之前用spring去集成的时候,用xml配置自定义拦截器,完全没问题。但是换成了springboot就出现了配置了自定义拦截器后所有静态资源全部被拦截,js、css这些。
以下是之前用xml配的正常拦截。
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!--引用指定的安全管理器-->
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.html"/>
<property name="filterChainDefinitions">
<value>
/js/**=anon
/css/**=anon
/logout.do=logout
/**=authc
</value>
</property>
<!--设置当前使用的认证过滤器-->
<property name="filters">
<map>
<entry key="authc" value-ref="crmFormAuthenticationFilter"/>
</map>
</property>
</bean>
以下是springboot配置类配的,配置后所有的静态文件全部被拦截(未配置情况下“anon”静态资源正常访问)
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/static/index.html");
shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
//主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截 剩余的都需要认证
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
HashMap<String, Filter> filters = new HashMap<>();
filters.put("authc",crmFormAuthenticationFilter());
shiroFilterFactoryBean.setFilters(filters);
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/**", "authc");
return shiroFilterFactoryBean;
}
以下是自定义拦截器
public class CRMFormAuthenticationFilter extends FormAuthenticationFilter {
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
String msg = "";
if(e instanceof UnknownAccountException){
msg = "帐号错误";
}else if(e instanceof IncorrectCredentialsException){
msg = "密码错误";
}else{
msg = "未知错误";
}
e.printStackTrace();
response.setContentType("text/json;charset=UTF-8");
try {
JsonResult result = new JsonResult();
result.mark(msg);
response.getWriter().print(JSON.toJSONString(result));
}catch (Exception e1){
e1.printStackTrace();
}
return false;
}
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
response.setContentType("text/json;charset=UTF-8");
response.getWriter().print(JSON.toJSONString(new JsonResult()));
return false;
}
}
望指点,感激不尽!