Java Code Examples for org.apache.shiro.spring.web.ShiroFilterFactoryBean#setUnauthorizedUrl()
The following examples show how to use
org.apache.shiro.spring.web.ShiroFilterFactoryBean#setUnauthorizedUrl() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ShiroConfig.java From EasyReport with Apache License 2.0 | 6 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilter() {
final ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager());
shiroFilterFactoryBean.setLoginUrl("/member/login");
shiroFilterFactoryBean.setSuccessUrl("/home/index");
shiroFilterFactoryBean.setUnauthorizedUrl("/error/401");
final Map<String, Filter> filters = Maps.newHashMap();
filters.put("authc", this.authcFilter());
filters.put("membership", this.membershipFilter());
shiroFilterFactoryBean.setFilters(filters);
final Map<String, String> chains = Maps.newLinkedHashMap();
chains.put("/member/logout", "logout");
chains.put("/", this.configProperties.getShiro().getFilters());
chains.put("/home/**", this.configProperties.getShiro().getFilters());
chains.put("/views/**", this.configProperties.getShiro().getFilters());
chains.put("/rest/**", this.configProperties.getShiro().getFilters());
chains.put("/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(chains);
return shiroFilterFactoryBean;
}
Example 2
| Source File: ShiroConfig.java From taoshop with Apache License 2.0 | 6 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
// 配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/upload/**", "anon");
filterChainDefinitionMap.put("/plugins/**", "anon");
filterChainDefinitionMap.put("/templates/**", "anon");
filterChainDefinitionMap.put("/admin/code/api/generate", "anon");
filterChainDefinitionMap.put("/admin/login/api/toLogin", "anon");
filterChainDefinitionMap.put("/admin/login/api/loginCheck", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/admin/login/api/toLogin");
shiroFilterFactoryBean.setSuccessUrl("/admin/login/api/toIndex");
shiroFilterFactoryBean.setUnauthorizedUrl("/admin/login/api/toIndex");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 3
| Source File: ShiroConfig.java From learnjavabug with MIT License | 6 votes |
|
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
bean.setLoginUrl("/login");
bean.setSuccessUrl("/index");
bean.setUnauthorizedUrl("/unauthorizedurl");
Map<String, String> map = new LinkedHashMap();
map.put("/login", "anon");
map.put("/aaaaa/**", "anon");
map.put("/bypass", "authc");
map.put("/bypass.*", "authc");
map.put("/bypass/**", "authc");
map.put("/**", "authc");
bean.setFilterChainDefinitionMap(map);
return bean;
}
Example 4
| Source File: ShiroConfig.java From mall with MIT License | 6 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/admin/auth/login", "anon");
filterChainDefinitionMap.put("/admin/auth/401", "anon");
filterChainDefinitionMap.put("/admin/auth/index", "anon");
filterChainDefinitionMap.put("/admin/auth/403", "anon");
filterChainDefinitionMap.put("/admin/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/admin/auth/401");
shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index");
shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 5
| Source File: ShiroConfig.java From ZTuoExchange_framework with MIT License | 6 votes |
|
/**
* ShiroFilterFactoryBean 处理拦截资源文件问题。
*
* @param securityManager
* @return
*/
@Bean(name="shiroFilter")
@DependsOn({"securityManager"})
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
log.info("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/captcha", "anon");
filterChainDefinitionMap.put("/admin/code/**", "anon");
filterChainDefinitionMap.put("admin/**/page-query", "user");
filterChainDefinitionMap.put("/admin/employee/logout", "logout");
filterChainDefinitionMap.put("admin/**/detail", "authc");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
/*shiroFilterFactoryBean.setU("/403");*/
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 6
| Source File: ShiroConfig.java From ZTuoExchange_framework with MIT License | 6 votes |
|
/**
* ShiroFilterFactoryBean 处理拦截资源文件问题。
*
