Java Code Examples for org.apache.shiro.spring.web.ShiroFilterFactoryBean#setFilterChainDefinitionMap()
The following examples show how to use
org.apache.shiro.spring.web.ShiroFilterFactoryBean#setFilterChainDefinitionMap() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ShiroConfiguration.java From White-Jotter with MIT License | 7 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/nowhere");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
Map<String, Filter> customizedFilter = new HashMap<>(); // 自定义过滤器设置 1
customizedFilter.put("url", getURLPathMatchingFilter()); // 自定义过滤器设置 2,命名,需在设置过滤路径前
filterChainDefinitionMap.put("/api/authentication", "authc"); // 防鸡贼登录
filterChainDefinitionMap.put("/api/menu", "authc");
filterChainDefinitionMap.put("/api/admin/**", "authc");
filterChainDefinitionMap.put("/api/admin/**", "url"); // 自定义过滤器设置 3,设置过滤路径
shiroFilterFactoryBean.setFilters(customizedFilter); // 自定义过滤器设置 4,启用
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 2
| Source File: ShiroConfig.java From Spring-Boot-Book with Apache License 2.0 | 6 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
//shirFilter
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置不需要权限的资源
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/index", "anon");
//配置退出过滤器,退出代码Shiro已经替我们实现
filterChainDefinitionMap.put("/logout", "logout");
//过滤链定义,从上向下顺序执行,/**放在最下边;
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/**", "authc");
// 如果不设置默认会自动寻找Web工程根目录下的"/login"页面
shiroFilterFactoryBean.setLoginUrl("/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 3
| Source File: ShiroConfig.java From learnjavabug with MIT License | 6 votes |
|
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
bean.setLoginUrl("/login");
bean.setSuccessUrl("/index");
bean.setUnauthorizedUrl("/unauthorizedurl");
Map<String, String> map = new LinkedHashMap();
map.put("/login", "anon");
map.put("/aaaaa/**", "anon");
map.put("/bypass", "authc");
map.put("/bypass.*", "authc");
map.put("/bypass/**", "authc");
map.put("/**", "authc");
bean.setFilterChainDefinitionMap(map);
return bean;
}
Example 4
| Source File: ShiroConfig.java From ShiroJwt with MIT License | 6 votes |
|
/**
* 添加自己的过滤器,自定义url规则
* Shiro自带拦截器配置规则
* rest:比如/admins/user/**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等
* port:比如/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数
* perms:比如/admins/user/**=perms[user:add:*],perms参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,比如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法
* roles:比如/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,比如/admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。//要实现or的效果看http://zgzty.blog.163.com/blog/static/83831226201302983358670/
* anon:比如/admins/**=anon 没有参数,表示可以匿名使用
* authc:比如/admins/user/**=authc表示需要认证才能使用,没有参数
* authcBasic:比如/admins/user/**=authcBasic没有参数表示httpBasic认证
* ssl:比如/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
* user:比如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
* 详情见文档 http://shiro.apache.org/web.html#urls-
* @param securityManager
* @return org.apache.shiro.spring.web.ShiroFilterFactoryBean
* @author dolyw.com
* @date 2018/8/31 10:57
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// 添加自己的过滤器取名为jwt
Map<String, Filter> filterMap = new HashMap<>(16);
filterMap.put("jwt", new JwtFilter());
factoryBean.setFilters(filterMap);
factoryBean.setSecurityManager(securityManager);
// 自定义url规则使用LinkedHashMap有序Map
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(16);
// Swagger接口文档
// filterChainDefinitionMap.put("/v2/api-docs", "anon");
// filterChainDefinitionMap.put("/webjars/**", "anon");
// filterChainDefinitionMap.put("/swagger-resources/**", "anon");
// filterChainDefinitionMap.put("/swagger-ui.html", "anon");
// filterChainDefinitionMap.put("/doc.html", "anon");
// 公开接口
// filterChainDefinitionMap.put("/api/**", "anon");
// 登录接口放开
filterChainDefinitionMap.put("/user/login", "anon");
// 所有请求通过我们自己的JWTFilter
filterChainDefinitionMap.put("/**", "jwt");
factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return factoryBean;
}
Example 5
| Source File: ShiroConfig.java From layui-admin with MIT License | 6 votes |
|
/**
* 配置FilterFactoryBean
* */
@Bean(name = "myShiroFilter")
public ShiroFilterFactoryBean myShiroFilter() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
//设置登录链接(前后端分离方案中这里不返回页面,返回403报文,供前端跳转到登录页面)
shiroFilterFactoryBean.setLoginUrl("/403");
// 登录成功后要跳转的链接(前后端分离方案这个不需要)
//shiroFilterFactoryBean.setSuccessUrl("/home");
// 未授权跳转链接;
shiroFilterFactoryBean.setUnauthorizedUrl("/401");
// 添加自定义过滤器
shiroFilterFactoryBean.getFilters().put("roleOr",roleOrFilter);
//拦截链配置
Map<String, String> filterChainDefinitionMap = constructFilterChainDefinitionMap();
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
log.info("ShiroFilterFactoryBean注入成功!");
return shiroFilterFactoryBean;
}
Example 6
| Source File: ShiroCasWebFilterConfiguration.java From shiro-cas-spring-boot-starter with Apache License 2.0 | 6 votes |
|
@Bean
@Override
protected ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean filterFactoryBean = new ShiroCasFilterFactoryBean();
//登录地址:会话不存在时访问的地址
filterFactoryBean.setLoginUrl(CasUrlUtils.constructLoginRedirectUrl(casProperties, serverProperties.getServlet().getContextPath(), casProperties.getServerCallbackUrl()));
//系统主页:登录成功后跳转路径
filterFactoryBean.setSuccessUrl(bizProperties.getSuccessUrl());
//异常页面:无权限时的跳转路径
filterFactoryBean.setUnauthorizedUrl(bizProperties.getUnauthorizedUrl());
//必须设置 SecurityManager
filterFactoryBean.setSecurityManager(securityManager);
//拦截规则
filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
return filterFactoryBean;
}
Example 7
| Source File: ShiroConfiguration.java From spring-boot-quickstart with Apache License 2.0 | 6 votes |
|
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean
.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/");
filterChainDefinitionMap.put("/login", "authc");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/api/**", "anon");
filterChainDefinitionMap.put("/register/**", "anon");
filterChainDefinitionMap.put("/admin/**", "roles[admin]");
filterChainDefinitionMap.put("/**", "user");
shiroFilterFactoryBean
.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 8
| Source File: BootStrap.java From MyBlog with Apache License 2.0 | 6 votes |
|
@Bean//@Bean的默认name是方法名也就是shiroFilter
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
//设置访问权限
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
// filterChainDefinitionMap.put("/api/addBlog", "myRoles[admin]");
// filterChainDefinitionMap.put("/api/delBlogs", "myRoles[admin]");
filterChainDefinitionMap.put("/api/userList", "myRoles[admin]");
filterChainDefinitionMap.put("/api/delUsers", "myAuthc[admin],myRoles[admin]");
filterChainDefinitionMap.put("/api/file", "myRoles[special]");
filterChainDefinitionMap.put("/api/logout", "logout");
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
//设置自定义filter
Map<String, Filter> filters = Maps.newHashMap();
filters.put("myRoles", new MyRolesFilter());
filters.put("myUser", new MyUserFilter());
filters.put("myAuthc", new MyAuthcFilter());
bean.setFilters(filters);
return bean;
}
Example 9
| Source File: ShiroConfig.java From parker with MIT License | 5 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager());
factoryBean.getFilters().put("authc", new StatelessAccessControlFilter());
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
// 由于使用Swagger调试,因此设置所有Swagger相关的请求可以匿名访问
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/swagger-resources", "anon");
filterChainDefinitionMap.put("/swagger-resources/configuration/security", "anon");
filterChainDefinitionMap.put("/swagger-resources/configuration/ui", "anon");
filterChainDefinitionMap.put("/v2/api-docs", "anon");
filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
// 设置登录可以匿名访问
filterChainDefinitionMap.put("/login/**", "anon");
// 其他访问需要认证
filterChainDefinitionMap.put("/**", "authc");
factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return factoryBean;
}
Example 10
| Source File: ShiroConfig.java From kitty with GNU Lesser General Public License v3.0 | 5 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
// 自定义 OAuth2Filter 过滤器,替代默认的过滤器
Map<String, Filter> filters = new HashMap<>();
filters.put("oauth2", new OAuth2Filter());
shiroFilter.setFilters(filters);
// 访问路径拦截配置,"anon"表示无需验证,未登录也可访问
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/webjars/**", "anon");
// 查看SQL监控(druid)
filterMap.put("/druid/**", "anon");
// 首页和登录页面
filterMap.put("/", "anon");
filterMap.put("/login", "anon");
// swagger
filterMap.put("/swagger-ui.html", "anon");
filterMap.put("/swagger-resources", "anon");
filterMap.put("/v2/api-docs", "anon");
filterMap.put("/webjars/springfox-swagger-ui/**", "anon");
// 验证码
filterMap.put("/captcha.jpg**", "anon");
// 服务监控
filterMap.put("/actuator/**", "anon");
// 其他所有路径交给OAuth2Filter处理
filterMap.put("/**", "oauth2");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
Example 11
| Source File: ShiroConfig.java From sdb-mall with Apache License 2.0 | 5 votes |
|
@Bean("shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
//oauth过滤
Map<String, Filter> filters = new HashMap<>();
filters.put("oauth2", new OAuth2Filter());
shiroFilter.setFilters(filters);
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/test/**", "anon");
filterMap.put("/actuator/**", "anon");
filterMap.put("/pay/**", "anon");
filterMap.put("/webjars/**", "anon");
filterMap.put("/druid/**", "anon");
filterMap.put("/app/**", "anon");
filterMap.put("/file/**", "anon");
filterMap.put("/wechat/**", "anon");
filterMap.put("/UEditor/**", "anon");
filterMap.put("/sys/login", "anon");
filterMap.put("/sys/logistics/**", "anon");
filterMap.put("/swagger/**", "anon");
filterMap.put("/wx/**", "anon");
filterMap.put("/v2/api-docs", "anon");
filterMap.put("/swagger-ui.html", "anon");
filterMap.put("/swagger-resources/**", "anon");
filterMap.put("/captcha.jpg", "anon");
filterMap.put("/**", "oauth2");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
Example 12
| Source File: ShiroConfig.java From SENS with GNU General Public License v3.0 | 5 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//自定义拦截器
Map<String, Filter> filtersMap = new LinkedHashMap<String, Filter>();
//访问权限配置
filtersMap.put("requestURL", getURLPathMatchingFilter());
shiroFilterFactoryBean.setFilters(filtersMap);
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置不会被拦截的链接 顺序判断
List<String> urls = getIgnoredUrlsProperties().getUrls();
for (String url : urls) {
filterChainDefinitionMap.put(url, "anon");
}
filterChainDefinitionMap.put("/admin", "authc");
// filterChainDefinitionMap.put("/admin/**", "authc");
filterChainDefinitionMap.put("/admin/**", "requestURL");
filterChainDefinitionMap.put("/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
// 如果不设置默认会自动寻找Web工程根目录下的"/login"页面
shiroFilterFactoryBean.setLoginUrl("/admin/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
return shiroFilterFactoryBean;
}
Example 13
| Source File: ShiroConfig.java From fastdep with Apache License 2.0 | 5 votes |
|
/**
* shiroFilter
*
* @param securityManager securityManager bean
* @param jwtUtil jwt util bean
* @return shiroFilter
*/
@Bean("shiroFilter")
@ConditionalOnMissingBean(ShiroFilter.class)
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager, JwtUtil jwtUtil) {
FastDepShiroJwtProperties fastDepShiroJwtProperties = jwtUtil.fastDepShiroJwtProperties;
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// define your filter and name it as jwt
Map<String, Filter> filterMap = new HashMap<>(1);
filterMap.put("jwt", new JwtFilter(jwtUtil));
factoryBean.setFilters(filterMap);
factoryBean.setSecurityManager(securityManager);
/*
* difine custom URL rule
* http://shiro.apache.org/web.html#urls-
*/
Map<String, FastDepShiroJwtProperties.ShiroRole> filter = fastDepShiroJwtProperties.getFilter();
if (filter.size() > 0) {
LinkedHashMap<String, String> filterRuleMap = filter.values().stream().
