记一次spring mvc转Spring boot问题 shiro篇

项目之前都是通过xml文件的方式来做的配置，在转成Spring boot时不想太多的改动就想着还是保持之前的配置尽量少修改；

• 现象：登录成功后，访问其它接口还是指示401
• 原因：在Spring boot中使用Shiro，当自定义Filter时，如果Filter被Spring托管则会添加到Servlet中的Filter上，从而导致认证出现问题

<bean id="appAuthc" class="com.services.login.AppCaptchaFormAuthentication">
<property name="loginUrl" value="/appLogin"/>
<property name="reLoginUrl" value="/" />
</bean>

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="filterChainDefinitions">
<value>
/ = anon
/logout = logout
/appLogin = appAuthc
/** = authc
</value>
</property>
</bean>

最终结果是shiro会出现登录成功后还是拿不到session

o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'shiroFilter' to: [/*]
o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'appAuthc' to: [/*]

解决办法，如果是自己实现的认证类不要让Spring托管，自己来创建

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="filters">
<util:map>
<entry key="appAuthc" value="#{ T(org.apache.shiro.util.ClassUtils).newInstance('com.services.login.AppCaptchaFormAuthentication', '/appLogin') }"/>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/ = anon
/logout = logout
/appLogin = appAuthc
/** = authc
</value>
</property>
</bean>

• 现象：当登录成功后，访问其它接口时一直提示404
• 原因：经过排除法发现问题是配置了DefaultAdvisorAutoProxyCreator的原因，加上DefaultAdvisorAutoProxyCreator导致RequestMappingHandlerMapping的数据被覆盖，注释掉就可以了

<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" />

• 现象：所有接口都返回401
• 原因：项目中引用了Spring Security的jar包，Spring bootl默认生效了 Spring Security，关闭security即可

security.basic.enabled=false

• 现象：Executing an update/delete query; nested exception is javax.persistenc
• 原因：由于配置了shiro的LifecycleBeanPostProcessor导致的异常，暂时只能去掉注释掉

• 现象：org.apache.shiro.web.servlet.ShiroHttpServletRequest cannot be cast to org.apache.catalina.servlet4preview.http.HttpServletRequest
• 原因：项目定义了Filter并且自定义HttpServletRequestWrapper，当自己的Filter在shiroFilter后面被加载时HttpServletRequestWrapper中的Request是ShiroHttpServletRequest ，检查发现用成了org.apache.catalina.servlet4preview.http.HttpServletRequestWrapper，修改为javax.servlet.http.HttpServletRequestWrapper