在配置shiro过滤器时增加了自定义的过滤器,主要是用来处理未登录状态下返回一些信息
//自定义过滤器 Map<String, Filter> filtersMap = new LinkedHashMap<String, Filter>(); filtersMap.put("loginFilter", loginFilter); shiroFilter.setFilters(filtersMap);
但是发现添加该过滤以后所有的url都会经过loginFilter,调试代码发现除了在shiroFilter中添加了loginFilter外,还会被Spring Boot注册到容器的filter chain中,默认过滤路径为/*,所以会过滤所有的url,要解决这个问题就是要取消Spring Boot自动注册到filter chain容器中。
下面是调试查看的容器过滤器列表,自定义loginFilter已经注册到容器的过滤器中了,当然shiro中也会有
[ApplicationFilterConfig[name=characterEncodingFilter, filterClass=org.springframework.boot.web.filter.OrderedCharacterEncodingFilter], ApplicationFilterConfig[name=hiddenHttpMethodFilter, filterClass=org.springframework.boot.web.filter.OrderedHiddenHttpMethodFilter], ApplicationFilterConfig[name=httpPutFormContentFilter, filterClass=org.springframework.boot.web.filter.OrderedHttpPutFormContentFilter], ApplicationFilterConfig[name=requestContextFilter, filterClass=org.springframework.boot.web.filter.OrderedRequestContextFilter],
ApplicationFilterConfig[name=shiroFilter, filterClass=org.apache.shiro.spring.web.ShiroFilterFactoryBean$SpringShiroFilter],
ApplicationFilterConfig[name=loginFilter2, filterClass=org.shaofan.shiro.LoginFilter2],
ApplicationFilterConfig[name=Tomcat WebSocket (JSR356) Filter, filterClass=org.apache.tomcat.websocket.server.WsFilter], null, null, null]
解决方法:
通过使用FilterRegistrationBean来进行Filter的注册,同时,设置enabled为false,就可以取消对应的Filter自动注册了,其实就是先手动注册再设置禁用。
@Bean public FilterRegistrationBean loginFilter2Registration(LoginFilter loginFilter) { FilterRegistrationBean registration = new FilterRegistrationBean(loginFilter); registration.setEnabled(false); return registration; }
下面是启动的日志,也显示该过滤器没有注册
Spring Boot 文档中也有说明:
Spring Boot Document
参考地址:https://www.jianshu.com/p/bf79fdab9c19