collect(Collectors.toMap(FastDepShiroJwtProperties.ShiroRole::getPath,
FastDepShiroJwtProperties.ShiroRole::getRole, (key1, key2) -> key2, LinkedHashMap::new));
// 401 and 404 page does not forward to our filter
factoryBean.setFilterChainDefinitionMap(filterRuleMap);
}
if (fastDepShiroJwtProperties.getFilterChainDefinitions() != null) {
factoryBean.setFilterChainDefinitions(fastDepShiroJwtProperties.getFilterChainDefinitions());
}
factoryBean.setLoginUrl(fastDepShiroJwtProperties.getLoginUrl());
factoryBean.setSuccessUrl(fastDepShiroJwtProperties.getSuccessUrl());
factoryBean.setUnauthorizedUrl(fastDepShiroJwtProperties.getUnauthorizedUrl());
jwtUtil.fastDepShiroJwtAuthorization.shiroFilterFactoryBean(factoryBean);
return factoryBean;
}
Example 14
| Source File: ShiroConfig.java From DouBiNovel with Apache License 2.0 | 5 votes |
|
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
// System.out.println("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/admin/verificationCode", "anon");
filterChainDefinitionMap.put("/admin/doLogin", "anon");
//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了, 主要属性:redirectUrl:退出成功后重定向的地址(/)
// filterChainDefinitionMap.put("/admin/logout", "logout");
//<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/admin/**", "authc");
filterChainDefinitionMap.put("/**", "anon");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/admin/login");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/admin/index");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 15
| Source File: ShiroConfiguration.java From mblog with GNU General Public License v3.0 | 4 votes |
|
/**
* Shiro的过滤器链
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl("/login");
shiroFilter.setSuccessUrl("/");
shiroFilter.setUnauthorizedUrl("/error/reject.html");
HashMap<String, Filter> filters = new HashMap<>();
filters.put("authc", new AuthenticatedFilter());
shiroFilter.setFilters(filters);
/**
* 配置shiro拦截器链
*
* anon 不需要认证
* authc 需要认证
* user 验证通过或RememberMe登录的都可以
*
* 顺序从上到下,优先级依次降低
*
*/
Map<String, String> hashMap = new LinkedHashMap<>();
hashMap.put("/dist/**", "anon");
hashMap.put("/theme/**", "anon");
hashMap.put("/storage/**", "anon");
hashMap.put("/login", "anon");
hashMap.put("/user/**", "authc");
hashMap.put("/settings/**", "authc");
hashMap.put("/post/editing", "authc");
hashMap.put("/post/submit", "authc");
hashMap.put("/post/delete/*", "authc");
hashMap.put("/post/upload", "authc");
hashMap.put("/admin/channel/list", "authc,perms[channel:list]");
hashMap.put("/admin/channel/update", "authc,perms[channel:update]");
hashMap.put("/admin/channel/delete", "authc,perms[channel:delete]");
hashMap.put("/admin/post/list", "authc,perms[post:list]");
hashMap.put("/admin/post/update", "authc,perms[post:update]");
hashMap.put("/admin/post/delete", "authc,perms[post:delete]");
hashMap.put("/admin/comment/list", "authc,perms[comment:list]");
hashMap.put("/admin/comment/delete", "authc,perms[comment:delete]");
hashMap.put("/admin/user/list", "authc,perms[user:list]");
hashMap.put("/admin/user/update_role", "authc,perms[user:role]");
hashMap.put("/admin/user/pwd", "authc,perms[user:pwd]");
hashMap.put("/admin/user/open", "authc,perms[user:open]");
hashMap.put("/admin/user/close", "authc,perms[user:close]");
hashMap.put("/admin/options/index", "authc,perms[options:index]");
hashMap.put("/admin/options/update", "authc,perms[options:update]");
hashMap.put("/admin/role/list", "authc,perms[role:list]");
hashMap.put("/admin/role/update", "authc,perms[role:update]");
hashMap.put("/admin/role/delete", "authc,perms[role:delete]");
hashMap.put("/admin/theme/*", "authc,perms[theme:index]");
hashMap.put("/admin", "authc,perms[admin]");
hashMap.put("/admin/*", "authc,perms[admin]");
shiroFilter.setFilterChainDefinitionMap(hashMap);
return shiroFilter;
}
Example 16
| Source File: ShiroConfig.java From wetech-admin with MIT License | 4 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//shiro自定义过滤器
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("authc", new JwtFilter());
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
shiroFilterFactoryBean.setFilters(filters);
//配置记住我或认证通过可以访问的地址
// 配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/", "anon");
// begin: 此处仅仅演示模式使用,实际开发中请删除
filterChainDefinitionMap.put("/datasource/initialize", "anon");
// end: 此处仅仅演示模式使用,实际开发中请删除
filterChainDefinitionMap.put("/auth/login", "anon");
//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/auth/logout", "anon");
//过滤链定义,从上向下顺序执行,一般将/**放在最为下边
//swagger start
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/swagger-resources/**", "anon");
filterChainDefinitionMap.put("/v2/api-docs", "anon");
filterChainDefinitionMap.put("/csrf", "anon");
//swagger end
filterChainDefinitionMap.put("/webjars/**", "anon");
filterChainDefinitionMap.put("/assets/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/loading/**", "anon");
filterChainDefinitionMap.put("/avatar2.jpg", "anon");
filterChainDefinitionMap.put("/index.html", "anon");
filterChainDefinitionMap.put("/logo.png", "anon");
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/**", "authc");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/auth/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 17
| Source File: ShiroConfiguration.java From wangmarket with Apache License 2.0 | 4 votes |
|
/**
* ShiroFilterFactoryBean 处理拦截资源文件问题。
* 注意:单独一个ShiroFilterFactoryBean配置是或报错的,以为在
* 初始化ShiroFilterFactoryBean的时候需要注入:SecurityManager
*
* Filter Chain定义说明 1、一个URL可以配置多个Filter,使用逗号分隔 2、当设置多个过滤器时,全部验证通过,才视为通过
* 3、部分过滤器可指定参数,如perms,roles
*
*/
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(org.apache.shiro.mgt.SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//Shiro的核心安全接口,这个属性是必须的
shiroFilterFactoryBean.setSecurityManager(securityManager);
//要求登录时的链接(可根据项目的URL进行替换),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login.do");
//登录成功后要跳转的连接,逻辑也可以自定义,例如返回上次请求的页面
// shiroFilterFactoryBean.setSuccessUrl("/index");
//用户访问未对其授权的资源时,所显示的连接
shiroFilterFactoryBean.setUnauthorizedUrl("/403.do");
/*定义shiro过滤器,例如实现自定义的FormAuthenticationFilter,需要继承FormAuthenticationFilter **本例中暂不自定义实现,在下一节实现验证码的例子中体现 */
/*定义shiro过滤链 Map结构 * Map中key(xml中是指value值)的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 * anon:它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main这种 * authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter */
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// 配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
// <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/login.do", "anon");//anon 可以理解为不拦截
filterChainDefinitionMap.put("/index.jsp", "anon");
filterChainDefinitionMap.put("/cache/**", "anon");
filterChainDefinitionMap.put("/head/**", "anon"); //用户头像,如在线客服那里,上传的头像
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/*.jsp", "anon");
filterChainDefinitionMap.put("/*.do", "anon");
filterChainDefinitionMap.put("/default/**", "anon"); //系统默认的一些附件,如默认banner图等
// filterChainDefinitionMap.put("/dns.cgi", "anon"); 废弃
filterChainDefinitionMap.put("/install/*.do", "anon");
filterChainDefinitionMap.put("/*.html", "anon");
filterChainDefinitionMap.put("/*.xml", "anon"); //针对sitemap.xml
filterChainDefinitionMap.put("/style/**", "anon");
filterChainDefinitionMap.put("/upload/**", "anon");
filterChainDefinitionMap.put("/ueditor/**", "anon");
