问题说明
springboot集成shiro后,过滤器配置为/**时,接口循环重定向
配置
@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 添加自定义过滤器,注意这个Filter继承javax.servlet.Filter
Map<String, Filter> filterMap = new HashMap<>();
filterMap.put("cas", this.casFilter());
filterMap.put("roles", this.roleFilter());
shiroFilterFactoryBean.setFilters(filterMap);
// 拦截器
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put(Constants.WEB_SHIRO_AUTH_URL, "cas");
filterChainDefinitionMap.put("/sso/**", "anon");
// 如果不设置默认会自动寻找Web工程根目录下的"/login"页面
shiroFilterFactoryBean.setLoginUrl("/sso/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/sso/success");
shiroFilterFactoryBean.setUnauthorizedUrl("/sso/unAuthorize");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
原因
自定义的filter被系统启动加载为系统过滤器,而不是shiro的过滤器
解决方案
@Bean
public FilterRegistrationBean registration(RolesAuthorizationFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean(filter);
// 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理
registration.setEnabled(false);
return registration;
}