首先是shiro权限管理,要配置文件上传拦截器
//upload文件上传
filterRuleMap.put("/upload/**", “anon”);
@Configuration
public class ShiroConfig {
@Autowired
private RedisUtil redisUtil;
/**
* 先走 filter
*
* @param securityManager the security manager
* @return the shiro filter factory bean
*/
@Bean
public ShiroFilterFactoryBean factory(SecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
Map<String, Filter> filterMap = new HashMap<>();
//设置自定义的JWT过滤器
filterMap.put("jwt", new JWTFilter(redisUtil));
factoryBean.setFilters(filterMap);
Map<String, String> filterRuleMap = new HashMap<>(2);
filterRuleMap.put("/auth/**", "anon");
filterRuleMap.put("/auth/authorization", "anon");
filterRuleMap.put("/auth/authentication", "anon");
filterRuleMap.put("/goods/**", "anon");
//upload文件上传
filterRuleMap.put("/upload/**", "anon");
// filterRuleMap.put("/**", "jwt");
filterRuleMap.put("/**", "anon");
factoryBean.setFilterChainDefinitionMap(filterRuleMap);
return factoryBean;
}
/**
* 注入 securityManager
*
* @return the security manager
*/
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置自定义 realm.
securityManager.setRealm(customRealm());
/*
* 关闭shiro自带的session,详情见文档
* http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
*/
DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
subjectDAO.set