解決Shiro+SpringBoot自定義Filter不生效問題

本文轉載自查看原文 2017-12-13 16:59 9696

在SpringBoot+Shiro實現安全框架的時候，自定義擴展了一些Filter，並注冊到ShiroFilter，但是運行的時候發現總是在ShiroFilter之前就進入了自定義Filter，結果當然是不對的。

<!--自定義登陸攔截器，支持Ajax-->
    <bean id="smartfxLoginFilter"  class="com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter">
        <property name="loginUrl" value="${shiro.login.url:/login}"/>
    </bean>
    <!--自定義角色codes攔截器，支持Ajax-->
    <bean id="smartfxRolesFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter">
    </bean>
    <!--自定義Perm攔截器，支持Ajax-->
    <bean id="smartfxPermsFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter">
    </bean>
    <!--自定義session踢出攔截器-->
    <bean id="smartfxKickoutFilter" class="com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter">
        <property name="kickoutUrl" value="${shiro.kickout.url:/login}"/>
        <property name="kickoutAfter" value="${shiro.keckout.after:true}"/>
        <property name="userSessionCount" value="${shiro.kickout.maxSessionCount:1}"/>
        <property name="sessionDao"  ref="redisSessionDao"/>
    </bean>

經過查看相關文檔，發現其實是SpringBoot自動幫我們注冊了我們的Filter,典型的好心辦壞事。我們要的是希望Shiro來管理我們的自定義Filter，所以我們要想辦法取消SpringBoot自動注冊我們的Filter。

參考這里

As described above any Servlet or Filter beans will be registered with the servlet container automatically. To disable registration of a particular Filter or Servlet bean create a registration bean for it and mark it as disabled.

所以解決辦法是另外多定義一份配置文件告訴SpringBoot不要自作多情：

package com.smartdata360.smartfx.shiro.config;

import com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter;
import com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter;
import com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter;
import com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author liushuishang@gmail.com
 * @date 2017/12/13 15:27
 **/
@Configuration
public class ShiroFilterRegisterConfig {

    @Bean
    public FilterRegistrationBean shiroLoginFilteRegistration(ShiroLoginFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }


    @Bean
    public FilterRegistrationBean shiroRolesFilterRegistration(ShiroRolesFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }
    @Bean
    public FilterRegistrationBean shiroPermsFilterRegistration(ShiroPermsFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }

    @Bean
    public FilterRegistrationBean kickoutSessionFilterRegistration(KickoutSessionFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }
}

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 shiro 自定義filter SpringBoot Shiro，解決Shiro中自定義Realm Autowired屬性為空問題細說shiro之自定義filter SpringBoot自定義Filter spring整合shiro自定義shiro授權filter Shiro權限管理框架（五）：自定義Filter實現及其問題排查記錄 Shiro整合springboot以及自定義Realm Springboot中Shiro自定義jsessionId springboot中添加自定義filter springboot(八)自定義Filter、自定義Property