原代码
使用了LinkedHashMap,但配置了anon的接口还是会通过JwtFilter
@Bean
public ShiroFilterFactoryBean factory(@Qualifier("securityManager")DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean factoryBean=new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
// 添加自己的过滤器并且取名为jwt
Map<String, Filter> filterMap=new LinkedHashMap<>();
//设置我们自定义的JWT过滤器
filterMap.put("jwt",new JwtFilter());
factoryBean.setFilters(filterMap);
Map<String,String> filterRuleMap=new LinkedHashMap<>();
// 访问 /unauthorized 不通过JWTFilter
filterRuleMap.put("/unauthorized","anon");
filterRuleMap.put("/login","anon");
// 所有请求通过我们自己的JWT Filter
filterRuleMap.put("/**", "jwt");
factoryBean.setFilterChainDefinitionMap(filterRuleMap);
return factoryBean;
}
改写后 配置了anon的接口不会再通过jwtFilter
@Bean
public static ShiroFilterFactoryBean factory( @Qualifier("securityManager")DefaultWebSecurityManager securityManager
,ShiroFilterChainDefinition shiroFilterChainDefinition, @Qualifier("jwtFilterRegBean") FilterRegistrationBean jwtFilterRegBean){
ShiroFilterFactoryBean factoryBean=new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
Map<String, Filter> filterMap=new LinkedHashMap<>(8);
filterMap.put("jwt",jwtFilterRegBean.getFilter());
factoryBean.setFilters(filterMap);
factoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
return factoryBean;
}
/**
* 在此处配置过滤器链
*/
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
//这些请求不通过jwtFilter
chainDefinition.addPathDefinition("/login","anon");
chainDefinition.addPathDefinition("/login.html","anon");
chainDefinition.addPathDefinition("/unauthorized","anon");
// 所有请求通过我们自己的JWT Filter
chainDefinition.addPathDefinition("/**","authc");
return chainDefinition;
}
/**
* 配置JwtFilter过滤器,并设置为未注册状态
*/
@Bean
public FilterRegistrationBean jwtFilterRegBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
//添加JwtFilter 并设置为未注册状态
filterRegistrationBean.setFilter(new JwtFilter());
filterRegistrationBean.setEnabled(false);
return filterRegistrationBean;
}
参考:https://stackoverflow.com/questions/51552021/adding-custom-filter-apache-shiro-spring-boot