springboot集成shiro遭遇自定义filter异常

最新推荐文章于 2024-02-24 12:00:00 发布
最新推荐文章于 2024-02-24 12:00:00 发布
阅读量5.3k 收藏 2
点赞数
分类专栏: spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u011649691/article/details/81274193
版权

首先简述springboot使用maven集成shiro
1、用maven添加shiro

    <!--shiro-->
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.4.0</version>
    </dependency>
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-spring</artifactId>
        <version>1.4.0</version>
    </dependency>

2、配置shiro

import com.yuntu.intelligent.log.service.QueryPermissionService;
import com.yuntu.intelligent.log.service.shiro.authc.AccountSubjectFactory;
import com.yuntu.intelligent.log.service.shiro.filter.AuthenticatedFilter;
import com.yuntu.intelligent.log.service.shiro.filter.QueryLimitFiter;
import com.yuntu.intelligent.log.service.shiro.realm.AccountRealm;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.ShiroHttpSession;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.annotation.Resource;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * shiro权限管理的配置
 */
@Configuration
public class ShiroConfig {

    @Bean
    public AccountSubjectFactory accountSubjectFactory() {
        return new AccountSubjectFactory();
    }

    /**
     * 安全管理器
     */
    @Bean
    public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager, CacheManager cacheShiroManager, SessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(this.shiroAccountRealm());
        securityManager.setCacheManager(cacheShiroManager);
        securityManager.setRememberMeManager(rememberMeManager);
        securityManager.setSessionManager(sessionManager);
        securityManager.setSubjectFactory(this.accountSubjectFactory());
        return securityManager;
    }

    /**
     * session管理器(单机环境)
     */
    @Bean
    public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager) {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setCacheManager(cacheShiroManager);
        sessionManager.setSessionValidationInterval(1800 * 1000);
        sessionManager.setGlobalSessionTimeout(900 * 1000);
        sessionManager.setDeleteInvalidSessions(true);
        sessionManager.setSessionValidationSchedulerEnabled(true);
        Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
        cookie.setName("shiroCookie");
        cookie.setHttpOnly(true);
        sessionManager.setSessionIdCookie(cookie);
        return sessionManager;
    }


    /**
     * 缓存管理器 使用Ehcache实现
     */
    @Bean
    public CacheManager getCacheShiroManager() {
        return new MemoryConstrainedCacheManager();
    }

    /**
     * 项目自定义的Realm
     */
    @Bean
    public AccountRealm shiroAccountRealm() {
        return new AccountRealm();
    }

    /**
     * rememberMe管理器, cipherKey生成见{@code Base64Test.java}
     */
    @Bean
    public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) {
        CookieRememberMeManager manager = new CookieRememberMeManager();
        manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
        manager.setCookie(rememberMeCookie);
        return manager;
    }

    /**
     * 记住密码Cookie
     */
    @Bean
    public SimpleCookie rememberMeCookie() {
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        simpleCookie.setHttpOnly(true);
        simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天
        return simpleCookie;
    }

    /**
     * Shiro的过滤器链
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager,CollectionPropertiesConfig collectionPropertiesConfig,QueryPermissionService queryPermissionService) {
        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);
        /**
         * 默认的登陆访问url
         */
        shiroFilter.setLoginUrl("/login");
        /**
         * 登陆成功后跳转的url
         */
        shiroFilter.setSuccessUrl("/");
        /**
         * 没有权限跳转的url
         */
        shiroFilter.setUnauthorizedUrl("/error/reject.html");

        /**
         * 覆盖默认的user拦截器(默认拦截器解决不了ajax请求 session超时的问题,若有更好的办法请及时反馈作者)
         */
        HashMap<String, Filter> myFilters = new HashMap<>();
        myFilters.put("query", new QueryLimitFiter(queryPermissionService));
        myFilters.put("authc", new AuthenticatedFilter());
        shiroFilter.setFilters(myFilters);

