我目前正在尝试将Apache Shiro集成到我的Spring Boot RestfulAPI中,但是遇到一些问题,并且想知道是否有人可以提供帮助。
我的Application.class:
@Configuration @EnableTransactionManagement @EnableAutoConfiguration @ComponentScan(basePackages = "org.xelamitchell.sophia.server") public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } }
我的WebConfig.class:
@Configuration @EnableWebMvc public class WebConfig extends WebMvcConfigurerAdapter { @Bean public DispatcherServlet dispatcherServlet() { DispatcherServlet servlet = new DispatcherServlet(); servlet.setDispatchOptionsRequest(true); return servlet; } @Bean public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) { ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet); registration.addUrlMappings("/sophia/*"); return registration; } @Override public void configureContentNegotiation(ContentNegotiationConfigurer configurer) { Map<String, MediaType> types = new HashMap<>(); types.put("json", APPLICATION_JSON); types.put("xml", APPLICATION_XML); configurer .defaultContentType(APPLICATION_JSON) .mediaTypes(types); } @Override public void configureMessageConverters(List<HttpMessageConverter<?>> converters) { converters.add(jackson()); converters.add(jaxb()); super.configureMessageConverters(converters); } @Bean public MappingJackson2HttpMessageConverter jackson() { final MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter(); converter.getObjectMapper() .setSerializationInclusion(JsonInclude.Include.NON_NULL) .setSerializationInclusion(JsonInclude.Include.NON_EMPTY) .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); return converter; } @Bean public Jaxb2RootElementHttpMessageConverter jaxb() { final Jaxb2RootElementHttpMessageConverter converter = new Jaxb2RootElementHttpMessageConverter(); return converter; } @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter() { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setLoginUrl("/sophia/*"); shiroFilter.setSecurityManager(securityManager()); Map<String, Filter> filters = new HashMap<>(); filters.put("anon", new FormAuthenticationFilter()); filters.put("authc", new FormAuthenticationFilter()); shiroFilter.setFilters(filters); return shiroFilter; } @Bean public org.apache.shiro.mgt.SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(sophiaRealm()); return securityManager; } @Bean(name = "sophiaRealm") @DependsOn("lifecycleBeanPostProcessor") public SophiaRealm sophiaRealm() { return new SophiaRealm(); } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } }
应用程序启动正常,并且日志确实显示正在设置shiroFilter:
INFO 12:44:44:271 org.springframework.boot.context.embedded.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/sophia/*] INFO 12:44:44:277 org.springframework.boot.context.embedded.FilterRegistrationBean - Mapping filter: 'shiroFilter' to: [/*]
但是,当我尝试访问时/sophia/users,不会要求我进行身份验证,服务器只会给我响应。
/sophia/users
对shiroFilter进行的较小更改解决了该问题:
使用以下过滤器链定义映射:
Map filters = new HashMap<>(); filters.put(“/**”, “authcBasic”); shiroFilter.setFilters(filters);
神奇的是,整个API使用基本HTTP身份验证进行保护。:)
使用Shiro的默认Web过滤器
