org.apache.shiro.spring.web.ShiroFilterFactoryBean Java Examples

@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    shiroFilterFactoryBean.setLoginUrl("/nowhere");

    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
    Map<String, Filter> customizedFilter = new HashMap<>();  // 自定义过滤器设置 1

    customizedFilter.put("url", getURLPathMatchingFilter()); // 自定义过滤器设置 2，命名，需在设置过滤路径前

    filterChainDefinitionMap.put("/api/authentication", "authc"); // 防鸡贼登录
    filterChainDefinitionMap.put("/api/menu", "authc");
    filterChainDefinitionMap.put("/api/admin/**", "authc");

    filterChainDefinitionMap.put("/api/admin/**", "url");  // 自定义过滤器设置 3，设置过滤路径

    shiroFilterFactoryBean.setFilters(customizedFilter); // 自定义过滤器设置 4，启用
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

/**
 * 配置FilterFactoryBean
 * */
@Bean(name = "myShiroFilter")
public ShiroFilterFactoryBean myShiroFilter() {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    //设置 SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    //设置登录链接(前后端分离方案中这里不返回页面，返回403报文，供前端跳转到登录页面)
    shiroFilterFactoryBean.setLoginUrl("/403");
    // 登录成功后要跳转的链接(前后端分离方案这个不需要)
    //shiroFilterFactoryBean.setSuccessUrl("/home");
    // 未授权跳转链接;
    shiroFilterFactoryBean.setUnauthorizedUrl("/401");

    // 添加自定义过滤器
    shiroFilterFactoryBean.getFilters().put("roleOr",roleOrFilter);

    //拦截链配置
    Map<String, String> filterChainDefinitionMap = constructFilterChainDefinitionMap();
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    log.info("ShiroFilterFactoryBean注入成功!");
    return shiroFilterFactoryBean;
}
 

/**
 * ShiroFilterFactoryBean 处理拦截资源文件问题。
 *
 * @param securityManager
 * @return
 */

@Bean(name="shiroFilter")
@DependsOn({"securityManager"})
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    log.info("ShiroConfiguration.shirFilter()");
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    //拦截器.
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    filterChainDefinitionMap.put("/captcha", "anon");
    filterChainDefinitionMap.put("/admin/code/**", "anon");
    filterChainDefinitionMap.put("admin/**/page-query", "user");
    filterChainDefinitionMap.put("/admin/employee/logout", "logout");
    filterChainDefinitionMap.put("admin/**/detail", "authc");
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    /*shiroFilterFactoryBean.setU("/403");*/
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

    return shiroFilterFactoryBean;
}
 

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
    filterChainDefinitionMap.put("/admin/auth/login", "anon");
    filterChainDefinitionMap.put("/admin/auth/401", "anon");
    filterChainDefinitionMap.put("/admin/auth/index", "anon");
    filterChainDefinitionMap.put("/admin/auth/403", "anon");

    filterChainDefinitionMap.put("/admin/**", "authc");
    shiroFilterFactoryBean.setLoginUrl("/admin/auth/401");
    shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index");
    shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	shiroFilterFactoryBean.setSecurityManager(securityManager);
	Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
	filterChainDefinitionMap.put("/admin/auth/login", "anon");
	filterChainDefinitionMap.put("/admin/auth/401", "anon");
	filterChainDefinitionMap.put("/admin/auth/index", "anon");
	filterChainDefinitionMap.put("/admin/auth/403", "anon");

	filterChainDefinitionMap.put("/admin/**", "authc");
	shiroFilterFactoryBean.setLoginUrl("/admin/auth/401");
	shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index");
	shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403");
	shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
	return shiroFilterFactoryBean;
}
 

/**
 * ShiroFilterFactoryBean 处理拦截资源文件问题。
 *
 * @param securityManager
 * @return
 */