        /**
         * 配置shiro拦截器链
         *
         * anon  不需要认证
         * authc 需要认证
         * user  验证通过或RememberMe登录的都可以
         *
         * 当应用开启了rememberMe时,用户下次访问时可以是一个user,但不会是authc,因为authc是需要重新认证的
         *
         * 顺序从上到下,优先级依次降低
         *
         */
        Map<String, String> hashMap = new LinkedHashMap<>();
        hashMap.put("/login", "anon");
        hashMap.put("/", "authc");
        hashMap.put("/user*", "authc");
        hashMap.put("/user/**", "authc");
        hashMap.put("/post/**", "authc");

        hashMap.put("/admin", "authc,perms[admin]");
        hashMap.put("/admin/**", "authc,perms[admin]");
        for(String uri:collectionPropertiesConfig.getQueryLogUrls()){
            hashMap.put(uri,"query");
        }
        shiroFilter.setFilterChainDefinitionMap(hashMap);
        return shiroFilter;
    }

    /**
     * 在方法中 注入 securityManager,进行代理控制
     */
    @Bean
    public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
        MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
        bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
        bean.setArguments(new Object[]{securityManager});
        return bean;
    }

    /**
     * Shiro生命周期处理器:
     * 用于在实现了Initializable接口的Shiro bean初始化时调用Initializable接口回调(例如:UserRealm)
     * 在实现了Destroyable接口的Shiro bean销毁时调用 Destroyable接口回调(例如:DefaultSecurityManager)
     */
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    /**
     * 启用shrio授权注解拦截方式,AOP式方法级权限检查
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
                new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

}

3、实现自定义的Realm、filter、SubjectFactory等:

import com.yuntu.intelligent.log.model.sysmodel.OrganizationUser;
import org.apache.shiro.authc.SimpleAuthenticationInfo;

public class AccountAuthenticationInfo extends SimpleAuthenticationInfo{
    private static final long serialVersionUID = 3405356595200877071L;

    private OrganizationUser profile;

    public AccountAuthenticationInfo(){
    }

    public AccountAuthenticationInfo(Object principal, Object credentials, String realmName){
        super(principal, credentials, realmName);
    }


    public OrganizationUser getProfile() {
        return profile;
    }

    public void setProfile(OrganizationUser profile) {
        this.profile = profile;
    }
}

import com.yuntu.intelligent.log.model.sysmodel.OrganizationUser;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.web.subject.support.WebDelegatingSubject;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class AccountSubject extends WebDelegatingSubject{
    private OrganizationUser profile;

    public AccountSubject(PrincipalCollection principals, boolean authenticated, String host, Session session,
                          boolean sessionEnabled, ServletRequest request, ServletResponse response, SecurityManager securityManager, OrganizationUser profile) {
        super(principals, authenticated, host, session, sessionEnabled, request, response, securityManager);
        this.profile = profile;
    }

    public String getUsername(){
        return getPrincipal().toString();
    }

    public OrganizationUser getProfile() {
        return profile;
    }

}


import com.yuntu.intelligent.log.model.sysmodel.OrganizationUser;
import com.yuntu.intelligent.log.service.UserService;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.mgt.SubjectFactory;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.web.subject.WebSubjectContext;
import org.springframework.beans.factory.annotation.Autowired;

public class AccountSubjectFactory implements SubjectFactory {

    @Autowired
    private UserService userService;

    @Override
    public Subject createSubject(SubjectContext context) {
        WebSubjectContext wsc = (WebSubjectContext) context;
        AuthenticationInfo info = wsc.getAuthenticationInfo();

        OrganizationUser profile = null;
        AccountSubject subject = null;
        if (info instanceof AccountAuthenticationInfo) {
            profile = ((AccountAuthenticationInfo) info).getProfile();
            subject = doCreate(wsc, profile);
            subject.getSession(true).setAttribute("profile", profile);
        }else{
            Session session = wsc.getSession();
            if(session != null){
                profile = (OrganizationUser)session.getAttribute("profile");
            }
            subject = doCreate(wsc, profile);
            boolean isRemembered = subject.isRemembered();
            if (session == null) {
                wsc.setSessionCreationEnabled(true);
                subject.getSession(true);
            }
            if (isRemembered && profile == null) {
                Object username = subject.getPrincipal();
                profile = userService.getUserByName((String) username);

                subject.getSession(true).setTimeout(30 * 60 * 1000);
                subject.getSession(true).setAttribute("profile", profile);
            }
        }


