Shiro提供了与Web集成的支持,其通过一个ShiroFilter
入口来拦截需要安全控制的URL,然后进行相应的控制。本文主要介绍在spring-boot 中用ShiroFilterFactoryBean 来创建ShiroFilter:
@Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { # 创建ShiroFilterFactoryBean对象 ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); # 用LinkedHashMap添加拦截的uri,其中authc指定需要认证的uri,anon指定排除认证的uri Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); filterChainDefinitionMap.put("/admin/auth/login", "anon"); filterChainDefinitionMap.put("/admin/auth/401", "anon"); filterChainDefinitionMap.put("/admin/auth/index", "anon"); filterChainDefinitionMap.put("/admin/auth/403", "anon"); filterChainDefinitionMap.put("/admin/**", "authc"); # 设置登录失败,授权成功、授权失败之后的uri shiroFilterFactoryBean.setLoginUrl("/admin/auth/401"); shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index"); shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403"); # shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; }
将上述方法加入到ShiroConfig中即可实现拦截URL。