filterChainDefinitionMap.put("/module/ueditor/dialogs/**", "anon");
// filterChainDefinitionMap.put("/bbs/list.do", "anon");
// filterChainDefinitionMap.put("/bbs/view.do", "anon");
filterChainDefinitionMap.put("/plugin/api/*.do", "anon");
//help
filterChainDefinitionMap.put("/help/*.do", "anon");
//plugin bbs
filterChainDefinitionMap.put("/plugin/bbs/*.do", "anon");
//plugin 插件,都是可公开访问,自行在其中加是否登陆验证
filterChainDefinitionMap.put("/plugin/**", "anon");
//网站模版,v4.7增加的模版开发模式,模版放到本地
filterChainDefinitionMap.put("/websiteTemplate/**", "anon");
filterChainDefinitionMap.put("/*.*", "anon");
//750套模板
filterChainDefinitionMap.put("/template/templateExternalList.do", "anon");
//模版列表接口,v4.8增加
filterChainDefinitionMap.put("/template/getTemplateList.do", "anon");
//v4.10
filterChainDefinitionMap.put("/module/**", "anon");
//因为如果用本地存储的话,生成的网站页面、上传图片,都会存储到网站根目录下site文件夹中,所以要对非.do结尾的文件,不能拦截
// filterChainDefinitionMap.put("/site/*.do", "authc");
filterChainDefinitionMap.put("/site/**", "anon");
filterChainDefinitionMap.put("/sites/*.do", "authc");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 18
| Source File: ShiroJwtConfig.java From hdw-dubbo with Apache License 2.0 | 4 votes |
|
/**
* Filter Chain定义说明
*
* 1、一个URL可以配置多个Filter,使用逗号分隔
* 2、当设置多个过滤器时,全部验证通过,才视为通过
* 3、部分过滤器可指定参数,如perms,roles
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 拦截器
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
//TODO:配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/sys/captcha", "anon"); //登录验证码接口排除
filterChainDefinitionMap.put("/sys/login", "anon"); //登录接口排除
filterChainDefinitionMap.put("/sys/logout", "anon"); //登出接口排除
filterChainDefinitionMap.put("/sys/encrypt", "anon");//加密
filterChainDefinitionMap.put("/api/**", "anon");// API接口
//TODO:开放的静态资源
filterChainDefinitionMap.put("/favicon.ico", "anon");// 网站图标
filterChainDefinitionMap.put("/bootstrap/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/font/**", "anon");
filterChainDefinitionMap.put("/images/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/plugins/**", "anon");
filterChainDefinitionMap.put("/upload/**", "anon");
filterChainDefinitionMap.put("/qr/**", "anon");
filterChainDefinitionMap.put("/**/*.js", "anon");
filterChainDefinitionMap.put("/**/*.css", "anon");
filterChainDefinitionMap.put("/**/*.html", "anon");
filterChainDefinitionMap.put("/**/*.svg", "anon");
filterChainDefinitionMap.put("/**/*.pdf", "anon");
filterChainDefinitionMap.put("/**/*.jpg", "anon");
filterChainDefinitionMap.put("/**/*.png", "anon");
filterChainDefinitionMap.put("/**/*.ico", "anon");
//TODO:排除字体格式的后缀
filterChainDefinitionMap.put("/**/*.ttf", "anon");
filterChainDefinitionMap.put("/**/*.woff", "anon");
filterChainDefinitionMap.put("/**/*.woff2", "anon");
filterChainDefinitionMap.put("/druid/**", "anon");
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/swagger**/**", "anon");
filterChainDefinitionMap.put("/webjars/**", "anon");
filterChainDefinitionMap.put("/v2/**", "anon");
filterChainDefinitionMap.put("/doc.html", "anon");
//TODO:性能监控
filterChainDefinitionMap.put("/actuator/**", "anon");
//TODO:测试示例
filterChainDefinitionMap.put("/test/**", "anon"); //模板页面
//TODO:websocket排除
filterChainDefinitionMap.put("/ws/**", "anon");
//TODO:添加自己的过滤器并且取名为jwt
Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
filterMap.put("jwt", new JwtFilter());
shiroFilterFactoryBean.setFilters(filterMap);
//TODO:过滤链定义,从上向下顺序执行,一般将/**放在最为下边
filterChainDefinitionMap.put("/**", "jwt");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 19
| Source File: ShiroConfig.java From SpringBootBucket with MIT License | 4 votes |
|
/**
* ShiroFilterFactoryBean 处理拦截资源文件问题。
* 注意:单独一个ShiroFilterFactoryBean配置是或报错的,以为在
