springboot和shiro整合
2016-10-21 16:55
253 查看
虽然网上一大堆这方面的文章,可是自己去整合还是会遇到这样那样的问题。今天写出来等待和我一样遇到相同问题的人看见。
首先明白一点springboot之后,web.xml配置基本上就是用不上了。那么,我们的shiro整合需要将那些xml和web.xml文件里面的内容整合到系统中。
我把我这方面的代码全部贴出来,然后再一一阐述我遇到的问题。
问题1:filter造成了一个死循环的局面
刚开始整合完毕的时候,我迫不及待的而启动项目,发现我的filter过滤器在无限次的执行,一遍一遍执行停不下来。
我跟了下代码发现了每次请求的时候shiro是通过类AdviceFilter的doFilterInternal方法在执行过滤。
截图我的过滤器形式是:
sysUserFilter->onlineSessionFilter->syncOnlineSessionFilter->formAuthenticationFilter->logoutFilter->myFilter->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,-1,true
很明显,sysUserFilter是一个代理过滤器,它代理了后面的过滤器,而这些过滤器貌似又让我配置到的spring环境中,这样在sysUserFilter中调用后面的过滤器,后面的过滤器后能通过DispatcherServlet找到sysUserFilter过滤器,这样会造成一个死循环的局面。究其原因,是我配置有误:我把所有的过滤器生成类都用@Bean标注了。我将其删除问题消失。
问题2:remeber base64是shiro的类,且不可将其配置成其他的base64(比如common包里的或者jdk里的)。
欢迎加入微信公众号:hyssop的后花园
首先明白一点springboot之后,web.xml配置基本上就是用不上了。那么,我们的shiro整合需要将那些xml和web.xml文件里面的内容整合到系统中。
我把我这方面的代码全部贴出来,然后再一一阐述我遇到的问题。
package com.framework.demo.web.boot.shiro; import com.framework.demo.web.controller.collection.MyFilter; import org.apache.shiro.cache.spring.SpringCacheManagerWrapper; import org.apache.shiro.realm.UserRealm; import org.apache.shiro.session.mgt.OnlineSessionFactory; import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator; import org.apache.shiro.session.mgt.eis.OnlineSessionDAO; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.filter.authc.CustomFormAuthenticationFilter; import org.apache.shiro.web.filter.authc.LogoutFilter; import org.apache.shiro.web.filter.online.OnlineSessionFilter; import org.apache.shiro.web.filter.sync.SyncOnlineSessionFilter; import org.apache.shiro.web.filter.user.SysUserFilter; import org.apache.shiro.web.mgt.CookieRememberMeManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.OnlineWebSessionManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.cache.ehcache.EhCacheCacheManager; import org.springframework.cache.ehcache.EhCacheManagerFactoryBean; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Scope; import org.springframework.core.io.support.PathMatchingResourcePatternResolver; import org.springframework.core.io.support.ResourcePatternResolver; import org.springframework.web.filter.DelegatingFilterProxy; import javax.annotation.Resource; import javax.servlet.DispatcherType; import javax.servlet.Filter; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; /** * Created by demo . * Auth: hyssop * Date: 2016-09-28-17:50 */ @Configuration public class ShiroConfiguration { private final String key = "4AvVhmFLUs0KTA3Kprsdag=="; private final String cookiename = "rememberMe"; private final String cookiepath = "/"; private final boolean httponly = true; private final Integer maxage = -1; private final String blockurl = "/user/login?blocked=1"; private final String notfoundurl = "/user/login?notfound=1"; private final String errorurl = "/user/login?unknown=1"; private final String logouturl = "/user/login?forcelogout=1"; private final String sucessurl = "/user/login"; private final String asessioncachename = "shiro-activeSessionCache"; private final Long globalSessionTimeout = Long.parseLong("1800000"); private final String loginurl = "/user/login"; private final String unauthurl = "/unauthorized"; private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); @Bean("sessionManager") public OnlineWebSessionManager getOnlineWebSessionManager(OnlineSessionDAO onlineSessionDAO, SpringCacheManagerWrapper shiroCacheManager) { OnlineWebSessionManager onlineWebSessionManager = new OnlineWebSessionManager(); onlineWebSessionManager.setGlobalSessionTimeout(globalSessionTimeout); onlineWebSessionManager.setSessionFactory(getOnlineSessionFactory()); onlineWebSessionManager.setSessionDAO(onlineSessionDAO); onlineWebSessionManager.setDeleteInvalidSessions(false); onlineWebSessionManager.setSessionValidationInterval(globalSessionTimeout); onlineWebSessionManager.setSessionValidationSchedulerEnabled(true); onlineWebSessionManager.setCacheManager(shiroCacheManager); onlineWebSessionManager.setSessionIdCookieEnabled(true); onlineWebSessionManager.setSessionIdCookie(getSimpleCookie()); return onlineWebSessionManager; } @Bean(name = "shiroFilter") @Autowired public ShiroFilterFactoryBean getShiroFilterFactoryBean(OnlineSessionDAO onlineSessionDAO, DefaultWebSecurityManager securityManager, OnlineSessionFilter onlineSessionFilter, LogoutFilter logoutFilter, SysUserFilter sysUserFilter, SyncOnlineSessionFilter syncOnlineSessionFilter) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean .setSecurityManager(securityManager); shiroFilterFactoryBean.setLoginUrl(loginurl); shiroFilterFactoryBean.setUnauthorizedUrl(unauthurl); Map<String, Filter> map = new HashMap<String, Filter>(); map.put("authc", getCustomFormAuthenticationFilter()); map.put("logout", logoutFilter); map.put("sysUser", sysUserFilter); map.put("onlineSession", onlineSessionFilter); map.put("syncOnlineSession", syncOnlineSessionFilter); map.put("myfilter", getMyFilter()); shiroFilterFactoryBean.setFilters(map); filterChainDefinitionMap.put("/static/**", "anon"); filterChainDefinitionMap.put("/js/**", "anon"); filterChainDefinitionMap.put("/css/**", "anon"); /* filterChainDefinitionMap.put("/favicon.ico", "anon");*/ filterChainDefinitionMap.put("/images/**", "anon"); filterChainDefinitionMap.put("/logout", "logout"); filterChainDefinitionMap.put("/user/login", "authc"); filterChainDefinitionMap.put("/**", "sysUser,onlineSession,syncOnlineSession,perms,roles"); shiroFilterFactoryBean .setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } @Bean(name = "userRealm") @Autowired public UserRealm getShiroRealm(ApplicationContext ctx) { UserRealm userRealm = new UserRealm(ctx); return userRealm; } @Bean(name = "sessionIdGenerator") public JavaUuidSessionIdGenerator getJavaUuidSessionIdGenerator() { return new JavaUuidSessionIdGenerator(); } @Bean(name = "OnlineSessionFactory") public OnlineSessionFactory getOnlineSessionFactory() { OnlineSessionFactory onlineSessionFactory = new OnlineSessionFactory(); return onlineSessionFactory; } @Bean(name = "rememberMeManager") public CookieRememberMeManager getCookieRememberMeManager(SimpleCookie rememberMeCookie) { CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCipherKey(org.apache.shiro.codec.Base64.decode(key)); cookieRememberMeManager.setCookie(rememberMeCookie); return cookieRememberMeManager; } @Bean(name = "sessionIdCookie") public SimpleCookie getSimpleCookie() { SimpleCookie simpleCookie = new SimpleCookie(cookiename); simpleCookie.setPath(cookiepath); simpleCookie.setHttpOnly(httponly); simpleCookie.setMaxAge(maxage); return simpleCookie; } @Bean(name = "rememberMeCookie") public SimpleCookie getRemSimpleCookie() { SimpleCookie simpleCookie = new SimpleCookie(cookiename); simpleCookie.setPath(cookiepath); simpleCookie.setHttpOnly(httponly); simpleCookie.setMaxAge(maxage); return simpleCookie; } @Bean(name = "springCacheManager") @Resource public EhCacheCacheManager getSpringCacheManagerWrapper(EhCacheManagerFactoryBean ehCacheManagerFactoryBean) { EhCacheCacheManager ehCacheCacheManager = new EhCacheCacheManager(); ehCacheCacheManager.setCacheManager(ehCacheManagerFactoryBean.getObject()); return ehCacheCacheManager; } @Bean(name = "shiroCacheManager") public SpringCacheManagerWrapper getShiroCacheManager(EhCacheCacheManager ehCacheCacheManager) { SpringCacheManagerWrapper springCacheManagerWrapper = new SpringCacheManagerWrapper(); springCacheManagerWrapper.setCacheManager(ehCacheCacheManager); return springCacheManagerWrapper; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator(); daap.setProxyTargetClass(false); return daap; } @Bean(name ="ehCacheManagerFactoryBean") public EhCacheManagerFactoryBean getEhCacheCacheManager() { EhCacheManagerFactoryBean ehCacheManagerFactoryBean = new EhCacheManagerFactoryBean(); ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver(); ehCacheManagerFactoryBean.setConfigLocation(resolver.getResource("classpath:conf/ehcache/ehcache_es.xml")); return ehCacheManagerFactoryBean; } @Bean(name = "securityManager") @Autowired public DefaultWebSecurityManager getDefaultWebSecurityManager(UserRealm userRealm, OnlineWebSessionManager onlineWebSessionManager, CookieRememberMeManager cookieRememberMeManager) { DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager(); dwsm.setRealm(userRealm); dwsm.setSessionManager(onlineWebSessionManager); dwsm.setRememberMeManager(cookieRememberMeManager); return dwsm; } @Bean(name = "sysUserFilter") public SysUserFilter getSysUserFilter() { SysUserFilter sysUserFilter = new SysUserFilter(); sysUserFilter.setUserBlockedUrl(blockurl); sysUserFilter.setUserNotfoundUrl(notfoundurl); sysUserFilter.setUserUnknownErrorUrl(errorurl); return sysUserFilter; } @Autowired @Bean(name = "onlineSessionFilter") public OnlineSessionFilter getOnlineSessionFilter(OnlineSessionDAO onlineSessionDAO) { OnlineSessionFilter onlineSessionFilter = new OnlineSessionFilter(); onlineSessionFilter.setForceLogoutUrl(logouturl); onlineSessionFilter.setOnlineSessionDAO(onlineSessionDAO); return onlineSessionFilter; } @Autowired @Bean(name = "syncOnlineSessionFilter") public SyncOnlineSessionFilter getSyncOnlineSessionFilter(OnlineSessionDAO onlineSessionDAO) { SyncOnlineSessionFilter syncOnlineSessionFilter = new SyncOnlineSessionFilter(); syncOnlineSessionFilter.setOnlineSessionDAO(onlineSessionDAO); return syncOnlineSessionFilter; } public CustomFormAuthenticationFilter getCustomFormAuthenticationFilter() { CustomFormAuthenticationFilter customFormAuthenticationFilter = new