记一次springboot集成shiro报错org.apache.shiro.UnavailableSecurityManagerException的坑

最新推荐文章于 2024-08-08 11:11:31 发布
最新推荐文章于 2024-08-08 11:11:31 发布
阅读量692 收藏 2
点赞数
分类专栏: java 文章标签: java 后端
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_54850825/article/details/124490541
版权

文章目录

背景

近期做了个小项目,在项目后台使用shiro来做身份验证、权限管理等。shiro这个框架写的真不错,接入简单,功能还算完善,扩展支持的也还行。但是在使用的过程中发现了一个问题,在ajax请求需要校验用户和权限时直接重定向的登录页或者无权限的页面,无法处理为json信息返回,导致页面不能给出正确的提示信息。在查看文档后考虑重写对应的filter来处理。

shiro处理ajax请求思路

于是重写了shiro默认UserFilter的onAccessDenied方法,代码很简单如下。

public class CustomShiroUserFilter extends UserFilter {

    /**
     * 认证失败回调
     *
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        //查看是否是AjAX请求
        String accept = httpRequest.getHeader("accept");
        String requestedWith = httpRequest.getHeader("X-Requested-With");
        if ((accept != null && accept.contains("application/json")) || (requestedWith != null && "XMLHttpRequest".equalsIgnoreCase(requestedWith))) {
            httpResponse.setContentType("text/json; charset=UTF-8");
            // 构建返回值
            Result<Boolean> result = Result.<Boolean>builder().code(403).success(false).data(false).message("not login!").build();
            //带回AJAX请求,把数据作为流传回去这里需要传出标准的json数据格式
            httpResponse.getWriter().print(JSON.toJSONString(result));
            saveRequest(request);
        } else {
            saveRequestAndRedirectToLogin(request, response);
        }
        return false;
    }

}

我的项目是springboot搭建的,filter写完感觉问题不大,直接将其添加到shiroConfig中,代码如下:

    @Bean
    public CustomShiroUserFilter customShiroUserFilter(){
        return new CustomShiroUserFilter();
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/login");
        Map<String, Filter> filterMap = new LinkedHashMap<>();
        // 若CustomShiroUserFilter交由spring管理的话会导致filter在shiroFilter之外而且运行在shiroFilter之前了,导致无法bind securityManager
        filterMap.put("customShiroUserFilter", customShiroUserFilter());
        shiroFilterFactoryBean.setFilters(filterMap);

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/manage/**", "user");
        filterChainDefinitionMap.put("/rest/manage/**", "customShiroUserFilter");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

遇到的问题

启动项目,访问,结果出现了意料之外的问题,报错UnavailableSecurityManagerException

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
	at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.filter.AccessControlFilter.getSubject(AccessControlFilter.java:97) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.filter.authc.UserFilter.isAccessAllowed(UserFilter.java:53) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[shiro-web-1.4.2.jar:1.4.2]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123) ~[druid-1.1.9.jar:1.1.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1579) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_131]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_131]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.27.jar:9.0.27]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]

原因分析

很奇怪,使用spring是同样的操作,将自定义filter配置成spring bean,然后配置到shiro的filter中,没啥问题,而使用springboot就出现了这个报错,跟代码发现报错的位置在org.apache.shiro.SecurityUtils的getSecurityManager()方法,分析原因定位是securityManager没有获取到值,应该是ThreadContext.getSecurityManager()没有取到对应的信息,而这个set值是通过org.apache.shiro.web.servlet.AbstractShiroFilter的doFilterInternal()方法这里面做的也就是说代码没有执行到shiroFilter。

接下来就分析为什么ShiroFilter还未执行就执行到了自定义的filter,debug其执行过程发现我自定义的customShiroUserFilter被加入的了filter chain于shiroFilter同级,顺序还在shiroFilter前面,所以CustomShiroUserFilter执行时shiro还未执行上下文信息还未写入。
在这里插入图片描述

解决办法

查阅资料发现springboot会将@Bean标识的filter注册到filter chain中,所以就出现了上述问题。到此解决办法已经很清晰了,自定义的customShiroUserFilter应该是shiroFilter的子级,由ShiroFilterFactoryBean来注册管理,所以直接new一个CustomShiroUserFilter对象交给ShiroFilterFactoryBean,修改代码就一句filterMap.put("customShiroUserFilter", new CustomShiroUserFilter());问题就解决了,配置代码如下:

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/login");
        Map<String, Filter> filterMap = new LinkedHashMap<>();
        // 若CustomShiroUserFilter交由spring管理的话会导致filter在shiroFilter之外而且运行在shiroFilter之前了,导致无法bind securityManager
        filterMap.put("customShiroUserFilter", new CustomShiroUserFilter());
        shiroFilterFactoryBean.setFilters(filterMap);

