 必须设置 SecurityManager shiroFilterFactoryBean.setSecurityManager(securityManager); //拦截器. Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>(); //如果不配置,默认跳到/login.jsp shiroFilterFactoryBean.setLoginUrl("/user/login"); // 登录成功后要跳转的链接,不生效 shiroFilterFactoryBean.setSuccessUrl("/index"); //未授权界面; // shiroFilterFactoryBean.setUnauthorizedUrl("/user/success"); // filterChainDefinitionMap.put("/logout", "logout"); // filterChainDefinitionMap.put("/static/**", "anon"); // filterChainDefinitionMap.put("/favicon.ico", "anon"); filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; }
//如果不配置,默认跳到/login.jsp shiroFilterFactoryBean.setLoginUrl("/user/login"); //这里配置的是拦截后跳转的路径
//未授权界面; shiroFilterFactoryBean.setUnauthorizedUrl("/user/success");// 这个配置并不会起作用
需要自定义一个handler
public class MyExceptionResolver implements HandlerExceptionResolver {//如果是shiro无权操作,因为shiro 在操作auno等一部分不进行转发至无权限url @Override public ModelAndView resolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) { if(e instanceof UnauthorizedException){ ModelAndView mv = new ModelAndView("success"); return mv; } return null; } }2、先登录成功后再调用shiro的logout的方法在登录会出问题。
直接自定义logout方法,@GetMapping("/logout") @RequestMapping public String logout(){ SecurityUtils.getSubject().logout(); return "login"; }这样就好了