@Bean(name="shiroFilter")
@DependsOn({"securityManager"})
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    log.info("ShiroConfiguration.shirFilter()");
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    //拦截器.
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    filterChainDefinitionMap.put("/captcha", "anon");
    filterChainDefinitionMap.put("/admin/code/**", "anon");
    filterChainDefinitionMap.put("admin/**/page-query", "user");
    filterChainDefinitionMap.put("/admin/employee/logout", "logout");
    filterChainDefinitionMap.put("admin/**/detail", "authc");
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    /*shiroFilterFactoryBean.setU("/403");*/
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

    return shiroFilterFactoryBean;
}
 

@Bean
public ShiroFilterFactoryBean shiroFilter() {
    final ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager());
    shiroFilterFactoryBean.setLoginUrl("/member/login");
    shiroFilterFactoryBean.setSuccessUrl("/home/index");
    shiroFilterFactoryBean.setUnauthorizedUrl("/error/401");

    final Map<String, Filter> filters = Maps.newHashMap();
    filters.put("authc", this.authcFilter());
    filters.put("membership", this.membershipFilter());
    shiroFilterFactoryBean.setFilters(filters);

    final Map<String, String> chains = Maps.newLinkedHashMap();
    chains.put("/member/logout", "logout");
    chains.put("/", this.configProperties.getShiro().getFilters());
    chains.put("/home/**", this.configProperties.getShiro().getFilters());
    chains.put("/views/**", this.configProperties.getShiro().getFilters());
    chains.put("/rest/**", this.configProperties.getShiro().getFilters());
    chains.put("/**", "anon");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(chains);

    return shiroFilterFactoryBean;
}
 

@Bean("shiroFilter")
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();

    // 添加自己的过滤器并且取名为jwt
    Map<String, Filter> filterMap =  Maps.newHashMap();
    filterMap.put("jwt", new JwtFilter());
    factoryBean.setFilters(filterMap);

    factoryBean.setSecurityManager(securityManager);
    factoryBean.setUnauthorizedUrl("/401");

    /*
     * 自定义url规则
     * http://shiro.apache.org/web.html#urls-
     */
    Map<String, String> filterRuleMap =  Maps.newHashMap();
    // 所有请求通过我们自己的JWT Filter
    filterRuleMap.put("/**", "jwt");
    // 访问401和404页面不通过我们的Filter
    filterRuleMap.put("/401", "anon");
    factoryBean.setFilterChainDefinitionMap(filterRuleMap);
    return factoryBean;
}
 

/**
 * Filter工厂，设置过滤条件与跳转条件
 */
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();

    // Shiro的核心安全接口
    bean.setSecurityManager(securityManager);

    // 设置登陆页
    bean.setLoginUrl("/login");

    // 自定义拦截规则
    Map<String,String> map = new HashMap<>(16);
    map.put("/", "anon");
    // 设置退出登陆
    map.put("/logout", "logout");
    // 对所有用户认证
    map.put("/**", "authc");

    bean.setFilterChainDefinitionMap(map);
    return bean;
}
 

@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    bean.setSecurityManager(securityManager());
    bean.setLoginUrl("/login");
    bean.setSuccessUrl("/index");
    bean.setUnauthorizedUrl("/unauthorizedurl");
    Map<String, String> map = new LinkedHashMap();
    map.put("/login", "anon");
    map.put("/aaaaa/**", "anon");
    map.put("/bypass", "authc");
    map.put("/bypass.*", "authc");
    map.put("/bypass/**", "authc");
    map.put("/**", "authc");
    bean.setFilterChainDefinitionMap(map);
    return bean;
}
 

/**
 * ShiroFilterFactoryBean 处理拦截资源文件问题。
 * 注意：单独一个ShiroFilterFactoryBean配置是或报错的，因为在
 * 初始化ShiroFilterFactoryBean的时候需要注入：SecurityManager
 * Filter Chain定义说明
 * 1、一个URL可以配置多个Filter，使用逗号分隔
 * 2、当设置多个过滤器时，全部验证通过，才视为通过
 * 3、部分过滤器可指定参数，如perms，roles
 */
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    // 必须设置 SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
    shiroFilterFactoryBean.setLoginUrl("/passport/login/");
    // 登录成功后要跳转的链接
    shiroFilterFactoryBean.setSuccessUrl("/index");
    // 未授权界面;
    shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
    // 配置数据库中的resource
    Map<String, String> filterChainDefinitionMap = shiroService.loadFilterChainDefinitions();
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);

    //拦截器.
    Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
    // 配置不会被拦截的链接 顺序判断
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/upload/**", "anon");
    filterChainDefinitionMap.put("/plugins/**", "anon");
    filterChainDefinitionMap.put("/templates/**", "anon");
    filterChainDefinitionMap.put("/admin/code/api/generate", "anon");
    filterChainDefinitionMap.put("/admin/login/api/toLogin", "anon");
    filterChainDefinitionMap.put("/admin/login/api/loginCheck", "anon");
    filterChainDefinitionMap.put("/**", "authc");

    shiroFilterFactoryBean.setLoginUrl("/admin/login/api/toLogin");
    shiroFilterFactoryBean.setSuccessUrl("/admin/login/api/toIndex");
    shiroFilterFactoryBean.setUnauthorizedUrl("/admin/login/api/toIndex");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

