今天springboot 集成 shiro 的时候发现有的静态资源被放行,有的却被拦截了,先上filter代码
@Bean
public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
// 过滤器就是shiro就行权限校验的核心,进行认证和授权是需要SecurityManager的
filter.setSecurityManager(securityManager);
LinkedHashMap<String, Filter> filtersMap = new LinkedHashMap<>();
//配置自定义登出 覆盖 logout 之前默认的LogoutFilter
filtersMap.put("logout", myLogoutFilter());
filter.setFilters(filtersMap);
Map<String,String> filterMap = new hashMap<>();
filterMap.put("/getCode","anon");
filterMap.put("/login","anon");
filterMap.put("/css/**","anon");
filterMap.put("/js/**","anon");
filterMap.put("/images/**","anon");
filterMap.put("/lib/**","anon");
filterMap.put("/meeting/**","anon");
//logout是shiro提供的过滤器,这是走自定义的 shiroLogoutFilter 上面有配置
filterMap.put("/logout", "logout");
filterMap.put("/**","authc");
filter.setFilterChainDefinitionMap(filterMap);
filter.setLoginUrl("/login");
//设置未授权访问的页面路径
filter.setUnauthorizedUrl("/login");
return filter;
}
上debug图
这是因为 HashMap 是无序的,所以/** 下面的拦截放行都失效了,只需要把hashMap 改成 有序的 LinkedHashMap即可!
上结果图
大功告成!