* @param securityManager
* @return
*/
@Bean(name="shiroFilter")
@DependsOn({"securityManager"})
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
log.info("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/captcha", "anon");
filterChainDefinitionMap.put("/admin/code/**", "anon");
filterChainDefinitionMap.put("admin/**/page-query", "user");
filterChainDefinitionMap.put("/admin/employee/logout", "logout");
filterChainDefinitionMap.put("admin/**/detail", "authc");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
/*shiroFilterFactoryBean.setU("/403");*/
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 7
| Source File: ShiroConfig.java From OneBlog with GNU General Public License v3.0 | 6 votes |
|
/**
* ShiroFilterFactoryBean 处理拦截资源文件问题。
* 注意:单独一个ShiroFilterFactoryBean配置是或报错的,因为在
* 初始化ShiroFilterFactoryBean的时候需要注入:SecurityManager
* Filter Chain定义说明
* 1、一个URL可以配置多个Filter,使用逗号分隔
* 2、当设置多个过滤器时,全部验证通过,才视为通过
* 3、部分过滤器可指定参数,如perms,roles
*/
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl(shiroProperties.getLoginUrl());
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl(shiroProperties.getSuccessUrl());
// 未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
// 配置数据库中的resource
Map<String, String> filterChainDefinitionMap = shiroService.loadFilterChainDefinitions();
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 8
| Source File: ShiroAutoConfiguration.java From shiro-spring-boot-starter with Apache License 2.0 | 6 votes |
|
@Bean(name = "shiroFilter")
@DependsOn("securityManager")
@ConditionalOnMissingBean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultSecurityManager securityManager, Realm realm, ShiroFilterRegistry registry) {
securityManager.setRealm(realm);
Map<String, String> filterDef = swapKeyValue(properties.getFilterChainDefinitions());
log.info("过虑器配置: {}", filterDef);
log.info("自定义过虑器: {}", registry.getFilterMap());
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl(properties.getLoginUrl());
shiroFilter.setSuccessUrl(properties.getSuccessUrl());
shiroFilter.setUnauthorizedUrl(properties.getUnauthorizedUrl());
shiroFilter.setFilterChainDefinitionMap(filterDef);
shiroFilter.getFilters().putAll(registry.getFilterMap());
return shiroFilter;
}
Example 9
| Source File: ShiroConfig.java From JavaQuarkBBS with Apache License 2.0 | 5 votes |
|
/**
* 处理拦截资源文件问题。
*
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 如果不设置默认会自动寻找Web工程根目录下的"/login.html"页面
shiroFilterFactoryBean.setLoginUrl("/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/initPage");
//未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/favicon.png","anon");//解决弹出favicon.ico下载
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/font-awesome/**", "anon");
//自定义加载权限资源关系
List<Permission> list = permissionService.findAll();
for (Permission p : list) {
if (!p.getPerurl().isEmpty()) {
String permission = "perms[" + p.getPerurl() + "]";
filterChainDefinitionMap.put(p.getPerurl(), permission);
}
}
//过滤链定义,从上向下顺序执行,一般将 /**放在最为下边
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 10
| Source File: ShiroConfiguration.java From jee-universal-bms with Apache License 2.0 | 5 votes |
|
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(getDefaultWebSecurityManager());
shiroFilterFactoryBean.setLoginUrl("/login.html");
shiroFilterFactoryBean.setSuccessUrl("/home.html");
shiroFilterFactoryBean.setUnauthorizedUrl("/403.html");
filterChainDefinitionMap.put("/login.html", "anon");
filterChainDefinitionMap.put("/v1/api0/image/captcha", "anon"); // 匿名用户可访问
filterChainDefinitionMap.put("/view/**", "perms"); // Url权限过滤
filterChainDefinitionMap.put("/v1/api0/security/login", "anon"); // 登陆用户
filterChainDefinitionMap.put("/v1/api0/security/logout", "anon"); // 登陆用户
filterChainDefinitionMap.put("/v1/api0/user*//*", "user"); // 登陆用户
//>>>>>>
filterChainDefinitionMap.put("/v1/api0/orgcate*//**//**//**//*", "user"); // 登陆用户
filterChainDefinitionMap.put("/v1/api0/resource*//**//**//**//*", "user"); // 登陆用户
filterChainDefinitionMap.put("/v1/api0/role*//**//**//**//*", "user");
//<<<<<<
