Apache Shiro 中的授权拦截与 Spring Boot 集成不起作用答案

【问题标题】：Authorization interception in Apache Shiro with Spring Boot integration does not workApache Shiro 中的授权拦截与 Spring Boot 集成不起作用
【发布时间】：2022-01-08 20:53:27
【问题描述】：

Apache Shiro 中的授权拦截与 Spring Boot 集成不起作用

  @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        User user = (User) SecurityUtils.getSubject().getPrincipal();
        logger.info(user.getUsername()+"----------------------------"+user.getRoles());
        if (user != null) {
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            info.addStringPermission(user.getPerms());
            return info;
        }
        return null;
    }

这是控制器

@Controller
@RequestMapping("/admin")
public class LoginController {

    @Autowired
    private UserService userService;

    @GetMapping({"","/login"})
    public String loginPage(){
        return "admin/login";
    }

    @PostMapping("/login")
    public String login(@RequestParam String username, @RequestParam String password) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        try {
            subject.login(token);
            return "admin/index";
        } catch (IncorrectCredentialsException ice) {
            throw new MyException(ResultCode.INCORRECTCREDENTAILERROR);
        } catch (UnknownAccountException uae) {
            throw new MyException(ResultCode.UNKONWNACCOUNTERROR);
        } catch (AuthenticationException ae) {
            throw new MyException(ResultCode.USERNAMEPASSWORDERROR);
        }
    }
    @RequestMapping("/index")
    public String adminIndex(){
        return "admin/index";
    }
}

这里是拦截，"/admin/**"、"perms[admin:manage]" 不起作用，但是用"/admin/index"、"perms[admin:manage]" 替换它就可以了。

@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(securityManager);
        bean.setLoginUrl("/admin/login");
        bean.setUnauthorizedUrl("/");
        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/css/**", "anon");
        filterChainDefinitionMap.put("/images/**", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/lib/**", "anon");
        filterChainDefinitionMap.put("/", "anon");
        filterChainDefinitionMap.put("/admin", "anon");

        //problem here
        filterChainDefinitionMap.put("/admin/**", "perms[admin:manage]");

        filterChainDefinitionMap.put("/admin/**", "authc");
        filterChainDefinitionMap.put("/**", "anon");
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return bean;
    }

【问题讨论】：

标签： spring-boot shiro

【解决方案1】：

确保您使用工件<artifactId>shiro-spring-boot-web-starter，而不是shiro-spring。

【讨论】：