CustomFormAuthenticationFilter(); customFormAuthenticationFilter.setDefaultSuccessUrl(sucessurl); customFormAuthenticationFilter.setAdminDefaultSuccessUrl(sucessurl); customFormAuthenticationFilter.setUsernameParam("username"); customFormAuthenticationFilter.setPasswordParam("password"); customFormAuthenticationFilter.setRememberMeParam("rememberMe"); return customFormAuthenticationFilter; } @Bean(name = "logoutFilter") public LogoutFilter getLogoutFilter() { LogoutFilter logoutFilter = new LogoutFilter(); logoutFilter.setRedirectUrl(sucessurl); return logoutFilter; } @Bean(name = "onlineSessionDAO") public OnlineSessionDAO getOnlineSessionDAO(JavaUuidSessionIdGenerator sessionIdGenerator) { OnlineSessionDAO onlineSessionDAO = new OnlineSessionDAO(); onlineSessionDAO.setSessionIdGenerator(sessionIdGenerator); onlineSessionDAO.setActiveSessionsCacheName(asessioncachename); return onlineSessionDAO; } @Bean @Autowired public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(securityManager); return new AuthorizationAttributeSourceAdvisor(); } /*给自己留了一个口加过滤器*/ public MyFilter getMyFilter() { return new MyFilter(); } public static Map<String, String> getFilterChainDefinitionMap() { return filterChainDefinitionMap; } public static void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) { ShiroConfiguration.filterChainDefinitionMap = filterChainDefinitionMap; } @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); DelegatingFilterProxy delegatingFilterProxy = new DelegatingFilterProxy("shiroFilter"); delegatingFilterProxy.setTargetFilterLifecycle(true); filterRegistration.setEnabled(true); filterRegistration.setFilter(delegatingFilterProxy); // 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 filterRegistration.addInitParameter("targetFilterLifecycle", "true"); filterRegistration.addUrlPatterns("/*"); filterRegistration.setDispatcherTypes(DispatcherType.REQUEST); return filterRegistration; } }
问题1:filter造成了一个死循环的局面
刚开始整合完毕的时候,我迫不及待的而启动项目,发现我的filter过滤器在无限次的执行,一遍一遍执行停不下来。
我跟了下代码发现了每次请求的时候shiro是通过类AdviceFilter的doFilterInternal方法在执行过滤。
截图我的过滤器形式是:
sysUserFilter->onlineSessionFilter->syncOnlineSessionFilter->formAuthenticationFilter->logoutFilter->myFilter->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,-1,true
很明显,sysUserFilter是一个代理过滤器,它代理了后面的过滤器,而这些过滤器貌似又让我配置到的spring环境中,这样在sysUserFilter中调用后面的过滤器,后面的过滤器后能通过DispatcherServlet找到sysUserFilter过滤器,这样会造成一个死循环的局面。究其原因,是我配置有误:我把所有的过滤器生成类都用@Bean标注了。我将其删除问题消失。
问题2:remeber base64是shiro的类,且不可将其配置成其他的base64(比如common包里的或者jdk里的)。
欢迎加入微信公众号:hyssop的后花园
相关文章推荐
- springboot(十四):springboot整合shiro-登录认证和权限管理
- springboot整合shiro
- SpringBoot学习:整合shiro(rememberMe记住我后自动登录session失效解决办法)
- SpringBoot整合mybatis、shiro、redis实现基于数据库的细粒度动态权限管理系统实例(转)
- springboot(十四):springboot整合shiro-登录认证和权限管理
- springboot(十四):springboot整合shiro-登录认证和权限管理
- springboot(十四):springboot整合shiro-登录认证和权限管理
- SpringBoot学习:整合shiro(身份认证和权限认证),使用EhCache缓存(转)
- springboot 整合shiro笔记
- SpringBoot整合mybatis、shiro、redis实现基于数据库的细粒度动态权限管理系统实例
- SpringBoot整合mybatis,shiro,redisjiyushujuku细粒度动态权限管理
- springboot整合shiro-登录认证和权限管理
- SpringBoot整合mybatis、shiro、redis实现基于数据库的细粒度动态权限管理系统实例
- SpringBoot学习:整合shiro(rememberMe记住我后自动登录session失效解决办法)
- 【Shiro】Apache Shiro架构之实际运用(整合到Spring中)
- SpringMVC整合Shiro与filterChainDefinitions过滤器配置
- shiro与springMVC的整合
- SpringBoot+shiro整合学习之登录认证和权限控制
- springboot shiro 整合
- 【Java】SpringMVC整合Shiro记录