//filterChainDefinitionMap.put("/v1/api0/**/**", "user,perms"); // 登陆用户
filterChainDefinitionMap.put("/v1/api0/**/**", "user"); // 登陆用户
filterChainDefinitionMap.put("/home.html", "authc"); // 登陆用户
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
Map<String, Filter> filters = new HashMap<>();
filters.put("anon", new AnonymousFilter());
filters.put("user", new UserFilter());
filters.put("authc", new FormAuthenticationFilter());
filters.put("perms", new ShiroPermissionsFilter()); // 自定义权限过滤
shiroFilterFactoryBean.setFilters(filters);
return shiroFilterFactoryBean;
}
Example 11
| Source File: ShiroConfig.java From DouBiNovel with Apache License 2.0 | 5 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
// System.out.println("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/admin/verificationCode", "anon");
filterChainDefinitionMap.put("/admin/doLogin", "anon");
//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了, 主要属性:redirectUrl:退出成功后重定向的地址(/)
// filterChainDefinitionMap.put("/admin/logout", "logout");
//<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/admin/**", "authc");
filterChainDefinitionMap.put("/**", "anon");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/admin/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/admin/index");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 12
| Source File: ShiroConfig.java From spring-boot-demo with MIT License | 5 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
log.info("Shiro过滤器开始处理");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 配置登录页
shiroFilterFactoryBean.setLoginUrl("/login");
// 登录成功后跳转页面
shiroFilterFactoryBean.setSuccessUrl("/index");
//未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
//拦截器
Map<String, String> filterMap = new LinkedHashMap<>();
//anon:所有url都都可以匿名访问
Set<String> urlSet = new HashSet<>(ignoreAuthUrlProperties.getIgnoreAuthUrl());
urlSet.stream().forEach(temp -> filterMap.put(temp, "anon"));
//用户未登录不进行跳转,返回错误信息
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("authc", new MyFormAuthenticationFilter());
//配置退出 过滤器
filterMap.put("/logout", "logout");
//authc:所有url都必须认证通过才可以访问
filterMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
Example 13
| Source File: ShiroAutoConfiguration.java From utils with Apache License 2.0 | 5 votes |
|
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager) throws Exception {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl(shiroProperties.getLoginUrl());
shiroFilter.setSuccessUrl(shiroProperties.getSuccessUrl());
shiroFilter.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
Map<String, Filter> filterMap = new LinkedHashMap<String, Filter>();
filterMap.put("authm", authFilter());
Map<String, Filter> filterClasses = instantiateFilterClasses(shiroProperties.getFilters());
if (filterClasses != null) {
filterMap.putAll(filterClasses);
}
if (shiroFilterCustomizer != null) {
filterMap = shiroFilterCustomizer.customize(filterMap);
}
shiroFilter.setFilters(filterMap);
Map<String, String> filterChains = new LinkedHashMap<String, String>();
if (jdbcPermissionDefinitionsLoader != null) {
Map<String, String> permissionUrlMap = jdbcPermissionDefinitionsLoader.getObject();
filterChains.putAll(permissionUrlMap);
}
if (shiroProperties.getFilterChainDefinitions() != null) {
filterChains.putAll(shiroProperties.getFilterChainDefinitions());
}
shiroFilter.setFilterChainDefinitionMap(filterChains);
return shiroFilter;
}
Example 14
| Source File: ShiroAutoConfiguration.java From spring-boot-shiro with Apache License 2.0 | 5 votes |
|
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager) throws Exception {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl(properties.getLoginUrl());
shiroFilter.setSuccessUrl(properties.getSuccessUrl());
shiroFilter.setUnauthorizedUrl(properties.getUnauthorizedUrl());
Map<String, Filter> filterMap = new LinkedHashMap<String, Filter>();
filterMap.put("authc", formSignInFilter());
Map<String, Filter> filterClasses = instantiateFilterClasses(properties.getFilters());
if (filterClasses != null) {
filterMap.putAll(filterClasses);
