I have a Spring MVC web application that uses Shiro authentication using Spring configuration rather than a shiro.ini.
I want to transition to a Spring Boot application.
I have been mainly successful. The application starts in Spring Boot and my Shiro environment gets setup. However I just cannot work out how to setup the Shiro Filter correctly. I need this to be working to make sure requests end up being handled by the correct thread.
In the original app I configured the Shiro Filter in the web.xml like this:
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I have tried replicate this using a Java Config like this:
@Autowired
private WebSecurityManager webSecurityManager;
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new org.apache.shiro.spring.web.ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(webSecurityManager);
return shiroFilterFactoryBean;
}
@Bean
public org.apache.shiro.spring.LifecycleBeanPostProcessor lifecycleBeanPostProcessor()
{
return new org.apache.shiro.spring.LifecycleBeanPostProcessor();
}
@Bean
public Filter shiroFilter()
{
DelegatingFilterProxy filter = new DelegatingFilterProxy();
filter.setTargetBeanName("shiroFilterFactoryBean");
filter.setTargetFilterLifecycle(true);
return filter;
}
However I just cannot get everything to fit together and don't have enough knowledge to sort it out. I just can't see to connect the filter to the environment. I would guess it is something to do with the order things are setup.
Has anyone managed to use Spring Boot and Shiro together successfully?
Well, it seems that the lack of something, java config like this:
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/login");
shiroFilter.setSuccessUrl("/index");
shiroFilter.setUnauthorizedUrl("/forbidden");
Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>();
filterChainDefinitionMapping.put("/", "anon");
filterChainDefinitionMapping.put("/home", "authc,roles[guest]");
filterChainDefinitionMapping.put("/admin", "authc,roles[admin]");
shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<String, Filter>();
filters.put("anon", new AnonymousFilter());
filters.put("authc", new FormAuthenticationFilter());
filters.put("logout", new LogoutFilter());
filters.put("roles", new RolesAuthorizationFilter());
filters.put("user", new UserFilter());
shiroFilter.setFilters(filters);
System.out.println(shiroFilter.getFilters().size());
return shiroFilter;
}
@Bean(name = "securityManager")
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm());
return securityManager;
}
@Bean(name = "realm")
@DependsOn("lifecycleBeanPostProcessor")
public PropertiesRealm realm() {
PropertiesRealm propertiesRealm = new PropertiesRealm();
propertiesRealm.init();
return propertiesRealm;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
https://github.com/lenicliu/eg-spring/tree/master/eg-spring-boot/eg-spring-boot-shiro
lenicliu gave great information, since I can't comment on his answer because I don't have enough reputation. I would like to add all the imports I had to make for his code to actually compile (maybe useful for noobies on Shiro, like me).
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
来源:https://stackoverflow.com/questions/25241801/how-to-configure-shiro-with-spring-boot