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/userlogin", "anon");
        filterChainDefinitionMap.put("/manage/**", "user");
        filterChainDefinitionMap.put("/rest/manage/**", "customShiroUserFilter");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

ps:如果自定义的filter需要依赖其他的spring bean,在springboot filter配置中可以设置不自动注册,具体的方法可自行查找。

m0_54850825
关注
专栏目录
shiro报错 org.apache.shiro.UnavailableSecurityManagerException
javanewnewman的博客
07-08 8496
自己照着教程搭springboot+mybatis+shiro后端分离的一个框架。碰到了问题,几天了,很困惑,烦请知道的朋友给点建议org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apac...
2020-09-01 关于shiroorg.apache.shiro.UnavailableSecurityManagerException: No SecurityManager异常
qq_41362717的博客
09-01 3543
本地环境运行无异常,移植后出现异常。 1,查看异常代码 org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application conf.
Shiro报错UnavailableSecurityManagerException
z2014ypd的博客
04-01 3703
运行整合了shirospring报错org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code,either bound to the org.apache.shiro.util.ThreadContext or as a vm static s...
Error updating database. Cause: org.apache.shiro.UnavailableSecurity
qq_40202111的博客
08-08 228
mybtisplus查看MetaObjectHandler是否有自定义获取用户信息填充用户的方法。
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling c
热门推荐
The magic of fingertips
07-07 3万+
关于shiro错误的分析 错误提示: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code,either bound to the org.apache.shiro.util.ThreadContext or as a vm static s
SpringMVC中Shiro报错org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible
Ydoing的专栏
09-22 1万+
配置如下 <!-- 配置shiro --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param>
springboot 新建测试类(junit),报错org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
微笑的花的博客
08-22 1800
新建测试类,因为方法内容涉及到shiro和数据库操作,被卡了数小时,这里录一下成功方案 (因为使用的是bootdo框架,框架已添加了所需依赖,未添加依赖的得添加到pom文件) 在需要新建测试类的类中右键 出现下图,点击即可 点击ok (红框处选中则生成的测试类中有该方法) 测试类代码: package XXX; import org.apache.shiro.util.ThreadCo...
springboot整合shiro本地运行没问题,部署到ubutun服务器报错org.apache.shiro.UnavailableSecurityManagerException: 求助
Strive_Better的博客
06-20 3157
最近学习springboot框架,整合了shiro权限,本地运行没毛病,但是蛋疼了,发布到服务器,访问都会报错org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.ut...
springboot集成shiro时认证出现报错Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToke
苏顺的博客
05-09 1万+
shiro密码验证的大致流程: 1. controller中login的时候 UsernamePasswordToken token = new UsernamePasswordToken(account, password); try { SecurityUtils.getSubject().login(token); } 2. realm中调用doGetAuthenticationInfo @Override
shiro报错:import org.apache.shiro.ini.IniSecurityManagerFactory出错;报Cannot resolve symbol ‘ini‘等错误;
weixin_44919186的博客
07-11 2252
问题: shiro更新问题导致shiro会报以下错误: 解决方法: 将原本的替换成如下: 先导入新的: 之后替换原先方法 : 完整的代码: /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for ...
shiroorg.apache.shiro.UnavailableSecurityManagerException错误
sinat_39789638的博客
10-29 7481
在做shiro的登录认证操作时, 应用的认证拦截成功。 功能是用户未登录,访问任何页面都拦截到登录页面。 但是在登录页面执行登录方法时却报出了 org.apache.shiro.UnavailableSecurityManagerException:错误通过debug看到,代码是在action类的方法中SecurityUtils.getSubject();时抛出异常调试了很久都没有发现代码和配置
springboot 测试类,项目使用shiro报错UnavailableSecurityManagerException
baicu7502的博客
07-04 214
大概的问题就是,正常运行项目是没有问题的 使用测试类是,加载不了shirosecurityManager,主要导致不是很清楚,望告知, 解决方法 @Resource org.apache.shiro.mgt.SecurityManager securityManager; @Before public void setUp() thr...
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible
tpaer的博客
06-13 4229
解决项目中shiro框架未找到SecurityManager
2020-09-01 关于shiroorg.apache.shiro.UnavailableSecurityManagerException No SecurityManager异常
m0_54866636的博客
03-25 1103
本地环境运行无异常,移植后出现异常。 1,查看异常代码 org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configu
Exceptionorg.apache.shiro.UnavailableSecurityManagerException
tanpenggood
06-03 1289
SpringBoot + Shiro 接口使用异延迟结果(DeferredResult)出现报错:UnavailableSecurityManagerException。 快来看看我的解决思路。
shiro报错org.apache.shiro.UnavailableSecurityManagerException
Arthur_Lees的博客
05-11 3485
shiro报错org.apache.shiro.UnavailableSecurityManagerException
Shiro抛出异常UnavailableSecurityManagerException
xueba8的博客
02-01 740
Shiro报错org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. Thi...
Springboot3 Shiro 报错 java.lang.NoClassDefFoundError: javax/servlet/Filter
最新发布
09-10
`java.lang.NoClassDefFoundError: javax/servlet/Filter` 这个错误表明Java运行时环境无法找到 `javax.servlet.Filter` 类。这通常是因为应用程序缺少了必要的依赖或者类路径没有正确配置。 在使用Spring Boot 3和Shiro时,确保你已经添加了必要的依赖到你的项目中。对于处理Servlet和Filter,你需要确保包含了相关的Web依赖。如果你使用Maven作为构建工具,你需要在`pom.xml`文件中添加如下依赖(或类似的Servlet API依赖): ```xml <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>4.0.1</version> <scope>provided</scope> </dependency> ``` 请注意,版本号`4.0.1`是一个示例,实际项目中你应该使用与你的Servlet容器兼容的版本。 如果你使用的是Gradle或其他构建工具,确保相应的依赖也被正确添加到构建配置中。 此外,如果你正在迁移到Spring Boot 3,还需要注意的是Spring Boot 3依赖于Jakarta EE(以前称为Java EE),因此相关的包名也从`javax.*`变为了`jakarta.*`。因此,你可能还需要添加Shiro的依赖,并确保它与Spring Boot 3兼容。 还有一个可能性是你的Shiro依赖和Servlet API版本不匹配,这种情况下,你需要确保Shiro版本与Servlet API版本兼容,或者更新Shiro到一个与Spring Boot 3兼容的版本。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值