配置自定义的filter
@Bean // DefaultWebSecurityManager securityManager
public ShiroFilterFactoryBean shiroFilter( DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/jcaptcha/*.*", "anon");
filterChainDefinitionMap.put("/sys/login", "authc");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
shiroFilterFactoryBean.setLoginUrl("/sys/login");
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("authc",new FormAuthenticationFilter());----> 这是正确的写法
filters.put("logout",logoutFilter());
return shiroFilterFactoryBean;
}
当filters.put("authc",getFormAuthenticationFilter());----> 当这样写时, 配置的anon 请求将无法访问
@Bean
public FormAuthenticationFilter getFormAuthenticationFilter(){
return new FormAuthenticationFilter ();
}
如果不配置自定义拦截请求, 则shiro根据配置的拦截顺序拦截