/**
 * 添加自己的过滤器，自定义url规则
 * Shiro自带拦截器配置规则
 * rest：比如/admins/user/**=rest[user],根据请求的方法，相当于/admins/user/**=perms[user：method] ,其中method为post，get，delete等
 * port：比如/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal：//serverName：8081?queryString,其中schmal是协议http或https等，serverName是你访问的host,8081是url配置里port的端口，queryString是你访问的url里的？后面的参数
 * perms：比如/admins/user/**=perms[user：add：*],perms参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，比如/admins/user/**=perms["user：add：*,user：modify：*"]，当有多个参数时必须每个参数都通过才通过，想当于isPermitedAll()方法
 * roles：比如/admins/user/**=roles[admin],参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，当有多个参数时，比如/admins/user/**=roles["admin,guest"],每个参数通过才算通过，相当于hasAllRoles()方法。//要实现or的效果看http://zgzty.blog.163.com/blog/static/83831226201302983358670/
 * anon：比如/admins/**=anon 没有参数，表示可以匿名使用
 * authc：比如/admins/user/**=authc表示需要认证才能使用，没有参数
 * authcBasic：比如/admins/user/**=authcBasic没有参数表示httpBasic认证
 * ssl：比如/admins/user/**=ssl没有参数，表示安全的url请求，协议为https
 * user：比如/admins/user/**=user没有参数表示必须存在用户，当登入操作时不做检查
 * 详情见文档 http://shiro.apache.org/web.html#urls-
 * @param securityManager
 * @return org.apache.shiro.spring.web.ShiroFilterFactoryBean
 * @author dolyw.com
 * @date 2018/8/31 10:57
 */
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
    // 添加自己的过滤器取名为jwt
    Map<String, Filter> filterMap = new HashMap<>(16);
    filterMap.put("jwt", new JwtFilter());
    factoryBean.setFilters(filterMap);
    factoryBean.setSecurityManager(securityManager);
    // 自定义url规则使用LinkedHashMap有序Map
    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(16);
    // Swagger接口文档
    // filterChainDefinitionMap.put("/v2/api-docs", "anon");
    // filterChainDefinitionMap.put("/webjars/**", "anon");
    // filterChainDefinitionMap.put("/swagger-resources/**", "anon");
    // filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    // filterChainDefinitionMap.put("/doc.html", "anon");
    // 公开接口
    // filterChainDefinitionMap.put("/api/**", "anon");
    // 登录接口放开
    filterChainDefinitionMap.put("/user/login", "anon");
    // 所有请求通过我们自己的JWTFilter
    filterChainDefinitionMap.put("/**", "jwt");
    factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return factoryBean;
}
 

@Bean
  @Override
  protected ShiroFilterFactoryBean shiroFilterFactoryBean() {

ShiroFilterFactoryBean filterFactoryBean = new ShiroCasFilterFactoryBean();
      
      //登录地址：会话不存在时访问的地址
		filterFactoryBean.setLoginUrl(CasUrlUtils.constructLoginRedirectUrl(casProperties, serverProperties.getServlet().getContextPath(), casProperties.getServerCallbackUrl()));
		//系统主页：登录成功后跳转路径
		filterFactoryBean.setSuccessUrl(bizProperties.getSuccessUrl());
		//异常页面：无权限时的跳转路径
		filterFactoryBean.setUnauthorizedUrl(bizProperties.getUnauthorizedUrl());
    
		//必须设置 SecurityManager
	filterFactoryBean.setSecurityManager(securityManager);
	//拦截规则
	filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
    
	return filterFactoryBean;
      
