springboot shiro No SecurityManager accessible to the calling code

项目加载静态图片404以后，报错：No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.

原先以为没把shiro过滤器注册，后面看了下已经注册过了：

@Configuration
public class FilterConfig {
    @Bean
    public FilterRegistrationBean shiroFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new DelegatingFilterProxy("shiroFilter"));
        //该值缺省为false，表示生命周期由SpringApplicationContext管理，设置为true则表示由ServletContainer管理
        registration.addInitParameter("targetFilterLifecycle", "true");
        registration.setEnabled(true);
        registration.addUrlPatterns("/*");
        return registration;
    }
}

后来打个断点，发现404以后拦截器拦截了一个/error的请求，而我在拦截器里面用shiro的session做了是否未登录的判断，导致了该问题，然后我自定义了一个errorpage类处理错误码：

@Configuration
public class ErrorPageConfig implements ErrorPageRegistrar {
    @Override
    public void registerErrorPages(ErrorPageRegistry registry) {
        //具体的错误码错误异常页面
        ErrorPage e404 = new ErrorPage(HttpStatus.NOT_FOUND,"/error/404.ftl");
        ErrorPage e500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR,"/error/500.ftl");
        registry.addErrorPages(e404,e500);
    }
}

可在拦截器中将/error加入到白名单，就没问题了。

可参考如下代码片段：

 private static final String[]  NO_INTERCEPT_URI = new String[]{"/admin/validCode","/admin/login","/admin/loginPage",
            "/admin/logout","/error"};

@Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String requestUri = request.getRequestURI();
        //不用拦截地址,直接放行
        for (String s: NO_INTERCEPT_URI) {
            if (s.equals(requestUri)){
                return true;
            }
        }
        if (!isLogin()){
            response.sendRedirect("/user/loginPage");
            return false;
        }
        return true;
    }