shiro低版本更新到高版本(>1.10.0)出现报错问题解决
近期漏洞爆出(Apache Shiro < 1.10.0 身份认证绕过漏洞),开始升级新版的jar包。
升级过程
1.修改pom文件shiro版本
<!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-starter</artifactId> <version>1.10.0</version> </dependency>
2.启动项目报错
The dependencies of some of the beans in the application context form a cycle: shiroFilter defined in class path resource [cn/shiro/ShiroConfig.class] ↓ authorizationAttributeSourceAdvisor defined in class path resource [org/apache/shiro/spring/boot/autoconfigure/ShiroAnnotationProcessorAutoConfiguration.class] ↓ securityManager defined in class path resource [cn/shiro/ShiroConfig.class] ↓ customUserValidateRealm (field private cn.mapper.UserMapper cn.shiro.CustomUserValidateRealm.etcMgmtUserMapper) ↓ userMapper defined in file [D:\mapper\UserMapper.class] ↓ sqlSessionFactory defined in class path resource [tk/mybatis/mapper/autoconfigure/MapperAutoConfiguration.class] ┌─────┐ | masterDataSource defined in class path resource [cn/config/DataSourceConfig.class] ↑ ↓ | getMasterDateSource defined in class path resource [cn/config/DataSourceConfig.class] ↑ ↓ | org.springframework.boot.autoconfigure.jdbc.DataSourceInitializerInvoker └─────┘
解决方法:
1.在自定义Realm中找到userMapper 注入的地方,添加@Lazy
import org.springframework.context.annotation.Lazy; public class CustomUserValidateRealm extends AuthorizingRealm { @Lazy @Autowired private UserMapper mapper; }
2. 启动项目依旧报错
Description: Method filterShiroFilterRegistrationBean in org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration required a bean named 'shiroFilterFactoryBean' that could not be found. Action: Consider defining a bean named 'shiroFilterFactoryBean' in your configuration.
3.找到ShiroConfig配置中设置的过滤规则方法(返回ShiroFilterFactoryBean的)给@bean添加name值
@Bean(name="shiroFilterFactoryBean") public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) { ...... }
4.然后再在过滤规则调用方法添加name
@Bean public FilterRegistrationBean<DelegatingFilterProxy> delegatingFilterProxy() { FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBean = new FilterRegistrationBean<DelegatingFilterProxy>(); DelegatingFilterProxy proxy = new DelegatingFilterProxy(); proxy.setTargetFilterLifecycle(true); proxy.setTargetBeanName("shiroFilterFactoryBean"); filterRegistrationBean.setFilter(proxy); return filterRegistrationBean; }
启动项目,问题解决!!!