Apache Shiro的Spring Boot [英] Spring Boot with Apache Shiro
问题描述
我目前正在尝试将Apache Shiro集成到我的Spring Boot restful API中,但遇到了一些问题,并且想知道是否有人可以提供帮助。
I'm currently trying to integrate Apache Shiro to my Spring Boot restful API, but am experiencing some issues and was wondering if anyone could help.
我的应用程序。 class:
My Application.class:
@Configuration
@EnableTransactionManagement
@EnableAutoConfiguration
@ComponentScan(basePackages = "org.xelamitchell.sophia.server")
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
我的WebConfig.class:
My WebConfig.class:
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public DispatcherServlet dispatcherServlet() {
DispatcherServlet servlet = new DispatcherServlet();
servlet.setDispatchOptionsRequest(true);
return servlet;
}
@Bean
public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {
ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
registration.addUrlMappings("/sophia/*");
return registration;
}
@Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
Map<String, MediaType> types = new HashMap<>();
types.put("json", APPLICATION_JSON);
types.put("xml", APPLICATION_XML);
configurer
.defaultContentType(APPLICATION_JSON)
.mediaTypes(types);
}
@Override
public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
converters.add(jackson());
converters.add(jaxb());
super.configureMessageConverters(converters);
}
@Bean
public MappingJackson2HttpMessageConverter jackson() {
final MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.getObjectMapper()
.setSerializationInclusion(JsonInclude.Include.NON_NULL)
.setSerializationInclusion(JsonInclude.Include.NON_EMPTY)
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
return converter;
}
@Bean
public Jaxb2RootElementHttpMessageConverter jaxb() {
final Jaxb2RootElementHttpMessageConverter converter = new Jaxb2RootElementHttpMessageConverter();
return converter;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/sophia/*");
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<>();
filters.put("anon", new FormAuthenticationFilter());
filters.put("authc", new FormAuthenticationFilter());
shiroFilter.setFilters(filters);
return shiroFilter;
}
@Bean
public org.apache.shiro.mgt.SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(sophiaRealm());
return securityManager;
}
@Bean(name = "sophiaRealm")
@DependsOn("lifecycleBeanPostProcessor")
public SophiaRealm sophiaRealm() {
return new SophiaRealm();
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
应用程序启动正常,日志确实显示正在设置shiroFilter:
The application start fine, and the logs do show that shiroFilter is being set:
INFO 12:44: 44:271 org.springframework.boot.context.embedded.ServletRegistrationBean - 将servlet:'dispatcherServlet'映射到[/ sophia / *]
INFO 12:44:44:277 org.springframework.boot.context.embedded。 FilterRegistrationBean - 映射过滤器:'shiroFilter'到:[/ *]
但当我尝试访问 / sophia时/ users
我没有被要求进行身份验证,服务器只是给我回复。
But when I attempt to access /sophia/users
I do not get asked to authenticate, the server simply gives me the response.
我的shiroFilter配置基于这个问题: 如何使用Spring Boot配置Shiro
I was basing my shiroFilter configuration on this question: How to configure Shiro with Spring Boot
推荐答案
shiroFilter的细微修改解决了这个问题:
Minor changes to the shiroFilter fixed the problem:
- 删除shiroFilter.setLoginUrl(S研ng)
- 使用以下过滤器链定义映射:
Map<String, Filter> filters = new HashMap<>();
filters.put("/**", "authcBasic");
shiroFilter.setFilters(filters);
神奇地说整个API都是使用基本HTTP身份验证进行保护。 :)
And magically the whole API is secured with a Basic HTTP authentication. :)
这篇关于Apache Shiro的Spring Boot的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!