        return doCreate(wsc, profile);
    }

    private AccountSubject doCreate(WebSubjectContext wsc, OrganizationUser profile) {
        return new AccountSubject(wsc.resolvePrincipals(), wsc.resolveAuthenticated(), wsc.resolveHost(),
                wsc.resolveSession(), wsc.isSessionCreationEnabled(), wsc.resolveServletRequest(),
                wsc.resolveServletResponse(), wsc.resolveSecurityManager(), profile);
    }
}

import org.apache.shiro.authc.AuthenticationToken;

public class AccountToken implements AuthenticationToken {
    private static final long serialVersionUID = 1L;

    private long id;
    private String username;

    public AccountToken() {
    }

    public AccountToken(long id, final String username) {
        this(id, username, username);
    }

    public AccountToken(long id, final String username, String nickname) {
        this.id = id;
        this.username = username;
    }

    @Override
    public Object getPrincipal() {
        return username;
    }

    @Override
    public Object getCredentials() {
        return null;
    }

    public long getId() {
        return id;
    }

    public void setId(long id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

}

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.servlet.OncePerRequestFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Formatter;

/**
 * @version 1.0.0
 */
public class AuthenticatedFilter extends OncePerRequestFilter {
    private Logger LOG = LoggerFactory.getLogger(AuthenticatedFilter.class);

    private static final String JS = "<script type='text/javascript'>var wp=window.parent; if(wp!=null){while(wp.parent&&wp.parent!==wp){wp=wp.parent;}wp.location.href='%1$s';}else{window.location.href='%1$s';}</script>";
    private String loginUrl = "/login";

    @Override
    protected void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        LOG.info("开始权限验证");
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            chain.doFilter(request, response);
        } else {
            identifyGuest(subject, request, response, chain);
        }
    }

    protected void identifyGuest(Subject subject, ServletRequest request, ServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        redirectLogin(request, response);
    }

    protected void redirectLogin(ServletRequest request, ServletResponse response) throws IOException {
        WebUtils.saveRequest(request);
        String path = WebUtils.getContextPath((HttpServletRequest) request);
        String url = loginUrl;
        if (StringUtils.isNotBlank(path) && path.length() > 1) {
            url = path + url;
        }

        if (isAjaxRequest((HttpServletRequest) request)) {
            response.setContentType("application/json;charset=UTF-8");
            response.getWriter().print("您还没有登录!");
        } else {
            response.getWriter().write(new Formatter().format(JS, url).toString());
        }
    }

    public String getLoginUrl() {
        return loginUrl;
    }

    public void setLoginUrl(String loginUrl) {
        this.loginUrl = loginUrl;
    }

    /**
     * 判断是否为Ajax请求 <功能详细描述>
     * 
     * @param request
     * @return 是true, 否false
     * @see [类、类#方法、类#成员]
     */
    public static boolean isAjaxRequest(HttpServletRequest request) {
        String header = request.getHeader("X-Requested-With");
        if (header != null && "XMLHttpRequest".equals(header))
            return true;
        else
            return false;
    }

}


import com.yuntu.intelligent.log.service.QueryPermissionService;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.web.servlet.AbstractFilter;
import org.apache.shiro.web.servlet.ServletContextSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;


public class QueryLimitFiter extends ServletContextSupport implements Filter {
    private QueryPermissionService queryPermissionService;

    private static final transient Logger log = LoggerFactory.getLogger(AbstractFilter.class);
    protected FilterConfig filterConfig;


    public QueryLimitFiter(QueryPermissionService queryPermissionService) {
        this.queryPermissionService = queryPermissionService;
    }

    public FilterConfig getFilterConfig() {
        return this.filterConfig;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
        this.setServletContext(filterConfig.getServletContext());
    }

    protected String getInitParam(String paramName) {
        FilterConfig config = this.getFilterConfig();
        return config != null? org.apache.shiro.util.StringUtils.clean(config.getInitParameter(paramName)):null;
    }

    public final void init(FilterConfig filterConfig) throws ServletException {
        this.setFilterConfig(filterConfig);

        try {
            this.onFilterConfigSet();
        } catch (Exception var3) {
            if(var3 instanceof ServletException) {
                throw (ServletException)var3;
            } else {
                if(log.isErrorEnabled()) {
                    log.error("Unable to start Filter: [" + var3.getMessage() + "].", var3);
                }

                throw new ServletException(var3);
            }
        }
    }

    protected void onFilterConfigSet() throws Exception {
    }

    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if(isAccessAllowed(servletRequest,servletResponse)){
            filterChain.doFilter(servletRequest,servletResponse);
        }else {
            servletResponse.setContentType("application/json;charset=UTF-8");
            servletResponse.getWriter().print("不允许查询!");
        }
    }


