springboot和shiro整合
2016-10-21 16:55
253 查看
虽然网上一大堆这方面的文章,可是自己去整合还是会遇到这样那样的问题。今天写出来等待和我一样遇到相同问题的人看见。
首先明白一点springboot之后,web.xml配置基本上就是用不上了。那么,我们的shiro整合需要将那些xml和web.xml文件里面的内容整合到系统中。
我把我这方面的代码全部贴出来,然后再一一阐述我遇到的问题。
问题1:filter造成了一个死循环的局面
刚开始整合完毕的时候,我迫不及待的而启动项目,发现我的filter过滤器在无限次的执行,一遍一遍执行停不下来。
我跟了下代码发现了每次请求的时候shiro是通过类AdviceFilter的doFilterInternal方法在执行过滤。
截图我的过滤器形式是:
sysUserFilter->onlineSessionFilter->syncOnlineSessionFilter->formAuthenticationFilter->logoutFilter->myFilter->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,-1,true
很明显,sysUserFilter是一个代理过滤器,它代理了后面的过滤器,而这些过滤器貌似又让我配置到的spring环境中,这样在sysUserFilter中调用后面的过滤器,后面的过滤器后能通过DispatcherServlet找到sysUserFilter过滤器,这样会造成一个死循环的局面。究其原因,是我配置有误:我把所有的过滤器生成类都用@Bean标注了。我将其删除问题消失。
问题2:remeber base64是shiro的类,且不可将其配置成其他的base64(比如common包里的或者jdk里的)。
欢迎加入微信公众号:hyssop的后花园
首先明白一点springboot之后,web.xml配置基本上就是用不上了。那么,我们的shiro整合需要将那些xml和web.xml文件里面的内容整合到系统中。
我把我这方面的代码全部贴出来,然后再一一阐述我遇到的问题。
package com.framework.demo.web.boot.shiro;
import com.framework.demo.web.controller.collection.MyFilter;
import org.apache.shiro.cache.spring.SpringCacheManagerWrapper;
import org.apache.shiro.realm.UserRealm;
import org.apache.shiro.session.mgt.OnlineSessionFactory;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.OnlineSessionDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.CustomFormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.online.OnlineSessionFilter;
import org.apache.shiro.web.filter.sync.SyncOnlineSessionFilter;
import org.apache.shiro.web.filter.user.SysUserFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.OnlineWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.cache.ehcache.EhCacheCacheManager;
import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.core.io.support.ResourcePatternResolver;
import org.springframework.web.filter.DelegatingFilterProxy;
import javax.annotation.Resource;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* Created by demo .
* Auth: hyssop
* Date: 2016-09-28-17:50
*/
@Configuration
public class ShiroConfiguration {
private final String key = "4AvVhmFLUs0KTA3Kprsdag==";
private final String cookiename = "rememberMe";
private final String cookiepath = "/";
private final boolean httponly = true;
private final Integer maxage = -1;
private final String blockurl = "/user/login?blocked=1";
private final String notfoundurl = "/user/login?notfound=1";
private final String errorurl = "/user/login?unknown=1";
private final String logouturl = "/user/login?forcelogout=1";
private final String sucessurl = "/user/login";
private final String asessioncachename = "shiro-activeSessionCache";
private final Long globalSessionTimeout = Long.parseLong("1800000");
private final String loginurl = "/user/login";
private final String unauthurl = "/unauthorized";
private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
@Bean("sessionManager")
public OnlineWebSessionManager getOnlineWebSessionManager(OnlineSessionDAO onlineSessionDAO, SpringCacheManagerWrapper shiroCacheManager) {
OnlineWebSessionManager onlineWebSessionManager = new OnlineWebSessionManager();
onlineWebSessionManager.setGlobalSessionTimeout(globalSessionTimeout);
onlineWebSessionManager.setSessionFactory(getOnlineSessionFactory());
onlineWebSessionManager.setSessionDAO(onlineSessionDAO);
onlineWebSessionManager.setDeleteInvalidSessions(false);
onlineWebSessionManager.setSessionValidationInterval(globalSessionTimeout);
onlineWebSessionManager.setSessionValidationSchedulerEnabled(true);
onlineWebSessionManager.setCacheManager(shiroCacheManager);
onlineWebSessionManager.setSessionIdCookieEnabled(true);
onlineWebSessionManager.setSessionIdCookie(getSimpleCookie());
return onlineWebSessionManager;
}
@Bean(name = "shiroFilter")
@Autowired
public ShiroFilterFactoryBean getShiroFilterFactoryBean(OnlineSessionDAO onlineSessionDAO, DefaultWebSecurityManager securityManager, OnlineSessionFilter onlineSessionFilter, LogoutFilter logoutFilter, SysUserFilter sysUserFilter, SyncOnlineSessionFilter syncOnlineSessionFilter) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean
.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl(loginurl);
shiroFilterFactoryBean.setUnauthorizedUrl(unauthurl);
Map<String, Filter> map = new HashMap<String, Filter>();
map.put("authc", getCustomFormAuthenticationFilter());
map.put("logout", logoutFilter);
map.put("sysUser", sysUserFilter);
map.put("onlineSession", onlineSessionFilter);
map.put("syncOnlineSession", syncOnlineSessionFilter);
map.put("myfilter", getMyFilter());
shiroFilterFactoryBean.setFilters(map);
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
/* filterChainDefinitionMap.put("/favicon.ico", "anon");*/
filterChainDefinitionMap.put("/images/**", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/user/login", "authc");
filterChainDefinitionMap.put("/**", "sysUser,onlineSession,syncOnlineSession,perms,roles");
shiroFilterFactoryBean
.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean(name = "userRealm")
@Autowired
public UserRealm getShiroRealm(ApplicationContext ctx) {
UserRealm userRealm = new UserRealm(ctx);
return userRealm;
}
@Bean(name = "sessionIdGenerator")
public JavaUuidSessionIdGenerator getJavaUuidSessionIdGenerator() {
return new JavaUuidSessionIdGenerator();
}
@Bean(name = "OnlineSessionFactory")
public OnlineSessionFactory getOnlineSessionFactory() {
OnlineSessionFactory onlineSessionFactory = new OnlineSessionFactory();
return onlineSessionFactory;
}
@Bean(name = "rememberMeManager")
public CookieRememberMeManager getCookieRememberMeManager(SimpleCookie rememberMeCookie) {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCipherKey(org.apache.shiro.codec.Base64.decode(key));
cookieRememberMeManager.setCookie(rememberMeCookie);
return cookieRememberMeManager;
}
@Bean(name = "sessionIdCookie")
public SimpleCookie getSimpleCookie() {
SimpleCookie simpleCookie = new SimpleCookie(cookiename);
simpleCookie.setPath(cookiepath);
simpleCookie.setHttpOnly(httponly);
simpleCookie.setMaxAge(maxage);
return simpleCookie;
}
@Bean(name = "rememberMeCookie")
public SimpleCookie getRemSimpleCookie() {
SimpleCookie simpleCookie = new SimpleCookie(cookiename);
simpleCookie.setPath(cookiepath);
simpleCookie.setHttpOnly(httponly);
simpleCookie.setMaxAge(maxage);
return simpleCookie;
}
@Bean(name = "springCacheManager")
@Resource
public EhCacheCacheManager getSpringCacheManagerWrapper(EhCacheManagerFactoryBean ehCacheManagerFactoryBean) {
EhCacheCacheManager ehCacheCacheManager = new EhCacheCacheManager();
ehCacheCacheManager.setCacheManager(ehCacheManagerFactoryBean.getObject());
return ehCacheCacheManager;
}
@Bean(name = "shiroCacheManager")
public SpringCacheManagerWrapper getShiroCacheManager(EhCacheCacheManager ehCacheCacheManager) {
SpringCacheManagerWrapper springCacheManagerWrapper = new SpringCacheManagerWrapper();
springCacheManagerWrapper.setCacheManager(ehCacheCacheManager);
return springCacheManagerWrapper;
}
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
daap.setProxyTargetClass(false);
return daap;
}
@Bean(name ="ehCacheManagerFactoryBean")
public EhCacheManagerFactoryBean getEhCacheCacheManager() {
EhCacheManagerFactoryBean ehCacheManagerFactoryBean = new EhCacheManagerFactoryBean();
ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
ehCacheManagerFactoryBean.setConfigLocation(resolver.getResource("classpath:conf/ehcache/ehcache_es.xml"));
return ehCacheManagerFactoryBean;
}
@Bean(name = "securityManager")
@Autowired
public DefaultWebSecurityManager getDefaultWebSecurityManager(UserRealm userRealm, OnlineWebSessionManager onlineWebSessionManager, CookieRememberMeManager cookieRememberMeManager) {
DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
dwsm.setRealm(userRealm);
dwsm.setSessionManager(onlineWebSessionManager);
dwsm.setRememberMeManager(cookieRememberMeManager);
return dwsm;
}
@Bean(name = "sysUserFilter")
public SysUserFilter getSysUserFilter() {
SysUserFilter sysUserFilter = new SysUserFilter();
sysUserFilter.setUserBlockedUrl(blockurl);
sysUserFilter.setUserNotfoundUrl(notfoundurl);
sysUserFilter.setUserUnknownErrorUrl(errorurl);
return sysUserFilter;
}
@Autowired
@Bean(name = "onlineSessionFilter")