  }
 

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean
            .setSecurityManager(securityManager);
    shiroFilterFactoryBean.setLoginUrl("/login");
    shiroFilterFactoryBean.setSuccessUrl("/");
    filterChainDefinitionMap.put("/login", "authc");
    filterChainDefinitionMap.put("/logout", "logout");
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/api/**", "anon");
    filterChainDefinitionMap.put("/register/**", "anon");
    filterChainDefinitionMap.put("/admin/**", "roles[admin]");
    filterChainDefinitionMap.put("/**", "user");

    shiroFilterFactoryBean
            .setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
	System.out.println("ShiroConfiguration.shirFilter()");
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	shiroFilterFactoryBean.setSecurityManager(securityManager);
	//拦截器.
	Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
	// 配置不会被拦截的链接 顺序判断
	filterChainDefinitionMap.put("/static/**", "anon");
	//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
	filterChainDefinitionMap.put("/logout", "logout");
	//<!-- 过滤链定义，从上向下顺序执行，一般将/**放在最为下边 -->:这是一个坑呢，一不小心代码就不好使了;
	//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
	filterChainDefinitionMap.put("/**", "authc");
	// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
	shiroFilterFactoryBean.setLoginUrl("/login");
	// 登录成功后要跳转的链接
	shiroFilterFactoryBean.setSuccessUrl("/index");

	//未授权界面;
	shiroFilterFactoryBean.setUnauthorizedUrl("/403");
	shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
	return shiroFilterFactoryBean;
}
 

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	shiroFilterFactoryBean.setSecurityManager(securityManager);
	shiroFilterFactoryBean.setLoginUrl("/admin");
	shiroFilterFactoryBean.setSuccessUrl("/admin");
	shiroFilterFactoryBean.setUnauthorizedUrl("/error");

	Map<String, Filter> filters = Application.getSecurityfilters();
	AjaxAuthenticationFilter ajaxAuthenticationFilter = new AjaxAuthenticationFilter();
	ajaxAuthenticationFilter.setRobotPrevention(new CaptchaRobotPrevention());
	filters.put(DefaultFilter.authc.name(), ajaxAuthenticationFilter);
	shiroFilterFactoryBean.setFilters(filters);

	shiroFilterFactoryBean.setFilterChainDefinitionMap(Application.getSecurityFilterChainDefinitionMap());
	return shiroFilterFactoryBean;
}
 

@Bean(name = "shiroFilter")
@DependsOn("securityManager")
@ConditionalOnMissingBean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultSecurityManager securityManager, Realm realm, ShiroFilterRegistry registry) {
	securityManager.setRealm(realm);

       Map<String, String> filterDef = swapKeyValue(properties.getFilterChainDefinitions());
       log.info("过虑器配置: {}", filterDef);
       log.info("自定义过虑器: {}", registry.getFilterMap());

	ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
	shiroFilter.setSecurityManager(securityManager);
	shiroFilter.setLoginUrl(properties.getLoginUrl());
	shiroFilter.setSuccessUrl(properties.getSuccessUrl());
	shiroFilter.setUnauthorizedUrl(properties.getUnauthorizedUrl());

	shiroFilter.setFilterChainDefinitionMap(filterDef);
       shiroFilter.getFilters().putAll(registry.getFilterMap());

	return shiroFilter;
}
 

@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
    log.info("Shiro Configuration initialized");
    ShiroFilterFactoryBean shiroFilterFactoryBean  = new ShiroFilterFactoryBean();

    //设置SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    //拦截器
    //<!-- 过滤链定义，从上向下顺序执行，一般将 /**放在最为下边 -->:这是一个坑呢，一不小心代码就不好使了;
    //<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
    Map<String,String> filterChainDefinitionMap = shiroService.getFilterChainDefinitionMap();

    //过滤器
    Map<String,Filter> filters = new HashMap<>();
    filters.put("perms",new JwtFilter());
    shiroFilterFactoryBean.setFilters(filters);
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("authRealm")AuthRealm authRealm){
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    bean.setSecurityManager(securityManager(authRealm));
    bean.setSuccessUrl("/index");
    bean.setLoginUrl("/login");
    Map<String,Filter> map = Maps.newHashMap();
    map.put("authc",new CaptchaFormAuthenticationFilter());
    bean.setFilters(map);
    //配置访问权限
    LinkedHashMap<String, String> filterChainDefinitionMap = Maps.newLinkedHashMap();
    filterChainDefinitionMap.put("/static/**","anon");
    filterChainDefinitionMap.put("/showBlog/**","anon");
    filterChainDefinitionMap.put("/blog/**","anon");
    filterChainDefinitionMap.put("/login/main","anon");
    filterChainDefinitionMap.put("/genCaptcha","anon");
    filterChainDefinitionMap.put("/systemLogout","authc");
    filterChainDefinitionMap.put("/**","authc");
    bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return bean;
}
 

