use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project Spring-Family by Sierou-Java.
the class ShiroConfiguration method shiroFilter.
/**
* ShiroFilterFactoryBean 处理拦截资源文件问题。
* 注意:单独一个ShiroFilterFactoryBean配置是或报错的,以为在
* 初始化ShiroFilterFactoryBean的时候需要注入:SecurityManager
*
* Filter Chain定义说明
* 1、一个URL可以配置多个Filter,使用逗号分隔
* 2、当设置多个过滤器时,全部验证通过,才视为通过
* 3、部分过滤器可指定参数,如perms,roles
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
System.out.println("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
// 配置记住我或认证通过可以访问的地址
filterChainDefinitionMap.put("/index", "user");
filterChainDefinitionMap.put("/", "user");
// <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/**", "authc");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index");
// 未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project shiro by apache.
the class AbstractShiroWebFilterConfiguration method shiroFilterFactoryBean.
protected ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setLoginUrl(loginUrl);
filterFactoryBean.setSuccessUrl(successUrl);
filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
filterFactoryBean.setSecurityManager(securityManager);
filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
return filterFactoryBean;
}
use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project shiro by apache.
the class ShiroWebFilterConfiguration method filterShiroFilterRegistrationBean.
@Bean(name = "filterShiroFilterRegistrationBean")
@ConditionalOnMissingBean
protected FilterRegistrationBean filterShiroFilterRegistrationBean() throws Exception {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter((AbstractShiroFilter) shiroFilterFactoryBean().getObject());
filterRegistrationBean.setOrder(1);
return filterRegistrationBean;
}
use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project wechat by dllwh.
the class ShiroConfig method shiroFilter.
/**
* ----------------------------------------------------- Fields end
*/
/**
* @方法描述 :
*
* <pre>
* Shiro主过滤器本身功能十分强大,其强大之处就在于它支持任何基于URL路径表达式的、自定义的过滤器的执行
* Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持
* </pre>
*
* @return
*/
// @Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();
// Shiro的核心安全接口,这个属性是必须的
shiroFilterFactory.setSecurityManager(securityManager());
// 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactory.setLoginUrl(FilterHelper.LOGIN_ACTION);
// 登录成功后要跳转的链接
shiroFilterFactory.setSuccessUrl(FilterHelper.LOGIN_ACTION);
// 用户访问未对其授权的资源时,所显示的连接;
shiroFilterFactory.setUnauthorizedUrl(FilterHelper.UNAUTHORIZED);
/**
* 自定义拦截器
*/
Map<String, Filter> filtersMap = new LinkedHashMap<String, Filter>();
// 登录校验
filtersMap.put("loginFilter", new LoginFilter());
// 角色判断校验
filtersMap.put("roleFilter", new RoleFilter());
// 权限校验
filtersMap.put("permissionFilter", new PermissionFilter());
filtersMap.put("kickoutFilter", kickoutSessionFilter());
// 用户session
filtersMap.put("userSessionFilter", new UserSessionFilter());
shiroFilterFactory.setFilters(filtersMap);
/**
* Shiro连接约束配置,即权限控制map.
* 第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的
*/
Map<String, String> filterMap = new LinkedHashMap<String, String>();
filterMap.put("/loginController**", "anon");
filterMap.put("/sysPage/**", "anon,kickoutFilter");
filterMap.put("/homeController/**", "loginFilter");
filterMap.put("/dataSourceController**", "authc,roleFilter[administrator]");
filterMap.put("/**", "authc,loginFilter,permissionFilter,kickoutFilter");
shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactory;
}
use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project littlefisher-system by littlefishercoder.
the class ShiroConfig method shirFilter.
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 过滤链定义,从上向下顺序执行,一般将/**放在最为下边
// 这是一个坑呢,一不小心代码就不好使了
Map<String, String> filterChainDefinitionMap = Maps.newLinkedHashMap();
if (Boolean.valueOf(littleFisherProperties.getShiro().getSwaggerFileChainEnable())) {
filterChainDefinitionMap.putAll(getSwaggerFilterChainDefinitionMap());
}
// 添加application.yml中的过滤链
filterChainDefinitionMap.putAll(littleFisherProperties.getShiro().getFilterChainDefinition());
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl(littleFisherProperties.getShiro().getLoginUrl());
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl(littleFisherProperties.getShiro().getSuccessUrl());
// 未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl(littleFisherProperties.getShiro().getUnauthorizedUrl());
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Aggregations