在使用springboot整合shiro的过程中,希望静态资源资源不受shiro过滤器‘authc’拦截,于是定义了“anon”,测试发现根本不生效,静态资源路径下的资源(如/js/**)依旧会被拦截并重定向到/login,以下是我的shiro javaconfig
ShiroConfig.java
@Configuration
public class ShiroConfig {
@Value("${shiro.credentialsMatcher.hashIterations}")
private int hashIterations;
@Value("${shiro.credentialsMatcher.storedCredentialsHexEncoded}")
private boolean storedCredentialsHexEncoded;
@Configuration
protected static class Processor {
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
final DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
proxyCreator.setProxyTargetClass(true);
return proxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
@Bean("credentialsMatcher")
public HashedCredentialsMatcher getCredentialsMatcher() {
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("MD5");
credentialsMatcher.setHashIterations(hashIterations);
credentialsMatcher.setStoredCredentialsHexEncoded(storedCredentialsHexEncoded);
return credentialsMatcher;
}
@Bean(name = "shiroEhcacheManager")
@DependsOn("lifecycleBeanPostProcessor")
public EhCacheManager getEhCacheManager() {
EhCacheManager em = new EhCacheManager();
em.setCacheManagerConfigFile("classpath:conf/shiro-ehcache.xml");
return em;
}
@Bean("userRealm")
@DependsOn("lifecycleBeanPostProcessor")
public UserRealm getUserRealm(HashedCredentialsMatcher credentialsMatcher) {
UserRealm userRealm = new UserRealm();
userRealm.setCachingEnabled(false);
userRealm.setCredentialsMatcher(credentialsMatcher);
return userRealm;
}
@Bean("securityManager")
public DefaultWebSecurityManager getSecurityManager(UserRealm userRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setCacheManager(getEhCacheManager());
securityManager.setRealm(userRealm);
return securityManager;
}
@Bean("shiroFilter")
public ShiroFilterFactoryBean getShiroFilter(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> filterChainDefinitionMap = Maps.newHashMap();
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/plugins/**", "anon");
filterChainDefinitionMap.put("/error/**", "anon");
filterChainDefinitionMap.put("/login", "authc");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/");
shiroFilterFactoryBean.setUnauthorizedUrl("/login");
return shiroFilterFactoryBean;
}
}
请指正
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…