    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletRequest request = (HttpServletRequest)servletRequest;
        String hallCode = request.getParameter("guanhao");
        String uri = request.getRequestURI();
        System.out.println(uri);
//        if (collectionPropertiesConfig.getQueryLogUrls().contains(uri)) {
        try {
            if (StringUtils.isEmpty(hallCode)) {
                servletResponse.setContentType("application/json;charset=UTF-8");
                servletResponse.getWriter().print("需要输入馆号!");
                return false;
            }
            if (queryPermissionService.permit(hallCode)) {
                return true;
            } else {
                servletResponse.setContentType("application/json;charset=UTF-8");
                servletResponse.getWriter().print("你没有权限查询此馆!");
                return false;
            }
        }catch (Exception e){
            e.printStackTrace();
        }
        return false;
    }
}


import com.yuntu.intelligent.log.model.sysmodel.OrganizationPrivilege;
import com.yuntu.intelligent.log.model.sysmodel.OrganizationResources;
import com.yuntu.intelligent.log.model.sysmodel.OrganizationUser;
import com.yuntu.intelligent.log.service.RoleService;
import com.yuntu.intelligent.log.service.UserService;
import com.yuntu.intelligent.log.service.shiro.authc.AccountAuthenticationInfo;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import javax.annotation.Resource;
import java.util.List;

public class AccountRealm extends AuthorizingRealm {
    @Autowired
    private UserService userService;
    @Autowired
    private RoleService userRoleService;

    public AccountRealm() {
        super(new AllowAllCredentialsMatcher());
        setAuthenticationTokenClass(UsernamePasswordToken.class);
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String username = (String) principals.fromRealm(getName()).iterator().next();
        if (username != null) {
            OrganizationUser user = userService.getUserByName(username);
            if (user != null) {
                SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

                OrganizationPrivilege role = userRoleService.getRole(user.getPrivilegeId());

                List<OrganizationResources> roleResources = userRoleService.getRoleResources(user.getPrivilegeId());

                //赋予角色
                info.addRole(role.getName());
                //赋予权限
                roleResources.forEach(resource -> info.addStringPermission(resource.getPermission()));
                return info;
            }
        }
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        OrganizationUser profile = getAccount(userService, token);

        if (profile.getStatus() == 0) {
            throw new LockedAccountException(profile.getUserId());
        }

        AccountAuthenticationInfo info = new AccountAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
        info.setProfile(profile);

        return info;
    }

    protected OrganizationUser getAccount(UserService userService, AuthenticationToken token) {
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        return userService.login(upToken.getUsername(), String.valueOf(upToken.getPassword()));
    }
}

4、重点记录filter配置中出现的问题。
如上代码,我有2个自定义的过滤器,AuthenticatedFilter可以抛开spring运行,而QueryLimitFiter想使用一些spring管理的bean,所以一开始QueryLimitFiter是使用@Component注释并且在ShiroConfig的@Bean方法中将其注入并配置进shiro的过滤器链。
在使用的时候,原定只是在个别uri触发的QueryLimitFiter,所有uri都会触发它,反而AuthenticatedFilter失效了。查找原因,找到spring的filter链如图,这是借用别人的图,我的图是将accessTokenFilter替换为queryLimitFiter:
这里写图片描述
总之就是自定义的过滤器QueryLimitFiter居然在shiroFilter之外而且运行在shiroFilter之前了。。。

