1. 分析
之前在Shiro中没有配置过静态资源过滤,这次在配置过程中给予静态资源anno
发现还是会被拦截,查阅其它博客,基本上都是在说LinkedHashMap
过滤次序问题,但我最初就是这个,因此排除。后再翻阅相关博客的时候看到了 大佬博客 中所说不要将过滤器注册到容器中即可,自己手动创建过滤器!!
,然后查看我的代码,果然将过滤器注册到了容器中,将其拿掉,然后在shiroconfig
中@Autowired JwtFilter jwtfilter
改成 new JwtFilter()
即可。
2. 具体代码
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
Map<String, String> filterMap = new LinkedHashMap<>();
// swagger2页面
filterMap.put("/swagger-ui.html", "anon");
filterMap.put("/swagger/**", "anon");
filterMap.put("/swagger-resources/**", "anon");
filterMap.put("/v2/**", "anon");
filterMap.put("/webjars/**", "anon");
filterMap.put("/webjars.bycdao-ui/**", "anon");
filterMap.put("/configuration/**", "anon");
filterMap.put("/doc.html", "anon");
filterMap.put("/**", "jwt"); // 主要通过注解方式校验权限
chainDefinition.addPathDefinitions(filterMap);
return chainDefinition;
}
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager,ShiroFilterChainDefinition shiroFilterChainDefinition) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
Map<String, Filter> filters = new HashMap<>();
// ---------------------------------------------------
filters.put("jwt", new JwtFilter()); // 修改处
shiroFilter.setFilters(filters);
Map<String, String> filterMap = shiroFilterChainDefinition.getFilterChainMap();
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
若在JwtFilter
使用到JwtUtil
类判断tk
是否过期等,而JwtUtil
同样不要注册到容器中,不然可能请求会报 Not authorized to invoke method