/**
 * ShiroFilterFactoryBean 处理拦截资源文件问题。
 * 注意：单独一个ShiroFilterFactoryBean配置是或报错的，因为在
 * 初始化ShiroFilterFactoryBean的时候需要注入：SecurityManager
 * Filter Chain定义说明
 * 1、一个URL可以配置多个Filter，使用逗号分隔
 * 2、当设置多个过滤器时，全部验证通过，才视为通过
 * 3、部分过滤器可指定参数，如perms，roles
 */
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    // 必须设置 SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
    shiroFilterFactoryBean.setLoginUrl(shiroProperties.getLoginUrl());
    // 登录成功后要跳转的链接
    shiroFilterFactoryBean.setSuccessUrl(shiroProperties.getSuccessUrl());
    // 未授权界面;
    shiroFilterFactoryBean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
    // 配置数据库中的resource
    Map<String, String> filterChainDefinitionMap = shiroService.loadFilterChainDefinitions();
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

/**
 * 对过滤器进行调整
 *
 * @param securityManager
 * @return
 */
@Bean(name = "shiroFilter")
protected ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager, Config config) {
    ShiroFilterFactoryBean filterFactoryBean = super.shiroFilterFactoryBean();
    filterFactoryBean.setSecurityManager(securityManager);
    
    //过滤器设置
    Map<String, Filter> filters = new HashMap<>();
    SecurityFilter securityFilter = new SecurityFilter();
    securityFilter.setClients("cas,rest,jwt");
    securityFilter.setConfig(config);
    filters.put("casSecurityFilter", securityFilter);
    
    CallbackFilter callbackFilter = new CallbackFilter();
    callbackFilter.setConfig(config);
    filters.put("callbackFilter", callbackFilter);
    
    filterFactoryBean.setFilters(filters);
    

    return filterFactoryBean;
}
 

@Bean//@Bean的默认name是方法名也就是shiroFilter
    public ShiroFilterFactoryBean shiroFilter() {
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(securityManager());
        //设置访问权限
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
//        filterChainDefinitionMap.put("/api/addBlog", "myRoles[admin]");
//        filterChainDefinitionMap.put("/api/delBlogs", "myRoles[admin]");
        filterChainDefinitionMap.put("/api/userList", "myRoles[admin]");
        filterChainDefinitionMap.put("/api/delUsers", "myAuthc[admin],myRoles[admin]");
        filterChainDefinitionMap.put("/api/file", "myRoles[special]");
        filterChainDefinitionMap.put("/api/logout", "logout");
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        //设置自定义filter
        Map<String, Filter> filters = Maps.newHashMap();
        filters.put("myRoles", new MyRolesFilter());
        filters.put("myUser", new MyUserFilter());
        filters.put("myAuthc", new MyAuthcFilter());
        bean.setFilters(filters);
        return bean;
    }
 

@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(
            DefaultWebSecurityManager securityManager,
            FormAuthenticationFilter formAuthenticationFilter) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/oss/login");
        // 登录成功后要跳转的连接
        shiroFilterFactoryBean.setSuccessUrl("/admin/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        Map map = new HashMap<>();
//        map.put("authc",formAuthenticationFilter);
        shiroFilterFactoryBean.setFilters(map);
        loadShiroFilterChain(shiroFilterFactoryBean);
        return shiroFilterFactoryBean;
    }
 

/**
     * 加载shiroFilter权限控制规则（从数据库读取然后配置）
     *
     * @author SHANHY
     * @create 2016年1月14日
     */
    private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
        /////////////////////// 下面这些规则配置最好配置到配置文件中 ///////////////////////
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
        // authc：该过滤器下的页面必须验证后才能访问，它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
        filterChainDefinitionMap.put("/admin/**", "authc");// 这里为了测试，只限制/user，实际开发中请修改为具体拦截的请求规则
        // anon：它对应的过滤器里面是空的,什么都没做
        logger.info("##################从数据库读取权限规则，加载到shiroFilter中##################");
//        filterChainDefinitionMap.put("/user/edit/**", "authc,perms[user:edit]");// 这里为了测试，固定写死的值，也可以从数据库或其他配置中读取
//
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/**", "anon");//anon 可以理解为不拦截
//        filterChainDefinitionMap.put("/admin/login","anon");
//        filterChainDefinitionMap.put("/admin/thymeleaf/cache/clear","anon");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    }
 

