场景:因开发需要,时间有限,便在某云上下载了一个开源框架-脚手架,
希望能便捷开发,提高开发效率
ps:框架是个好框架,大家也可以学习学习
springboot_v2
问题描述:因为这个框架本身采用shiro 做权限拦截,本身是属于一个web
管理后台框架,但是我这边需求是还需要对接手机接口,
但是,在框架中,针对未登录用户的拦截是返回login.html,
手机接口也是采用同样拦截,导致手机接口在未登录的情况下
,会返回一个login.html,无法解析,但是对于web这个是必须需要的
,第一想法:卧槽,这么简单个玩意儿,容我2分钟搞定,
。。。。。。。。。。半个小时过后-未果,各种百度,必应,google,
头都看晕了,(我一看文档就犯困。。。。) shiro拦截顺序永远都在
WebMvcConfigurationSupport 前面·因为我已经踩了坑,
我在做拦截的时候
,拦截到的url全是shiro已经拦截,并且重定向到login的路径···
首先:先上代码 ShiroConfig
package com.fc.test.shiro.config;
import com.fc.test.shiro.service.ExtendRolesAuthorizationFilter;
import com.fc.test.shiro.util.ShiroUtils;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.fc.test.shiro.service.MyShiroRealm;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* 权限配置文件
* @ClassName: ShiroConfiguration
* @author fuce
* @date 2018年8月25日
*
*/
@Configuration
public class ShiroConfig {
/**
* 这是shiro的大管家,相当于mybatis里的SqlSessionFactoryBean
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// Map<String, Filter> filtersMap = new LinkedHashMap<String, Filter>();
// //自定义拦截器
// filtersMap.put("authc", new ShiroLoginFilter());
// shiroFilterFactoryBean.setFilters(filtersMap);
shiroFilterFactoryBean.setFilterChainDefinitionMap(ShiroFilterMapFactory.shiroFilterMap());
//登录
shiroFilterFactoryBean.setLoginUrl("/admin/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("/admin/login");
shiroFilterFactoryBean.setSuccessUrl("/admin/index");
// //错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
// //页面权限控制
shiroFilterFactoryBean.setSecurityManager(securityManager);
return shiroFilterFactoryBean;
}
/**
* web应用管理配置
* @param shiroRealm
* @param cacheManager
* @param manager
* @return
*/
@Bean
public DefaultWebSecurityManager securityManager(Realm shiroRealm,CacheManager cacheManager,RememberMeManager manager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setCacheManager(cacheManager);
securityManager.setRememberMeManager(manager);//记住Cookie
securityManager.setRealm(shiroRealm);
securityManager.setSessionManager(sessionManager());
return securityManager;
}
/**
* session过期控制
* @return
* @author fuce
* @Date 2019年11月2日 下午12:49:49
*/
@Bean
public DefaultWebSessionManager sessionManager() {
DefaultWebSessionManager defaultWebSessionManager=new DefaultWebSessionManager();
// 设置session过期时间3600s
Long timeout=60L*1000*60;//毫秒级别
defaultWebSessionManager.setGlobalSessionTimeout(timeout);
return defaultWebSessionManager;
}
/**
* 加密算法
* @return
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("MD5");//采用MD5 进行加密
hashedCredentialsMatcher.setHashIterations(1);//加密次数
return hashedCredentialsMatcher;
}
/**
* 记住我的配置
* @return
*/
@Bean
public RememberMeManager rememberMeManager() {
Cookie cookie = new SimpleCookie("rememberMe");
cookie.setHttpOnly(true);//通过js脚本将无法读取到cookie信息
cookie.setMaxAge(60 * 60 * 24);//cookie保存一天
CookieRememberMeManager manager=new CookieRememberMeManager();
manager.setCookie(cookie);
return manager;
}
/**
* 缓存配置
* @return
*/
@Bean
public CacheManager cacheManager() {
MemoryConstrainedCacheManager cacheManager=new MemoryConstrainedCacheManager();//使用内存缓存
return cacheManager;
}
/**
* 配置realm,用于认证和授权
* @param hashedCredentialsMatcher
* @return
*/
@Bean
public AuthorizingRealm shiroRealm(HashedCredentialsMatcher hashedCredentialsMatcher) {
MyShiroRealm shiroRealm = new MyShiroRealm();
//校验密码用到的算法
shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher);
return shiroRealm;
}
/**
* 启用shiro方言,这样能在页面上使用shiro标签
* @return
*/
@Bean
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
/**
* 启用shiro注解
*加入注解的使用&