public OnlineSessionFilter getOnlineSessionFilter(OnlineSessionDAO onlineSessionDAO) {
OnlineSessionFilter onlineSessionFilter = new OnlineSessionFilter();
onlineSessionFilter.setForceLogoutUrl(logouturl);
onlineSessionFilter.setOnlineSessionDAO(onlineSessionDAO);
return onlineSessionFilter;
}
@Autowired
@Bean(name = "syncOnlineSessionFilter")
public SyncOnlineSessionFilter getSyncOnlineSessionFilter(OnlineSessionDAO onlineSessionDAO) {
SyncOnlineSessionFilter syncOnlineSessionFilter = new SyncOnlineSessionFilter();
syncOnlineSessionFilter.setOnlineSessionDAO(onlineSessionDAO);
return syncOnlineSessionFilter;
}
public CustomFormAuthenticationFilter getCustomFormAuthenticationFilter() {
CustomFormAuthenticationFilter customFormAuthenticationFilter = new CustomFormAuthenticationFilter();
customFormAuthenticationFilter.setDefaultSuccessUrl(sucessurl);
customFormAuthenticationFilter.setAdminDefaultSuccessUrl(sucessurl);
customFormAuthenticationFilter.setUsernameParam("username");
customFormAuthenticationFilter.setPasswordParam("password");
customFormAuthenticationFilter.setRememberMeParam("rememberMe");
return customFormAuthenticationFilter;
}
@Bean(name = "logoutFilter")
public LogoutFilter getLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl(sucessurl);
return logoutFilter;
}
@Bean(name = "onlineSessionDAO")
public OnlineSessionDAO getOnlineSessionDAO(JavaUuidSessionIdGenerator sessionIdGenerator) {
OnlineSessionDAO onlineSessionDAO = new OnlineSessionDAO();
onlineSessionDAO.setSessionIdGenerator(sessionIdGenerator);
onlineSessionDAO.setActiveSessionsCacheName(asessioncachename);
return onlineSessionDAO;
}
@Bean
@Autowired
public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
aasa.setSecurityManager(securityManager);
return new AuthorizationAttributeSourceAdvisor();
}
/*给自己留了一个口加过滤器*/
public MyFilter getMyFilter() {
return new MyFilter();
}
public static Map<String, String> getFilterChainDefinitionMap() {
return filterChainDefinitionMap;
}
public static void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) {
ShiroConfiguration.filterChainDefinitionMap = filterChainDefinitionMap;
}
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
DelegatingFilterProxy delegatingFilterProxy = new DelegatingFilterProxy("shiroFilter");
delegatingFilterProxy.setTargetFilterLifecycle(true);
filterRegistration.setEnabled(true);
filterRegistration.setFilter(delegatingFilterProxy); // 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.addUrlPatterns("/*");
filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
return filterRegistration;
}
}问题1:filter造成了一个死循环的局面
刚开始整合完毕的时候,我迫不及待的而启动项目,发现我的filter过滤器在无限次的执行,一遍一遍执行停不下来。
我跟了下代码发现了每次请求的时候shiro是通过类AdviceFilter的doFilterInternal方法在执行过滤。
截图我的过滤器形式是:
sysUserFilter->onlineSessionFilter->syncOnlineSessionFilter->formAuthenticationFilter->logoutFilter->myFilter->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,-1,true
很明显,sysUserFilter是一个代理过滤器,它代理了后面的过滤器,而这些过滤器貌似又让我配置到的spring环境中,这样在sysUserFilter中调用后面的过滤器,后面的过滤器后能通过DispatcherServlet找到sysUserFilter过滤器,这样会造成一个死循环的局面。究其原因,是我配置有误:我把所有的过滤器生成类都用@Bean标注了。我将其删除问题消失。
问题2:remeber base64是shiro的类,且不可将其配置成其他的base64(比如common包里的或者jdk里的)。
欢迎加入微信公众号:hyssop的后花园
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- springboot(十四):springboot整合shiro-登录认证和权限管理
- springboot整合shiro
- SpringBoot学习:整合shiro(rememberMe记住我后自动登录session失效解决办法)
- SpringBoot整合mybatis、shiro、redis实现基于数据库的细粒度动态权限管理系统实例(转)
- springboot(十四):springboot整合shiro-登录认证和权限管理
- springboot(十四):springboot整合shiro-登录认证和权限管理
- springboot(十四):springboot整合shiro-登录认证和权限管理
- SpringBoot学习:整合shiro(身份认证和权限认证),使用EhCache缓存(转)
- springboot 整合shiro笔记
- SpringBoot整合mybatis、shiro、redis实现基于数据库的细粒度动态权限管理系统实例
- SpringBoot整合mybatis,shiro,redisjiyushujuku细粒度动态权限管理
- springboot整合shiro-登录认证和权限管理
- SpringBoot整合mybatis、shiro、redis实现基于数据库的细粒度动态权限管理系统实例
- SpringBoot学习:整合shiro(rememberMe记住我后自动登录session失效解决办法)
- 【Shiro】Apache Shiro架构之实际运用(整合到Spring中)
- SpringMVC整合Shiro与filterChainDefinitions过滤器配置
- shiro与springMVC的整合
- SpringBoot+shiro整合学习之登录认证和权限控制
- springboot shiro 整合
- 【Java】SpringMVC整合Shiro记录