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    //shirFilter
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    //拦截器.
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
    // 配置不需要权限的资源
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/index", "anon");
    //配置退出过滤器,退出代码Shiro已经替我们实现
    filterChainDefinitionMap.put("/logout", "logout");
    //过滤链定义，从上向下顺序执行，/**放在最下边;
    //<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
    filterChainDefinitionMap.put("/**", "authc");
    // 如果不设置默认会自动寻找Web工程根目录下的"/login"页面
    shiroFilterFactoryBean.setLoginUrl("/login");
    // 登录成功后要跳转的链接
    shiroFilterFactoryBean.setSuccessUrl("/index");
    //未授权界面;
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

/**
 * 处理拦截资源文件问题。
 *
 * @param securityManager
 * @return
 */
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

    // 设置 SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);

    // 如果不设置默认会自动寻找Web工程根目录下的"/login.html"页面
    shiroFilterFactoryBean.setLoginUrl("/login");
    // 登录成功后要跳转的链接
    shiroFilterFactoryBean.setSuccessUrl("/initPage");
    //未授权界面
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    //拦截器.
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    filterChainDefinitionMap.put("/favicon.png","anon");//解决弹出favicon.ico下载
    filterChainDefinitionMap.put("/logout", "logout");
    filterChainDefinitionMap.put("/css/**", "anon");
    filterChainDefinitionMap.put("/js/**", "anon");
    filterChainDefinitionMap.put("/img/**", "anon");
    filterChainDefinitionMap.put("/font-awesome/**", "anon");

    //自定义加载权限资源关系
    List<Permission> list = permissionService.findAll();
    for (Permission p : list) {
        if (!p.getPerurl().isEmpty()) {
            String permission = "perms[" + p.getPerurl() + "]";
            filterChainDefinitionMap.put(p.getPerurl(), permission);
        }
    }


    //过滤链定义，从上向下顺序执行，一般将 /**放在最为下边
    filterChainDefinitionMap.put("/**", "authc");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

@Bean("shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setSecurityManager(securityManager);

    //oauth过滤
    Map<String, Filter> filters = new HashMap<>();
    filters.put("oauth2", new OAuth2Filter());
    shiroFilter.setFilters(filters);

    Map<String, String> filterMap = new LinkedHashMap<>();
    filterMap.put("/test/**", "anon");
    filterMap.put("/actuator/**", "anon");
    filterMap.put("/pay/**", "anon");
    filterMap.put("/webjars/**", "anon");
    filterMap.put("/druid/**", "anon");
    filterMap.put("/app/**", "anon");
    filterMap.put("/file/**", "anon");
    filterMap.put("/wechat/**", "anon");
    filterMap.put("/UEditor/**", "anon");
    filterMap.put("/sys/login", "anon");
    filterMap.put("/sys/logistics/**", "anon");
    filterMap.put("/swagger/**", "anon");
    filterMap.put("/wx/**", "anon");
    filterMap.put("/v2/api-docs", "anon");
    filterMap.put("/swagger-ui.html", "anon");
    filterMap.put("/swagger-resources/**", "anon");
    filterMap.put("/captcha.jpg", "anon");
    filterMap.put("/**", "oauth2");
    shiroFilter.setFilterChainDefinitionMap(filterMap);

    return shiroFilter;
}
 

/**
 * 加载ShiroFilter权限控制规则
 */
private void loadShiroFilterChain(ShiroFilterFactoryBean factoryBean) {
	/**下面这些规则配置最好配置到配置文件中*/
	Map<String, String> filterChainMap = new LinkedHashMap<String, String>();
	filterChainMap.put("/user", "authc");
	filterChainMap.put("/inde", "authc");
	filterChainMap.put("/userGet", "authc");
	filterChainMap.put("/casLogin", "authc");
	filterChainMap.put("/user/edit/**", "authc,perms[user:edit]");
	filterChainMap.put("/restlogin", "anon");
	filterChainMap.put("/**", "anon");
	factoryBean.setFilterChainDefinitionMap(filterChainMap);
}
 

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
	ShiroFilterFactoryBean factoryBean = new MyShiroFilterFactoryBean();
	factoryBean.setSecurityManager(securityManager);
	factoryBean.setLoginUrl("/restlogin");
	factoryBean.setSuccessUrl("/user");
	factoryBean.setUnauthorizedUrl("/403");

	loadShiroFilterChain(factoryBean);
	return factoryBean;
}