##SpringBoot下Shiro添加过滤器
-
自定义filter继承AdviceFilter
package com.itdage.filter; import org.apache.shiro.web.filter.AccessControlFilter; import org.apache.shiro.web.filter.authz.AuthorizationFilter; import org.apache.shiro.web.servlet.AdviceFilter; import org.springframework.stereotype.Component; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; @Component public class SimpleCORSFilter extends AdviceFilter { @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletResponse res = (HttpServletResponse) response; res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); res.setHeader("Access-Control-Max-Age", "3600"); res.setHeader("Access-Control-Allow-Headers", "Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE"); return true; } }
-
ShiroFilterFactoryBean中追加自己定义的过滤器
package com.itdage.configuration; import com.itdage.filter.SimpleCORSFilter; import com.itdage.realm.MyShiroRealm; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn; import javax.servlet.Filter; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; //shiro配置类 @Configuration public class ShiroConfiguration { // private final Logger logger = Logger.getLogger(ShiroConfiguration.class); // 加上MD5验证 @Bean(name = "securityManager") public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("authRealm") MyShiroRealm myShiroRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //设置realm securityManager.setRealm(myShiroRealm); securityManager.setCacheManager(getEhCacheManager()); return securityManager; } @Bean(name = "myShiroRealm") public MyShiroRealm myShiroRealm(EhCacheManager ehCacheManager){ MyShiroRealm realm = new MyShiroRealm(); realm.setCacheManager(ehCacheManager); return realm; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){ return new LifecycleBeanPostProcessor(); } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager){ AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){ DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); creator.setProxyTargetClass(true); return creator; } @Bean public EhCacheManager getEhCacheManager(){ EhCacheManager ehcacheManager = new EhCacheManager(); ehcacheManager.setCacheManagerConfigFile("classpath:config/ehcache-shiro.xml"); return ehcacheManager; } @Bean public SimpleCORSFilter simpleCORSFilter(){ return new SimpleCORSFilter(); } @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){ ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean(); factoryBean.setSecurityManager(securityManager); // 自定义filter 加入shiro过滤器链 Map