看代码
@Configuration
public class ShiroConfig {
@Bean
public DefaultWebSecurityManager securityManager(ShiroRealmConfig shiroRealmConfig) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 将对于的realm设置进去
securityManager.setRealms(shiroRealmConfig.allRealms());
// 关闭session验证 需要用到dao
DefaultSubjectDAO subjectDAO = (DefaultSubjectDAO) securityManager.getSubjectDAO();
DefaultSessionStorageEvaluator evaluator = (DefaultSessionStorageEvaluator) subjectDAO.getSessionStorageEvaluator();
// 关闭自带session 我们采用的是token机制
evaluator.setSessionStorageEnabled(false);
// dao设置
subjectDAO.setSessionStorageEvaluator(evaluator);
return securityManager;
}
/**
* 通过工厂将安全管理器设置进去
*
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
// 1.创建工厂
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// 2.创建map map中放入jwt拦截器
JwtFilter jwtFilter = new JwtFilter();
Map<String, Filter> filterMap = new HashMap<>();
filterMap.put("jwt", jwtFilter);
// 3.工厂加入map
factoryBean.setFilters(filterMap);
// 4.工厂设置安全管理器
factoryBean.setSecurityManager(securityManager);
// 5.创建url拦截map map中设置对应的规则
//最关键的一点 必须使用LinkedHashMap 否则顺序会乱掉
Map<String, String> filterRuleMap = new LinkedHashMap<>();
//登陆请求之类的都是要放行的
filterRuleMap.put("/api/vi/user/getLogin", "anon");
//swagger2相关
filterRuleMap.put("/doc.html/**", "anon");
filterRuleMap.put("/swagger-resources/**", "anon");
filterRuleMap.put("/webjars/**", "anon");
filterRuleMap.put("/v2/**", "anon");
//其他请求都要通过jwtFilter
filterRuleMap.put("/**", "jwt");
factoryBean.setFilterChainDefinitionMap(filterRuleMap);
// 6.工厂加入对应的map 返回
return factoryBean;
}
/**
* 添加注解支持
*/
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
defaultAdvisorAutoProxyCreator.setProxyTargetClass(true); // 强制使用cglib,防止重复代理和可能引起代理出错的问题
return defaultAdvisorAutoProxyCreator;
}
/**
* 添加注解依赖
*/
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 开启注解验证
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
上面因为使用了HashMap 导致拦截地址的排列是按hash散列来排的 出现了不少错误
切记一定要按顺序排列 使用链表!!!!!!!!