* 初始化ShiroFilterFactoryBean的时候需要注入:SecurityManager Filter Chain定义说明
* 1、一个URL可以配置多个Filter,使用逗号分隔
* 2、当设置多个过滤器时,全部验证通过,才视为通过
* 3、部分过滤器可指定参数,如perms,roles
*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
//验证码过滤器
Map<String, Filter> filtersMap = shiroFilterFactoryBean.getFilters();
filtersMap.put("jwt", new JWTFilter());
shiroFilterFactoryBean.setFilters(filtersMap);
// 拦截器
//rest:比如/admins/user/**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等。
//port:比如/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数。
//perms:比如/admins/user/**=perms[user:add:*],perms参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,比如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法。
//roles:比如/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,比如/admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。//要实现or的效果看http://zgzty.blog.163.com/blog/static/83831226201302983358670/
//anon:比如/admins/**=anon 没有参数,表示可以匿名使用。
//authc:比如/admins/user/**=authc表示需要认证才能使用,没有参数
//authcBasic:比如/admins/user/**=authcBasic没有参数表示httpBasic认证
//ssl:比如/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
//user:比如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
// swagger接口文档
filterChainDefinitionMap.put("/v2/api-docs", "anon");
filterChainDefinitionMap.put("/webjars/**", "anon");
filterChainDefinitionMap.put("/swagger-resources/**", "anon");
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/doc.html", "anon");
// 其他的
filterChainDefinitionMap.put("/**", "jwt");
// 访问401和404页面不通过我们的Filter
filterChainDefinitionMap.put("/401", "anon");
filterChainDefinitionMap.put("/404", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
Example 20
| Source File: ShiroConfiguration.java From spring-boot-seed with MIT License | 4 votes |
|
@Bean
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 设置securityManager,其中注入了自定义的Realm
shiroFilterFactoryBean.setSecurityManager(securityManager());
// 登陆url
shiroFilterFactoryBean.setLoginUrl("/login");
// 成功登陆后打开的url
shiroFilterFactoryBean.setSuccessUrl("/index");
// 授权失败跳转的页面
shiroFilterFactoryBean.setUnauthorizedUrl("/login");
Map<String, Filter> filtersMap = shiroFilterFactoryBean.getFilters();
// 添加过滤器,例如:验证码过滤器 KaptchaFilter
shiroFilterFactoryBean.setFilters(filtersMap);
// 权限过滤链
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
/*
* rest: 比如/admins/user/**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等。
* port: 比如/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数。
* perms:比如/admins/user/**=perms[user:add:*],perms参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,比如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法。
* roles:比如/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,比如/admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。//要实现or的效果看http://zgzty.blog.163.com/blog/static/83831226201302983358670/
* anon: 比如/admins/**=anon 没有参数,表示可以匿名使用。
* authc:比如/admins/user/**=authc表示需要认证才能使用,没有参数
* authcBasic:比如/admins/user/**=authcBasic没有参数表示httpBasic认证
* ssl: 比如/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
* user: 比如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
*/
filterChainDefinitionMap.put("/login.jsp", "anon");
filterChainDefinitionMap.put("/test/checkAuthc", "authc");
filterChainDefinitionMap.put("/test/**", "anon");
// druid过滤
filterChainDefinitionMap.put("/druid", "anon");
// swagger过滤
filterChainDefinitionMap.put("/swagger", "anon");
filterChainDefinitionMap.put("/swagger/api/docs", "anon");
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/webjars/**", "anon");
filterChainDefinitionMap.put("/swagger-resources/**", "anon");
// 其他需要授权
filterChainDefinitionMap.put("/*", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
