Spring 使用 Apache Shiro 启动
Spring Boot with Apache Shiro
我目前正在尝试将 Apache Shiro 集成到我的 Spring Boot restful API 中,但遇到了一些问题,想知道是否有人可以提供帮助。
我的Application.class:
@Configuration
@EnableTransactionManagement
@EnableAutoConfiguration
@ComponentScan(basePackages = "org.xelamitchell.sophia.server")
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
我的WebConfig.class:
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public DispatcherServlet dispatcherServlet() {
DispatcherServlet servlet = new DispatcherServlet();
servlet.setDispatchOptionsRequest(true);
return servlet;
}
@Bean
public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {
ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
registration.addUrlMappings("/sophia/*");
return registration;
}
@Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
Map<String, MediaType> types = new HashMap<>();
types.put("json", APPLICATION_JSON);
types.put("xml", APPLICATION_XML);
configurer
.defaultContentType(APPLICATION_JSON)
.mediaTypes(types);
}
@Override
public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
converters.add(jackson());
converters.add(jaxb());
super.configureMessageConverters(converters);
}
@Bean
public MappingJackson2HttpMessageConverter jackson() {
final MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.getObjectMapper()
.setSerializationInclusion(JsonInclude.Include.NON_NULL)
.setSerializationInclusion(JsonInclude.Include.NON_EMPTY)
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
return converter;
}
@Bean
public Jaxb2RootElementHttpMessageConverter jaxb() {
final Jaxb2RootElementHttpMessageConverter converter = new Jaxb2RootElementHttpMessageConverter();
return converter;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/sophia/*");
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<>();
filters.put("anon", new FormAuthenticationFilter());
filters.put("authc", new FormAuthenticationFilter());
shiroFilter.setFilters(filters);
return shiroFilter;
}
@Bean
public org.apache.shiro.mgt.SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(sophiaRealm());
return securityManager;
}
@Bean(name = "sophiaRealm")
@DependsOn("lifecycleBeanPostProcessor")
public SophiaRealm sophiaRealm() {
return new SophiaRealm();
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
应用程序启动正常,日志确实显示正在设置 shiroFilter:
INFO 12:44:44:271 org.springframework.boot.context.embedded.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/sophia/*]
INFO 12:44:44:277 org.springframework.boot.context.embedded.FilterRegistrationBean - Mapping filter: 'shiroFilter' to: [/*]
但是当我尝试访问 /sophia/users 时,我没有被要求进行身份验证,服务器只是给我响应。
我的 shiroFilter 配置基于这个问题:How to configure Shiro with Spring Boot
对 shiroFilter 的小改动修复了问题:
- 删除 shiroFilter.setLoginUrl(字符串)
- 使用以下过滤器链定义映射:
Map<String, Filter> filters = new HashMap<>();
filters.put("/**", "authcBasic");
shiroFilter.setFilters(filters);
神奇的是,整个 API 通过基本 HTTP 身份验证得到了保护。 :)
我目前正在尝试将 Apache Shiro 集成到我的 Spring Boot restful API 中,但遇到了一些问题,想知道是否有人可以提供帮助。
我的Application.class:
@Configuration
@EnableTransactionManagement
@EnableAutoConfiguration
@ComponentScan(basePackages = "org.xelamitchell.sophia.server")
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
我的WebConfig.class:
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public DispatcherServlet dispatcherServlet() {
DispatcherServlet servlet = new DispatcherServlet();
servlet.setDispatchOptionsRequest(true);
return servlet;
}
@Bean
public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {
ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
registration.addUrlMappings("/sophia/*");
return registration;
}
@Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
Map<String, MediaType> types = new HashMap<>();
types.put("json", APPLICATION_JSON);
types.put("xml", APPLICATION_XML);
configurer
.defaultContentType(APPLICATION_JSON)
.mediaTypes(types);
}
@Override
public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
converters.add(jackson());
converters.add(jaxb());
super.configureMessageConverters(converters);
}
@Bean
public MappingJackson2HttpMessageConverter jackson() {
final MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.getObjectMapper()
.setSerializationInclusion(JsonInclude.Include.NON_NULL)
.setSerializationInclusion(JsonInclude.Include.NON_EMPTY)
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
return converter;
}
@Bean
public Jaxb2RootElementHttpMessageConverter jaxb() {
final Jaxb2RootElementHttpMessageConverter converter = new Jaxb2RootElementHttpMessageConverter();
return converter;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/sophia/*");
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<>();
filters.put("anon", new FormAuthenticationFilter());
filters.put("authc", new FormAuthenticationFilter());
shiroFilter.setFilters(filters);
return shiroFilter;
}
@Bean
public org.apache.shiro.mgt.SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(sophiaRealm());
return securityManager;
}
@Bean(name = "sophiaRealm")
@DependsOn("lifecycleBeanPostProcessor")
public SophiaRealm sophiaRealm() {
return new SophiaRealm();
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
应用程序启动正常,日志确实显示正在设置 shiroFilter:
INFO 12:44:44:271 org.springframework.boot.context.embedded.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/sophia/*]
INFO 12:44:44:277 org.springframework.boot.context.embedded.FilterRegistrationBean - Mapping filter: 'shiroFilter' to: [/*]
但是当我尝试访问 /sophia/users 时,我没有被要求进行身份验证,服务器只是给我响应。
我的 shiroFilter 配置基于这个问题:How to configure Shiro with Spring Boot
对 shiroFilter 的小改动修复了问题:
- 删除 shiroFilter.setLoginUrl(字符串)
- 使用以下过滤器链定义映射:
Map<String, Filter> filters = new HashMap<>();
filters.put("/**", "authcBasic");
shiroFilter.setFilters(filters);
神奇的是,整个 API 通过基本 HTTP 身份验证得到了保护。 :)