}
if (shiroFilterCustomizer != null) {
filterMap = shiroFilterCustomizer.customize(filterMap);
}
shiroFilter.setFilters(filterMap);
Map<String, String> filterChains = new LinkedHashMap<>();
if (jdbcPermissionDefinitionsLoader != null) {
Map<String, String> permissionUrlMap = jdbcPermissionDefinitionsLoader.getObject();
filterChains.putAll(permissionUrlMap);
}
if (properties.getFilterChainDefinitions() != null) {
filterChains.putAll(properties.getFilterChainDefinitions());
}
shiroFilter.setFilterChainDefinitionMap(filterChains);
return shiroFilter;
}
Example 15
| Source File: ShiroConfig.java From spring-boot-shiro with Apache License 2.0 | 5 votes |
|
/**
* Filter工厂,设置对应的过滤条件和跳转条件
* create by: leigq
* create time: 2019/7/3 14:29
*
* @return ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 过滤器链定义映射
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
/*
* anon:所有url都都可以匿名访问,authc:所有url都必须认证通过才可以访问;
* 过滤链定义,从上向下顺序执行,authc 应放在 anon 下面
* */
filterChainDefinitionMap.put("/login", "anon");
// 配置不会被拦截的链接 顺序判断,因为前端模板采用了thymeleaf,这里不能直接使用 ("/static/**", "anon")来配置匿名访问,必须配置到每个静态目录
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/html/**", "anon");
// 所有url都必须认证通过才可以访问
filterChainDefinitionMap.put("/**", "authc");
// 配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了, 位置放在 anon、authc下面
filterChainDefinitionMap.put("/logout", "logout");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
// 配器shirot认登录累面地址,前后端分离中登录累面跳转应由前端路由控制,后台仅返回json数据, 对应LoginController中unauth请求
shiroFilterFactoryBean.setLoginUrl("/un_auth");
// 登录成功后要跳转的链接, 此项目是前后端分离,故此行注释掉,登录成功之后返回用户基本信息及token给前端
// shiroFilterFactoryBean.setSuccessUrl("/index");
// 未授权界面, 对应LoginController中 unauthorized 请求
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 16
| Source File: ShiroConfig.java From learnjavabug with MIT License | 5 votes |
|
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
bean.setLoginUrl("/login");
bean.setSuccessUrl("/index");
bean.setUnauthorizedUrl("/unauthorizedurl");
Map<String, String> map = new LinkedHashMap();
map.put("/login", "anon");
map.put("/bypass", "authc");
bean.setFilterChainDefinitionMap(map);
return bean;
}
Example 17
| Source File: ShiroAutoConfiguration.java From shiro-spring-boot with Apache License 2.0 | 5 votes |
|
@Bean(name = "shiroFilter")
@DependsOn("securityManager")
@ConditionalOnMissingBean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultSecurityManager securityManager, Realm realm) {
securityManager.setRealm(realm);
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl(properties.getLoginUrl());
shiroFilter.setSuccessUrl(properties.getSuccessUrl());
shiroFilter.setUnauthorizedUrl(properties.getUnauthorizedUrl());
shiroFilter.setFilterChainDefinitionMap(properties.getFilterChainDefinitionMap());
return shiroFilter;
}
Example 18
| Source File: ShiroConfiguration.java From mblog with GNU General Public License v3.0 | 4 votes |
|
/**
* Shiro的过滤器链
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl("/login");
shiroFilter.setSuccessUrl("/");
shiroFilter.setUnauthorizedUrl("/error/reject.html");
HashMap<String, Filter> filters = new HashMap<>();
filters.put("authc", new AuthenticatedFilter());
shiroFilter.setFilters(filters);
/**
* 配置shiro拦截器链
*
* anon 不需要认证
* authc 需要认证
* user 验证通过或RememberMe登录的都可以
*
* 顺序从上到下,优先级依次降低
*
*/
Map<String, String> hashMap = new LinkedHashMap<>();
hashMap.put("/dist/**", "anon");
hashMap.put("/theme/**", "anon");
hashMap.put("/storage/**", "anon");
hashMap.put("/login", "anon");
hashMap.put("/user/**", "authc");
hashMap.put("/settings/**", "authc");
hashMap.put("/post/editing", "authc");
hashMap.put("/post/submit", "authc");
hashMap.put("/post/delete/*", "authc");
hashMap.put("/post/upload", "authc");
hashMap.put("/admin/channel/list", "authc,perms[channel:list]");
hashMap.put("/admin/channel/update", "authc,perms[channel:update]");
hashMap.put("/admin/channel/delete", "authc,perms[channel:delete]");
hashMap.put("/admin/post/list", "authc,perms[post:list]");
hashMap.put("/admin/post/update", "authc,perms[post:update]");
