解决Shiro+SpringBoot自定义Filter不生效问题

时间:2021-12-15 03:50:13

在SpringBoot+Shiro实现安全框架的时候,自定义扩展了一些Filter,并注册到ShiroFilter,但是运行的时候发现总是在ShiroFilter之前就进入了自定义Filter,结果当然是不对的。 

<!--自定义登陆拦截器,支持Ajax-->

    <bean id="smartfxLoginFilter"  class="com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter">

        <property name="loginUrl" value="${shiro.login.url:/login}"/>

    </bean>

    <!--自定义角色codes拦截器,支持Ajax-->

    <bean id="smartfxRolesFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter">

    </bean>

    <!--自定义Perm拦截器,支持Ajax-->

    <bean id="smartfxPermsFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter">

    </bean>

    <!--自定义session踢出拦截器-->

    <bean id="smartfxKickoutFilter" class="com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter">

        <property name="kickoutUrl" value="${shiro.kickout.url:/login}"/>

        <property name="kickoutAfter" value="${shiro.keckout.after:true}"/>

        <property name="userSessionCount" value="${shiro.kickout.maxSessionCount:1}"/>

        <property name="sessionDao"  ref="redisSessionDao"/>

    </bean>

经过查看相关文档,发现其实是SpringBoot自动帮我们注册了我们的Filter,典型的好心办坏事。我们要的是希望Shiro来管理我们的自定义Filter,所以我们要想办法取消SpringBoot自动注册我们的Filter。

参考这里

As described above any Servlet or Filter beans will be registered with the servlet container automatically. To disable registration of a particular Filter or Servlet bean create a registration bean for it and mark it as disabled.

所以解决办法是另外多定义一份配置文件告诉SpringBoot不要自作多情:

package com.smartdata360.smartfx.shiro.config;

import com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter;

import com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter;

import com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter;

import com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter;

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

/**

 * @author liushuishang@gmail.com

 * @date 2017/12/13 15:27

 **/

@Configuration

public class ShiroFilterRegisterConfig {

    @Bean

    public FilterRegistrationBean shiroLoginFilteRegistration(ShiroLoginFilter filter) {

        FilterRegistrationBean registration = new FilterRegistrationBean(filter);

        registration.setEnabled(false);

        return registration;

    }

    @Bean

    public FilterRegistrationBean shiroRolesFilterRegistration(ShiroRolesFilter filter) {

        FilterRegistrationBean registration = new FilterRegistrationBean(filter);

        registration.setEnabled(false);

        return registration;

    }

    @Bean

    public FilterRegistrationBean shiroPermsFilterRegistration(ShiroPermsFilter filter) {

        FilterRegistrationBean registration = new FilterRegistrationBean(filter);

        registration.setEnabled(false);

        return registration;

    }

    @Bean

    public FilterRegistrationBean kickoutSessionFilterRegistration(KickoutSessionFilter filter) {

        FilterRegistrationBean registration = new FilterRegistrationBean(filter);

        registration.setEnabled(false);

        return registration;

    }

}

相关文章