5、解决方案,如上代码,将QueryLimitFiter不交给spring托管,使用new的方式添加到shiro的过滤器链中就没有问题了。出现原因可能是spring会自动将我们自定义的filter加载到它的过滤器链中(待深究!)。

xiaoniuxqq
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Spring-shiro-Boot-7 shiro中的自定义过滤器-LogoutFilter
良之才的专栏
03-17 1518
如果是使用restful的方式,还需要在登出的时候处理token,将其删除才行。 所以还需建立LogoutFiltershiro直接提供了LogoutFilter,我们只要继承之后实现自己的逻辑就可以。这里要说的是与上一个userFilter不同,LogoutFilter继承AdviceFilter,所以我们实现的方法也不同。 boolean preHandle(ServletRequest request, ServletResponse response) (1)如果没有获取到login
SpringBootShiro自定义注解权限控制源码下载
04-06
SpringBootShiro自定义注解权限控制
SpringBoot 集成 Shiro 实现动态uri权限
04-22
本文小编将基于 SpringBoot 集成 Shiro 实现动态uri权限,由前端vue在页面配置uri,Java后端动态刷新权
SpringBoot集成Shiro、Jwt和Redis
10-24
SpringBoot集成Shiro、Jwt和Redis,使用MyBatisPlus框架实现后台数据库操作。
Java实战:Spring Boot中自定义过滤器Filter
最新发布
oandy0的博客
02-24 898
本文将详细介绍如何在Spring Boot应用程序中实现自定义过滤器。我们将探讨Spring Boot集成过滤器的基本概念,以及如何使用Spring Boot实现自定义过滤器
Shiro安全框架【快速入门】就这一篇!
anye0005的博客
01-06 354
Shiro 简介 照例又去官网扒了扒介绍: Apache Shiro™ is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to...
spring boot配置shiro自定义shiro filter匹配异常
qq_46416934的博客
04-22 879
原文地址:http://www.hillfly.com/2017/179.html 最近忙着研究在 Springboot 上使用 Shiro 的问题。刚好就遇到个诡异事,百度 Google 也没找到啥有价值的信息,几番周折自己解决了,这里稍微记录下。 自定义 FilterTOC Shiro 支持自定义 Filter 大家都知道,也经常用,这里我也用到了一个自定义 Filter,主要用于验证接口调用的 AccessToken 是否有效。 // AccessTokenFilter.java public cl
Java 权限框架 Shiro 实战二:与spring集成filter机制
大JAVA解决方案
07-30 214
Shiro和Spring的集成,涉及到很多相关的配置,涉及到shiro的filer机制以及它拥有的各种默认filter,涉及到shiro的权限判断标签,权限注解,涉及到session管理等等方面。 1. 配置 首先需要在web.xml中专门负责接入shirofilter: &lt;!-- shiro 安全过滤器 --&gt; &lt;filter&gt; ...
springboot 整合 shiroshiroFilter 异常抛出问题
qq_36465337的博客
02-08 3500
今天在测试shiro的时候发现 shiro 的AuthenticationException 异常无法被 统一异常处理类处理 这是统一异常处理 这里无法处理 在 MyRealm 当中的异常 为啥呢 ? 原因 : 我在这里捕获到了我想要的异常shiro 整合完 jwt 之后的过滤器BasicHttpAuthenticationFilter 这是他的继承链...
Spring Boot+Shiro+JWT实现多Realm时Filter异常捕捉
小码农大叔叔的博客
09-29 2380
近日,大叔接公司需求,搭建前后端分离的后台管理模块接口。 简述登陆模块相关需求: 用户输入用户名和密码获取JWTToken令牌 用户使用JWTToken令牌访问后端业务接口 大叔简单说下Springboot集成Shiro的过程: 1.在pom.xml引入Shiro <!-- Shiro使用Srping框架 --> <dependency> <groupId&g...
Shiro自定义过滤器会执行两次?看我怎么给你解决
Python专栏
06-07 713
其中第一次是作为shiroFilterChain中的过滤器被shiroFilter调用的,另外又在全局过滤器中注册了我们自定义的过滤器,这就导致了在shirofilter之后,该过滤器又被被执行了一次!这个问题困扰了他一个下午都没有解决,最后不得不求助我来帮忙,那我们就来复现一下这个问题,并给出对应的解决方案吧。现在你会发现,Filter处理一次请求会被执行两次的情况就没有了,现在你知道如何解决这个bug了吗?从控制台的信息中我们可以看出,日志被打印了两次,那么这个问题到底是怎么产生的呢?
如何处理Filter中的异常
weixin_49648855的博客
11-10 1706
shiro解决 无法捕捉异常
SpringBoot集成Shiro进行权限控制和管理的示例
08-27
主要介绍了SpringBoot集成Shiro进行权限控制和管理的示例,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
springboot 集成shiro代码实例
08-28
spring-boot结成shiro权限管理,简单可用。
@requestmapping参数produces,consumes
热门推荐
u011649691的博客
03-05 4万+
