我有一个Spring MVC Web应用程序,它使用Spring配置而不是shiro.ini来使用Shiro身份验证。
我想转换到Spring Boot应用程序。
我一直很成功。应用程序在Spring Boot中启动,我的Shiro环境得到设置。但是,我无法弄清楚如何正确设置Shiro过滤器。我需要这样做以确保请求最终由正确的线程处理。
在原始应用中,我在web.xml中配置了Shiro Filter,如下所示:
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我尝试使用这样的Java Config复制它:
@Autowired
private WebSecurityManager webSecurityManager;
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new org.apache.shiro.spring.web.ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(webSecurityManager);
return shiroFilterFactoryBean;
}
@Bean
public org.apache.shiro.spring.LifecycleBeanPostProcessor lifecycleBeanPostProcessor()
{
return new org.apache.shiro.spring.LifecycleBeanPostProcessor();
}
@Bean
public Filter shiroFilter()
{
DelegatingFilterProxy filter = new DelegatingFilterProxy();
filter.setTargetBeanName("shiroFilterFactoryBean");
filter.setTargetFilterLifecycle(true);
return filter;
}
然而,我只是无法将所有东西放在一起,而且没有足够的知识来解决它。我只是看不到将过滤器连接到环境。我猜这与订单设置有关。
有没有人成功地成功使用Spring Boot和Shiro?
答案 0 :(得分:8)
好吧,似乎缺少某些东西,java配置如下:
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/login");
shiroFilter.setSuccessUrl("/index");
shiroFilter.setUnauthorizedUrl("/forbidden");
Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>();
filterChainDefinitionMapping.put("/", "anon");
filterChainDefinitionMapping.put("/home", "authc,roles[guest]");
filterChainDefinitionMapping.put("/admin", "authc,roles[admin]");
shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<String, Filter>();
filters.put("anon", new AnonymousFilter());
filters.put("authc", new FormAuthenticationFilter());
filters.put("logout", new LogoutFilter());
filters.put("roles", new RolesAuthorizationFilter());
filters.put("user", new UserFilter());
shiroFilter.setFilters(filters);
System.out.println(shiroFilter.getFilters().size());
return shiroFilter;
}
@Bean(name = "securityManager")
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm());
return securityManager;
}
@Bean(name = "realm")
@DependsOn("lifecycleBeanPostProcessor")
public PropertiesRealm realm() {
PropertiesRealm propertiesRealm = new PropertiesRealm();
propertiesRealm.init();
return propertiesRealm;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
https://github.com/lenicliu/eg-spring/tree/master/eg-spring-boot/eg-spring-boot-shiro
答案 1 :(得分:2)
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;