Fork me on GitHub
听雨轩
生命易破碎,梦想只争朝夕!

在SpringBoot+Shiro实现安全框架的时候,自定义扩展了一些Filter,并注册到ShiroFilter,但是运行的时候发现总是在ShiroFilter之前就进入了自定义Filter,结果当然是不对的。

<!--自定义登陆拦截器,支持Ajax-->
    <bean id="smartfxLoginFilter"  class="com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter">
        <property name="loginUrl" value="${shiro.login.url:/login}"/>
    </bean>
    <!--自定义角色codes拦截器,支持Ajax-->
    <bean id="smartfxRolesFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter">
    </bean>
    <!--自定义Perm拦截器,支持Ajax-->
    <bean id="smartfxPermsFilter" class="com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter">
    </bean>
    <!--自定义session踢出拦截器-->
    <bean id="smartfxKickoutFilter" class="com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter">
        <property name="kickoutUrl" value="${shiro.kickout.url:/login}"/>
        <property name="kickoutAfter" value="${shiro.keckout.after:true}"/>
        <property name="userSessionCount" value="${shiro.kickout.maxSessionCount:1}"/>
        <property name="sessionDao"  ref="redisSessionDao"/>
    </bean>
经过查看相关文档,发现其实是SpringBoot自动帮我们注册了我们的Filter,典型的好心办坏事。我们要的是希望Shiro来管理我们的自定义Filter,所以我们要想办法取消SpringBoot自动注册我们的Filter。

参考这里

As described above any Servlet or Filter beans will be registered with the servlet container automatically. To disable registration of a particular Filter or Servlet bean create a registration bean for it and mark it as disabled.

所以解决办法是另外多定义一份配置文件告诉SpringBoot不要自作多情:

package com.smartdata360.smartfx.shiro.config;

import com.smartdata360.smartfx.shiro.filter.KickoutSessionFilter;
import com.smartdata360.smartfx.shiro.filter.ShiroLoginFilter;
import com.smartdata360.smartfx.shiro.filter.ShiroPermsFilter;
import com.smartdata360.smartfx.shiro.filter.ShiroRolesFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author liushuishang@gmail.com
 * @date 2017/12/13 15:27
 **/
@Configuration
public class ShiroFilterRegisterConfig {

    @Bean
    public FilterRegistrationBean shiroLoginFilteRegistration(ShiroLoginFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }


    @Bean
    public FilterRegistrationBean shiroRolesFilterRegistration(ShiroRolesFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }
    @Bean
    public FilterRegistrationBean shiroPermsFilterRegistration(ShiroPermsFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }

    @Bean
    public FilterRegistrationBean kickoutSessionFilterRegistration(KickoutSessionFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(filter);
        registration.setEnabled(false);
        return registration;
    }
}
posted on 2017-12-13 16:59  流水殇  阅读(15348)  评论(0编辑  收藏  举报