java - shiro anon 不生效
问题描述
在使用springboot整合shiro的过程中,希望静态资源资源不受shiro过滤器‘authc’拦截,于是定义了“anon”,测试发现根本不生效,静态资源路径下的资源(如/js/**)依旧会被拦截并重定向到/login,以下是我的shiro javaconfig
ShiroConfig.java@Configurationpublic class ShiroConfig { @Value('${shiro.credentialsMatcher.hashIterations}') private int hashIterations; @Value('${shiro.credentialsMatcher.storedCredentialsHexEncoded}') private boolean storedCredentialsHexEncoded; @Configuration protected static class Processor {@Beanpublic LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor();}@Bean@DependsOn('lifecycleBeanPostProcessor')public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { final DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator(); proxyCreator.setProxyTargetClass(true); return proxyCreator;}@Beanpublic AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor;} } @Bean('credentialsMatcher') public HashedCredentialsMatcher getCredentialsMatcher() {HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();credentialsMatcher.setHashAlgorithmName('MD5');credentialsMatcher.setHashIterations(hashIterations);credentialsMatcher.setStoredCredentialsHexEncoded(storedCredentialsHexEncoded);return credentialsMatcher; } @Bean(name = 'shiroEhcacheManager') @DependsOn('lifecycleBeanPostProcessor') public EhCacheManager getEhCacheManager() {EhCacheManager em = new EhCacheManager();em.setCacheManagerConfigFile('classpath:conf/shiro-ehcache.xml');return em; } @Bean('userRealm') @DependsOn('lifecycleBeanPostProcessor') public UserRealm getUserRealm(HashedCredentialsMatcher credentialsMatcher) {UserRealm userRealm = new UserRealm();userRealm.setCachingEnabled(false);userRealm.setCredentialsMatcher(credentialsMatcher);return userRealm; } @Bean('securityManager') public DefaultWebSecurityManager getSecurityManager(UserRealm userRealm) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();securityManager.setCacheManager(getEhCacheManager());securityManager.setRealm(userRealm);return securityManager; } @Bean('shiroFilter') public ShiroFilterFactoryBean getShiroFilter(DefaultWebSecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(securityManager);Map<String, String> filterChainDefinitionMap = Maps.newHashMap();filterChainDefinitionMap.put('/css/**', 'anon');filterChainDefinitionMap.put('/img/**', 'anon');filterChainDefinitionMap.put('/js/**', 'anon');filterChainDefinitionMap.put('/plugins/**', 'anon');filterChainDefinitionMap.put('/error/**', 'anon');filterChainDefinitionMap.put('/login', 'authc');filterChainDefinitionMap.put('/logout', 'logout');filterChainDefinitionMap.put('/**', 'authc');shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);shiroFilterFactoryBean.setLoginUrl('/login');shiroFilterFactoryBean.setSuccessUrl('/');shiroFilterFactoryBean.setUnauthorizedUrl('/login');return shiroFilterFactoryBean; }}
请指正
问题解答
回答1:解决了,filterChainDefinitionMap应当为LinkedHashMap
相关文章:
1. angular.js - protractor初学 参考案例运行测试文件 报Error: Timeout2. css - 移动端 盒子内加overflow-y:scroll后 字体会变大3. angular.js - angular post的Content-Type被设置,导致不能上传图片,求助!!4. 关docker hub上有些镜像的tag被标记““This image has vulnerabilities””5. android - 如何缩小APK的体积6. position:absolute、float、display:inline-block 都能实现相同效果,区别是什么?7. javascript - JS new Date() 保存到 mongodb 中会早8个小时,我们这里是东八区,mongodb 保存的是格林尼治时间8. javascript - 奇怪的Symbol的问题9. javascript - 在vue-cli引入vux后 使用报错10. node.js - 问个问题 Uncaught (in promise)
网公网安备