produces可能不算一个注解,因为什么呢,它是注解@requestMapping注解里面的属性项, 它的作用是指定返回值类型,不但可以设置返回值类型还可以设定返回值的字符编码; 还有一个属性与其对应,就是consumes: 指定处理请求的提交内容类型(Content-Type),例如application/json, text/html; 他们的使用方法如下: 一、produces的例...
SLF4J日志配置,中文乱码解决
u011649691的博客
07-12 1万+
&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;configuration scan="true" scanPeriod="60 seconds" debug="false"&gt; &lt;contextName&gt;logback&lt;/contextName&gt; &
使用objectmapper将json转list,json转复杂类型
u011649691的博客
06-25 1万+
方法1: List returnBookResults = mapper.readValue(JSON.toJSONString(response.getData()),new TypeReference(){}); 方法2: JavaType javaType = mapper.getTypeFactory().constructParametricType(ArrayList.class...
spring 热加载外部jar包
u011649691的博客
09-19 6751
想法是,将外部的spring工程jar包在spring启动之后可以热加载进spring容器。遗憾的是到现在为止没有实现。 目前尝试的几种思路: 1、自定义classloader–&amp;gt;加载jar包进JVM–&amp;gt;修改spring的classloader,自定义classloader,ext-classloader的父子关系-&amp;gt;将jar包使用注解扫描进入spring-&amp;gt;refresh...
解决shiro修改权限后无法立刻生效
u011649691的博客
01-22 6559
由于我开启使用了shiro的缓存,目前使用的是redis缓存。如果修改了用户的权限或者修改了权限的配置,但是由于有缓存,在缓存失效前shiro不会重新加载用户新的权限,这就导致了修改无法立即生效。查看了网上的解决方案有如下几种: 1、在自定义的AuthorizingRealm中调用this.clearCachedAuthorizationInfo(SecurityUtils.getSubject(...
springboot集成shiro
07-27
对于Spring Boot集成Shiro,你可以按照以下步骤进行操作: 1. 首先,在你的Spring Boot项目中添加Shiro的依赖。你可以在pom.xml文件中添加以下依赖关系: ```xml <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-starter</artifactId> <version>1.7.1</version> </dependency> ``` 2. 创建一个Shiro的配置类,用于配置Shiro的相关组件和属性。可以使用`@Configuration`注解来标记该类作为配置类,并使用`@EnableShiroAnnotation`注解来启用Shiro的注解支持。 ```java @Configuration @EnableShiroAnnotation public class ShiroConfig { // 配置Shiro的相关组件和属性 // ... } ``` 3. 在上述配置类中,可以配置Shiro的Realm、Session管理器、缓存管理器等组件。你可以根据自己的需求选择相应的实现类并进行配置。 ```java @Configuration @EnableShiroAnnotation public class ShiroConfig { @Bean public Realm realm() { // 配置自定义的Realm实现类 // ... return realm; } @Bean public SessionManager sessionManager() { // 配置自定义的Session管理器实现类 // ... return sessionManager; } @Bean public CacheManager cacheManager() { // 配置自定义的缓存管理器实现类 // ... return cacheManager; } // 其他配置项... } ``` 4. 在主配置类中,添加`@Import`注解来引入Shiro的配置类。 ```java @SpringBootApplication @Import(ShiroConfig.class) public class YourApplication { public static void main(String[] args) { SpringApplication.run(YourApplication.class, args); } } ``` 5. 在需要进行权限控制的地方,使用Shiro的注解来标记需要进行权限验证的方法或类。例如,可以使用`@RequiresRoles`注解来限制具有特定角色的用户才能访问方法。 ```java @RestController public class YourController { @RequiresRoles("admin") @GetMapping("/admin") public String admin() { return "Hello, admin!"; } } ``` 这样,你就成功地集成了Spring Boot和Shiro,并可以进行基于角色的权限控制了。当然,以上只是一个简单的示例,你可以根据自己的需求进行更详细的配置和使用。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值