一尘不染

使用Apache Shiro的Spring Boot

spring-boot

我目前正在尝试将Apache Shiro集成到我的Spring Boot RestfulAPI中,但是遇到一些问题,并且想知道是否有人可以提供帮助。

我的Application.class:

@Configuration
@EnableTransactionManagement
@EnableAutoConfiguration
@ComponentScan(basePackages = "org.xelamitchell.sophia.server")
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

}

我的WebConfig.class:

@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {

    @Bean
    public DispatcherServlet dispatcherServlet() {

        DispatcherServlet servlet = new DispatcherServlet();
        servlet.setDispatchOptionsRequest(true);

        return servlet;
    }

    @Bean
    public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {

        ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
        registration.addUrlMappings("/sophia/*");

        return registration;
    }

    @Override
    public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {

        Map<String, MediaType> types = new HashMap<>();
        types.put("json", APPLICATION_JSON);
        types.put("xml", APPLICATION_XML);

        configurer
            .defaultContentType(APPLICATION_JSON)
            .mediaTypes(types);

    }

    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {

        converters.add(jackson());
        converters.add(jaxb());

        super.configureMessageConverters(converters);
    }

    @Bean
    public MappingJackson2HttpMessageConverter jackson() {

        final MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
        converter.getObjectMapper()
            .setSerializationInclusion(JsonInclude.Include.NON_NULL)
            .setSerializationInclusion(JsonInclude.Include.NON_EMPTY)
            .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);

        return converter;
    }

    @Bean
    public Jaxb2RootElementHttpMessageConverter jaxb() {

        final Jaxb2RootElementHttpMessageConverter converter = new Jaxb2RootElementHttpMessageConverter();

        return converter;
    }

    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter() {

        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setLoginUrl("/sophia/*");
        shiroFilter.setSecurityManager(securityManager());

        Map<String, Filter> filters = new HashMap<>();
        filters.put("anon", new FormAuthenticationFilter());
        filters.put("authc", new FormAuthenticationFilter());
        shiroFilter.setFilters(filters);

        return shiroFilter;
    }

    @Bean
    public org.apache.shiro.mgt.SecurityManager securityManager() {

        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(sophiaRealm());

        return securityManager;
    }

    @Bean(name = "sophiaRealm")
    @DependsOn("lifecycleBeanPostProcessor")
    public SophiaRealm sophiaRealm() {
        return new SophiaRealm();
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

}

应用程序启动正常,并且日志确实显示正在设置shiroFilter:

INFO 12:44:44:271 org.springframework.boot.context.embedded.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/sophia/*] INFO 12:44:44:277 org.springframework.boot.context.embedded.FilterRegistrationBean - Mapping filter: 'shiroFilter' to: [/*]

但是,当我尝试访问时/sophia/users,不会要求我进行身份验证,服务器只会给我响应。


阅读 343

收藏
2020-05-30

共1个答案

一尘不染

对shiroFilter进行的较小更改解决了该问题:

  1. 删除shir​​oFilter.setLoginUrl(String)
  2. 使用以下过滤器链定义映射:

    Map filters = new HashMap<>();
    filters.put(“/**”, “authcBasic”);
    shiroFilter.setFilters(filters);

神奇的是,整个API使用基本HTTP身份验证进行保护。:)

使用Shiro的默认Web过滤器

2020-05-30