在SpringBoot+Shiro实现安全框架的时候,自定义扩展了一些Filter,并注册到ShiroFilter,但是运行的时候发现总是在ShiroFilter之前就进入了自定义Filter,结果当然是不对的。
<!--自定义登陆拦截器,支持Ajax--> <bean id="smartfxLoginFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter"> <property name="loginUrl" value="${shiro.login.url:/login}"/> </bean> <!--自定义角色codes拦截器,支持Ajax--> <bean id="smartfxRolesFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter"> </bean> <!--自定义Perm拦截器,支持Ajax--> <bean id="smartfxPermsFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter"> </bean> <!--自定义session踢出拦截器--> <bean id="smartfxKickoutFilter" class="com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter"> <property name="kickoutUrl" value="${shiro.kickout.url:/login}"/> <property name="kickoutAfter" value="${shiro.keckout.after:true}"/> <property name="userSessionCount" value="${shiro.kickout.maxSessionCount:1}"/> <property name="sessionDao" ref="redisSessionDao"/> </bean>
参考这里
As described above any Servlet or Filter beans will be registered with the servlet container automatically. To disable registration of a particular Filter or Servlet bean create a registration bean for it and mark it as disabled.
所以解决办法是另外多定义一份配置文件告诉SpringBoot不要自作多情:
package com.smartdata360.smartfx.shiro.config; import com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter; import com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter; import com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter; import com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * @author liushuishang@gmail.com * @date 2017/12/13 15:27 **/ @Configuration public class ShiroFilterRegisterConfig { @Bean public FilterRegistrationBean shiroLoginFilteRegistration(ShiroLoginFilter filter) { FilterRegistrationBean registration = new FilterRegistrationBean(filter); registration.setEnabled(false); return registration; } @Bean public FilterRegistrationBean shiroRolesFilterRegistration(ShiroRolesFilter filter) { FilterRegistrationBean registration = new FilterRegistrationBean(filter); registration.setEnabled(false); return registration; } @Bean public FilterRegistrationBean shiroPermsFilterRegistration(ShiroPermsFilter filter) { FilterRegistrationBean registration = new FilterRegistrationBean(filter); registration.setEnabled(false); return registration; } @Bean public FilterRegistrationBean kickoutSessionFilterRegistration(KickoutSessionFilter filter) { FilterRegistrationBean registration = new FilterRegistrationBean(filter); registration.setEnabled(false); return registration; } }
仅此而已