项目加载静态图片404以后,报错:No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
原先以为没把shiro过滤器注册,后面看了下已经注册过了:
@Configuration
public class FilterConfig {
@Bean
public FilterRegistrationBean shiroFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new DelegatingFilterProxy("shiroFilter"));
//该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理
registration.addInitParameter("targetFilterLifecycle", "true");
registration.setEnabled(true);
registration.addUrlPatterns("/*");
return registration;
}
}
后来打个断点,发现404以后拦截器拦截了一个/error的请求,而我在拦截器里面用shiro的session做了是否未登录的判断,导致了该问题,然后我自定义了一个errorpage类处理错误码:
@Configuration
public class ErrorPageConfig implements ErrorPageRegistrar {
@Override
public void registerErrorPages(ErrorPageRegistry registry) {
//具体的错误码错误异常页面
ErrorPage e404 = new ErrorPage(HttpStatus.NOT_FOUND,"/error/404.ftl");
ErrorPage e500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR,"/error/500.ftl");
registry.addErrorPages(e404,e500);
}
}
可在拦截器中将/error加入到白名单,就没问题了。
可参考如下代码片段:
private static final String[] NO_INTERCEPT_URI = new String[]{"/admin/validCode","/admin/login","/admin/loginPage",
"/admin/logout","/error"};
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String requestUri = request.getRequestURI();
//不用拦截地址,直接放行
for (String s: NO_INTERCEPT_URI) {
if (s.equals(requestUri)){
return true;
}
}
if (!isLogin()){
response.sendRedirect("/user/loginPage");
return false;
}
return true;
}