hashMap.put("/admin/post/delete", "authc,perms[post:delete]");
hashMap.put("/admin/comment/list", "authc,perms[comment:list]");
hashMap.put("/admin/comment/delete", "authc,perms[comment:delete]");
hashMap.put("/admin/user/list", "authc,perms[user:list]");
hashMap.put("/admin/user/update_role", "authc,perms[user:role]");
hashMap.put("/admin/user/pwd", "authc,perms[user:pwd]");
hashMap.put("/admin/user/open", "authc,perms[user:open]");
hashMap.put("/admin/user/close", "authc,perms[user:close]");
hashMap.put("/admin/options/index", "authc,perms[options:index]");
hashMap.put("/admin/options/update", "authc,perms[options:update]");
hashMap.put("/admin/role/list", "authc,perms[role:list]");
hashMap.put("/admin/role/update", "authc,perms[role:update]");
hashMap.put("/admin/role/delete", "authc,perms[role:delete]");
hashMap.put("/admin/theme/*", "authc,perms[theme:index]");
hashMap.put("/admin", "authc,perms[admin]");
hashMap.put("/admin/*", "authc,perms[admin]");
shiroFilter.setFilterChainDefinitionMap(hashMap);
return shiroFilter;
}
Example 19
| Source File: ShiroConfig.java From web-flash with MIT License | 4 votes |
|
@Bean("shiroFilter")
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// 添加自己的过滤器并且取名为jwt
Map<String, Filter> filterMap = Maps.newHashMap();
filterMap.put("jwt", new JwtFilter());
factoryBean.setFilters(filterMap);
filterMap.put("logout", new SystemLogoutFilter());
factoryBean.setSecurityManager(securityManager);
factoryBean.setUnauthorizedUrl("/401");
/*
* 自定义url规则
* http://shiro.apache.org/web.html#urls-
* 这里最好用LinkedHashMap,否则可能回出现anon配置无效的情况
*/
Map<String, String> filterRuleMap = new LinkedHashMap<String,String>();
// 所有请求通过我们自己的JWT Filter
//swagger资源不拦截
filterRuleMap.put("/swagger-ui.html","anon");
filterRuleMap.put("/v2/api-docs/**", "anon");
filterRuleMap.put("/webjars/**", "anon");
filterRuleMap.put("/swagger-resources","anon");
filterRuleMap.put("/images/**","anon");
filterRuleMap.put("/configuration/security","anon");
filterRuleMap.put("/configuration/ui","anon");
filterRuleMap.put("/file/download","anon");
filterRuleMap.put("/file/getImgStream","anon");
filterRuleMap.put("/file/getImgBase64","anon");
//druid监控地址不拦截
filterRuleMap.put("/druid/**","anon");
//登录登出不拦截
filterRuleMap.put("/account/login","anon");
filterRuleMap.put("/logout", "logout");
//H5前端不拦截
filterRuleMap.put("/offcialsite/**","anon");
// 访问401和404页面不通过我们的Filter
filterRuleMap.put("/401", "anon");
filterRuleMap.put("/**", "jwt");
factoryBean.setFilterChainDefinitionMap(filterRuleMap);
return factoryBean;
}
Example 20
| Source File: ShiroConfig.java From scaffold-cloud with MIT License | 4 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager());
Map<String, Filter> filters = new LinkedHashMap<>();
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl("/home");
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>();
ResponseModel<List<SysMenuBO>> responseModel = sysMenuFeign.findAll();
List<SysMenuBO> menuList = responseModel.getData();
if (CollectionUtil.isNotEmpty(menuList)) {
for (SysMenuBO menu : menuList) {
if (StrUtil.isNotEmpty(menu.getUrl())) {
ShiroService.formatUrl2Code(filterChainDefinitionManager, menu, PERMISSION_STRING);
}
}
}
filterChainDefinitionManager.put("/login", "anon");
filterChainDefinitionManager.put("/logout", "logout");
filterChainDefinitionManager.put("/login/check", "anon");
filterChainDefinitionManager.put("/static/**", "anon");
filterChainDefinitionManager.put("/notify/**", "anon");
filterChainDefinitionManager.put("/lang/**", "anon");
filterChainDefinitionManager.put("/*/login", "anon");
filterChainDefinitionManager.put("/*/logout", "logout");
filterChainDefinitionManager.put("/*/login/check", "anon");
filterChainDefinitionManager.put("/*/static/**", "anon");
filterChainDefinitionManager.put("/*/notify/**", "anon");
filterChainDefinitionManager.put("/*/lang/**", "anon");
filterChainDefinitionManager.put("/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/index");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
return shiroFilterFactoryBean;
}
