Question

我使用springboot测试shiro，但无论像127.0.0.1:8080/index这样的网址被重定向到UnauthorizedUrl（“/ error”）;

这是我的ShiroConfig：

@Configuration
public class ShiroConfig {

    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public MyShiroRealm myShiroRealm(){
        MyShiroRealm myShiroRealm = new MyShiroRealm();
        myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return myShiroRealm;
    }

    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        hashedCredentialsMatcher.setHashIterations(2);
        return hashedCredentialsMatcher;
    }

    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        //securityManager.setCacheManager(ehCacheManager());
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilter() {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager());

        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
        filterChainDefinitionMap.put("/index", "anon");

        filterChainDefinitionMap.put("/logout", "logout");

        filterChainDefinitionMap.put("/**", "authc");

        shiroFilterFactoryBean.setLoginUrl("/login");

        shiroFilterFactoryBean.setSuccessUrl("/welcome");
        //Unauthorized;
        shiroFilterFactoryBean.setUnauthorizedUrl("/error");        
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);       
        return shiroFilterFactoryBean;
    } 

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    @ConditionalOnMissingBean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
        defaultAAP.setProxyTargetClass(true);
        return defaultAAP;
    }

    @Bean
    public PassThruAuthenticationFilter passThruAuthenticationFilter(){
        return new PassThruAuthenticationFilter();
    }
}

和王国

public class MyShiroRealm extends AuthorizingRealm {
    private static final  Logger LOGGER = Logger.getLogger(MyShiroRealm.class);
    @Resource 
    UserService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        LOGGER.info("AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) : "+principalCollection);
        String principal=(String) principalCollection.getPrimaryPrincipal();
        LOGGER.info(principal);
        User user=(User) userService.findUserByName(principal);
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        for(Role role:user.getRoles()){
            info.addRole(role.getName());
            for(Permission permission:role.getPermissions()){
                info.addStringPermission(permission.getName());
            }
        }
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        LOGGER.info("AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) : "+authenticationToken);
        String name=((UsernamePasswordToken)authenticationToken).getUsername();
        User user=userService.findUserByName(name);
        if (user != null) {
          Session session = SecurityUtils.getSubject().getSession();
          session.setAttribute("user", user);
          return new SimpleAuthenticationInfo(name,user.getPassword(),getName());
      } else {
          return null;
      }
    }
}

application.properties中的属性

#thymeleaf
spring.thymeleaf.cache=false

#hibernate
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect

spring.jpa.show-sql= true
#html

spring.mvc.view.prefix=/

spring.mvc.view.suffix=.html

未提供数据库属性。 Tomcat的服务器端口是8080。

资源目录： dir of resource

当我访问“127.0.0.1:8080/index”时，它会重定向到由

设置的“错误”页面

  shiroFilterFactoryBean.setUnauthorizedUrl("/error");.

当给出“/ login”Controller方法时，它会重定向到登录页面。

我很困惑，无法找到解决问题的方法。

更新

将index.html移动到模板目录并生成@RequestMapping（“/ index”）方法后，我在浏览器中获取索引。（如果index.html在静态目录中，则为@RequestMapping（“/ index“）方法不起作用。）我怎么能得到静态html？

Answer 1

在我测试时，对于静态文件夹中的资源，例如＆＃34; / css / **＆＃34;，＆＃34; /index.html" ，

如果我们想要访问它们而不被shiro拦截，

全名，如

 "127.0.0.1:8080/css/a.css" or "127.0.0.1:8080/index.html",

应该使用

，

其中filterChainDefinitionMap应设置为

    filterChainDefinitionMap.put("/index.html", "anon");

    filterChainDefinitionMap.put("/css/**", "anon");

为什么“/ index”重定向到shiro中的UnauthorizedUrl？

1 个答案: