org.apache.shiro.spring.web.ShiroFilterFactoryBean类的使用及代码示例

x33g5p2x  于2022-01-30 转载在 其他  
字(18.7k)|赞(0)|评价(0)|浏览(415)

本文整理了Java中org.apache.shiro.spring.web.ShiroFilterFactoryBean类的一些代码示例,展示了ShiroFilterFactoryBean类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ShiroFilterFactoryBean类的具体详情如下:
包路径:org.apache.shiro.spring.web.ShiroFilterFactoryBean
类名称:ShiroFilterFactoryBean

ShiroFilterFactoryBean介绍

[英]org.springframework.beans.factory.FactoryBean to be used in Spring-based web applications for defining the master Shiro Filter.

Usage

Declare a DelegatingFilterProxy in web.xml, matching the filter name to the bean id:

<filter> 
<filter-name>shiroFilter</filter-name> 
<filter-class>org.springframework.web.filter.DelegatingFilterProxy<filter-class> 
<init-param> 
<param-name>targetFilterLifecycle</param-name> 
<param-value>true</param-value> 
</init-param> 
</filter>

Then, in your spring XML file that defines your web ApplicationContext:

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
<property name="securityManager" ref="securityManager"/> 
<!-- other properties as necessary ... --> 
</bean>
Filter Auto-Discovery

While there is a #setFilters(java.util.Map) property that allows you to assign a filter beans to the 'pool' of filters available when defining #setFilterChainDefinitions(String), it is optional.

This implementation is also a BeanPostProcessor and will acquire any javax.servlet.Filter beans defined independently in your Spring application context. Upon discovery, they will be automatically added to the #setFilters(java.util.Map) keyed by the bean ID. That ID can then be used in the filter chain definitions, for example:

<bean id="myCustomFilter" class="com.class.that.implements.javax.servlet.Filter"/> 
... 
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
... 
<property name="filterChainDefinitions"> 
<value> 
/some/path/** = authc, myCustomFilter 
</value> 
</property> 
</bean>
Global Property Values

Most Shiro servlet Filter implementations exist for defining custom Filter #setFilterChainDefinitions(String). Most implementations subclass one of the AccessControlFilter, AuthenticationFilter, AuthorizationFilter classes to simplify things, and each of these 3 classes has configurable properties that are application-specific.

A dilemma arises where, if you want to for example set the application's 'loginUrl' for any Filter, you don't want to have to manually specify that value for each filter instance definied.

To prevent configuration duplication, this implementation provides the following properties to allow you to set relevant values in only one place:

  • #setLoginUrl(String)
  • #setSuccessUrl(String)
  • #setUnauthorizedUrl(String)
    Then at startup, any values specified via these 3 properties will be applied to all configured Filter instances so you don't have to specify them individually on each filter instance. To ensure your own custom filters benefit from this convenience, your filter implementation should subclass one of the 3 mentioned earlier.
    [中]组织。springframework。豆。工厂FactoryBean将在基于Spring的web应用程序中用于定义主Shiro过滤器。
    #####用法
    在web中声明DelegatingFilterProxy。xml,将过滤器名称与bean id匹配:
<filter> 
<filter-name>shiroFilter</filter-name> 
<filter-class>org.springframework.web.filter.DelegatingFilterProxy<filter-class> 
<init-param> 
<param-name>targetFilterLifecycle</param-name> 
<param-value>true</param-value> 
</init-param> 
</filter>

然后,在定义web应用程序上下文的spring xml文件中:

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
<property name="securityManager" ref="securityManager"/> 
<!-- other properties as necessary ... --> 
</bean>

#####过滤器自动发现
虽然有一个#setFilters(java.util.Map)属性,允许您在定义#setFilterChainDefinitions(String)时将过滤器bean分配给可用的过滤器“池”,但它是可选的。
这个实现也是一个BeanPostProcessor,将获取任何javax。servlet。在Spring应用程序上下文中独立定义的过滤bean。一旦发现,它们将自动添加到#setFilters(java.util.Map)中,由bean ID键控。该ID随后可用于过滤器链定义,例如:

<bean id="myCustomFilter" class="com.class.that.implements.javax.servlet.Filter"/> 
... 
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
... 
<property name="filterChainDefinitions"> 
<value> 
/some/path/** = authc, myCustomFilter 
</value> 
</property> 
</bean>

#####全局属性值
大多数Shiro servlet过滤器实现用于定义自定义过滤器#setFilterChainDefinitions(字符串)。大多数实现将AccessControlFilter、AuthenticationFilter和AuthorizationFilter类中的一个子类化以简化事情,这三个类中的每一个都具有特定于应用程序的可配置属性。
例如,如果您想为任何过滤器设置应用程序的“loginUrl”,就不需要为定义的每个过滤器实例手动指定该值,这就产生了一个难题。
为了防止配置重复,此实现提供了以下属性,允许您仅在一个位置设置相关值:
*#setLoginUrl(字符串)
*#设置成功URL(字符串)
*#设置未经授权的DURL(字符串)
然后在启动时,通过这3个属性指定的任何值都将应用于所有已配置的筛选器实例,因此您不必在每个筛选器实例上单独指定它们。为了确保您自己的自定义过滤器从这种便利性中受益,您的过滤器实现应该是前面提到的3个过滤器之一的子类。

代码示例

代码示例来源:origin: apache/shiro

protected ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();

    filterFactoryBean.setLoginUrl(loginUrl);
    filterFactoryBean.setSuccessUrl(successUrl);
    filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);

    filterFactoryBean.setSecurityManager(securityManager);
    filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());

    return filterFactoryBean;
  }
}

代码示例来源:origin: wangxinforme/sc

/**
 * ShiroFilter<br/>
 * 注意这里参数中的 StudentService 和 IScoreDao 只是一个例子,因为我们在这里可以用这样的方式获取到相关访问数据库的对象,
 * 然后读取数据库相关配置,配置到 shiroFilterFactoryBean 的访问规则中。实际项目中,请使用自己的Service来处理业务逻辑。
 */
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new MShiroFilterFactoryBean();
  // 必须设置 SecurityManager
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
  shiroFilterFactoryBean.setLoginUrl("/login");
  // 登录成功后要跳转的连接
  // shiroFilterFactoryBean.setSuccessUrl("/user");
  shiroFilterFactoryBean.setUnauthorizedUrl("/403");
  loadShiroFilterChain(shiroFilterFactoryBean);
  return shiroFilterFactoryBean;
}

代码示例来源:origin: tomsun28/bootshiro

public void reloadFilterChain() {
      ShiroFilterFactoryBean shiroFilterFactoryBean = SpringContextHolder.getBean(ShiroFilterFactoryBean.class);
      AbstractShiroFilter abstractShiroFilter = null;
      try {
        abstractShiroFilter = (AbstractShiroFilter)shiroFilterFactoryBean.getObject();
        RestPathMatchingFilterChainResolver filterChainResolver = (RestPathMatchingFilterChainResolver)abstractShiroFilter.getFilterChainResolver();
        DefaultFilterChainManager filterChainManager = (DefaultFilterChainManager)filterChainResolver.getFilterChainManager();
        filterChainManager.getFilterChains().clear();
        shiroFilterFactoryBean.getFilterChainDefinitionMap().clear();
        shiroFilterFactoryBean.setFilterChainDefinitionMap(this.initGetFilterChain());
        shiroFilterFactoryBean.getFilterChainDefinitionMap().forEach((k,v) -> filterChainManager.createChain(k,v));
      }catch (Exception e) {
        LOGGER.error(e.getMessage(),e);
      }
  }
}

代码示例来源:origin: liolay/shiro-spring-boot-starter

@Bean
@ConfigurationProperties(prefix = "shiro")
@ConditionalOnMissingBean(ShiroFilterFactoryBean.class)
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) throws InvocationTargetException, IllegalAccessException {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  shiroFilterFactoryBean.setFilters(DefaultFilter.createInstanceMap(requestProperties));
  return shiroFilterFactoryBean;
}

代码示例来源:origin: apache/shiro

/**
 * A convenience method that sets the {@link #setFilterChainDefinitionMap(java.util.Map) filterChainDefinitionMap}
 * property by accepting a {@link java.util.Properties Properties}-compatible string (multi-line key/value pairs).
 * Each key/value pair must conform to the format defined by the
 * {@link FilterChainManager#createChain(String,String)} JavaDoc - each property key is an ant URL
 * path expression and the value is the comma-delimited chain definition.
 *
 * @param definitions a {@link java.util.Properties Properties}-compatible string (multi-line key/value pairs)
 *                    where each key/value pair represents a single urlPathExpression-commaDelimitedChainDefinition.
 */
public void setFilterChainDefinitions(String definitions) {
  Ini ini = new Ini();
  ini.load(definitions);
  //did they explicitly state a 'urls' section?  Not necessary, but just in case:
  Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS);
  if (CollectionUtils.isEmpty(section)) {
    //no urls section.  Since this _is_ a urls chain definition property, just assume the
    //default section contains only the definitions:
    section = ini.getSection(Ini.DEFAULT_SECTION_NAME);
  }
  setFilterChainDefinitionMap(section);
}

代码示例来源:origin: stackoverflow.com

ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager); // referring to previous

代码示例来源:origin: dqeasycloud/easy-cloud

/**
 * <p>
 * shiro过滤器工厂bean
 * </p>
 *
 * @param securityManager
 * @return org.apache.shiro.spring.web.ShiroFilterFactoryBean
 * @author daiqi
 * @date 2018/6/27 10:39
 */
@Bean
@Order(value = 0)
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, EcBaseAuthorityCustomFilterConfig customFilterConfig, EcSysFilterConfigService filterConfigService) throws Exception {
  ShiroFilterFactoryBean shiroFilterFactoryBean = shiroFilterFactoryBean();
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterConfigService.loadFilterChainDefinitions());
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  shiroFilterFactoryBean.getFilters().putAll(customFilterConfig.customFilters());
  return shiroFilterFactoryBean;
}

代码示例来源:origin: kawhii/sso

/**
 * 对过滤器进行调整
 *
 * @return
 */
@Bean
protected ShiroFilterFactoryBean shiroFilterFactoryBean() {
  //把subject对象设为subjectFactory
  //由于cas代理了用户,所以必须通过cas进行创建对象
  ((DefaultSecurityManager) securityManager).setSubjectFactory(new Pac4jSubjectFactory());
  ShiroFilterFactoryBean filterFactoryBean = super.shiroFilterFactoryBean();
  filterFactoryBean.setFilters(shiroFilters());
  return filterFactoryBean;
}
/**

代码示例来源:origin: wangxinforme/sc

/**
 * ShiroFilter<br/>
 * 注意这里参数中的 StudentService 和 IScoreDao 只是一个例子,因为我们在这里可以用这样的方式获取到相关访问数据库的对象,
 * 然后读取数据库相关配置,配置到 shiroFilterFactoryBean 的访问规则中。实际项目中,请使用自己的Service来处理业务逻辑。
 */
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new MShiroFilterFactoryBean();
  // 必须设置 SecurityManager
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
  shiroFilterFactoryBean.setLoginUrl("/login");
  // 登录成功后要跳转的连接
  // shiroFilterFactoryBean.setSuccessUrl("/user");
  shiroFilterFactoryBean.setUnauthorizedUrl("/error");
  loadShiroFilterChain(shiroFilterFactoryBean);
  return shiroFilterFactoryBean;
}

代码示例来源:origin: dqeasycloud/easy-cloud

AbstractShiroFilter shiroFilter;
try {
  shiroFilter = (AbstractShiroFilter) shiroFilterFactoryBean.getObject();
} catch (Exception e) {
  throw new RuntimeException(e.getMessage(), e);
shiroFilterFactoryBean.getFilterChainDefinitionMap().clear();
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
Map<String, String> chains = shiroFilterFactoryBean.getFilterChainDefinitionMap();
for (Map.Entry<String, String> entry : chains.entrySet()) {
  String url = entry.getKey();

代码示例来源:origin: lcw2004/one

@PostConstruct
public void initPermission() {
  shiroFilterFactoryBean.setFilterChainDefinitionMap(CollectionUtils.clone(defaultFilterChainDefinitionMap));
  logger.debug("initialize shiro permission success...");
}

代码示例来源:origin: orientechnologies/spring-data-orientdb

@Bean
public ShiroFilterFactoryBean shiroFilter() {
  ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
  factoryBean.setSecurityManager(securityManager());
  return factoryBean;
}

代码示例来源:origin: ityouknow/spring-boot-examples

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
  System.out.println("ShiroConfiguration.shirFilter()");
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  //拦截器.
  Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
  // 配置不会被拦截的链接 顺序判断
  filterChainDefinitionMap.put("/static/**", "anon");
  //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
  filterChainDefinitionMap.put("/logout", "logout");
  //<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
  //<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
  filterChainDefinitionMap.put("/**", "authc");
  // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
  shiroFilterFactoryBean.setLoginUrl("/login");
  // 登录成功后要跳转的链接
  shiroFilterFactoryBean.setSuccessUrl("/index");
  //未授权界面;
  shiroFilterFactoryBean.setUnauthorizedUrl("/403");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
  return shiroFilterFactoryBean;
}

代码示例来源:origin: wangxinforme/springboot-freemarker

/**
 * ShiroFilter<br/>
 * 注意这里参数中的 StudentService 和 IScoreDao 只是一个例子,因为我们在这里可以用这样的方式获取到相关访问数据库的对象,
 * 然后读取数据库相关配置,配置到 shiroFilterFactoryBean 的访问规则中。实际项目中,请使用自己的Service来处理业务逻辑。
 */
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new MShiroFilterFactoryBean();
  // 必须设置 SecurityManager
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
  shiroFilterFactoryBean.setLoginUrl("/login");
  // 登录成功后要跳转的连接
  //shiroFilterFactoryBean.setSuccessUrl("/user");
  shiroFilterFactoryBean.setUnauthorizedUrl("/403");
  loadShiroFilterChain(shiroFilterFactoryBean);
  return shiroFilterFactoryBean;
}

代码示例来源:origin: xuyaohui/cloud-ida-cli

try {
  shiroFilter = (AbstractShiroFilter) shiroFilterFactoryBean
      .getObject();
} catch (Exception e) {
  throw new RuntimeException(
shiroFilterFactoryBean.getFilterChainDefinitionMap().clear();
shiroFilterFactoryBean
    .setFilterChainDefinitionMap(getAllRolesByPermission());
    .getFilterChainDefinitionMap();
for (Map.Entry<String, String> entry : chains.entrySet()) {
  String url = entry.getKey();

代码示例来源:origin: wangxinforme/springboot-freemarker

/**
 * 加载shiroFilter权限控制规则(从数据库读取然后配置)
 */
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
  // authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
  // anon:它对应的过滤器里面是空的,什么都没做
  /////////////////////// 下面这些规则配置最好配置到配置文件中 ///////////////////////
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
  logger.info("##################从数据库读取权限规则,加载到shiroFilter中##################");
  // filterChainDefinitionMap.put("/user/edit/**", "authc,perms[user:edit]");// 这里为了测试,固定写死的值,也可以从数据库或其他配置中读取
  filterChainDefinitionMap.put("/static/**", "anon");// anon 可以理解为不拦截
  filterChainDefinitionMap.put("/favicon.ico", "anon");
  filterChainDefinitionMap.put("/login", "authc");
  filterChainDefinitionMap.put("/**", "authc");
  filterChainDefinitionMap.put("/logout", "logout");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}

代码示例来源:origin: linlinjava/litemall

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
  filterChainDefinitionMap.put("/admin/auth/login", "anon");
  filterChainDefinitionMap.put("/admin/auth/401", "anon");
  filterChainDefinitionMap.put("/admin/auth/index", "anon");
  filterChainDefinitionMap.put("/admin/auth/403", "anon");
  filterChainDefinitionMap.put("/admin/**", "authc");
  shiroFilterFactoryBean.setLoginUrl("/admin/auth/401");
  shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index");
  shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
  return shiroFilterFactoryBean;
}

代码示例来源:origin: coder-yqj/springboot-shiro

try {
  shiroFilter = (AbstractShiroFilter) shiroFilterFactoryBean
      .getObject();
} catch (Exception e) {
  throw new RuntimeException(
shiroFilterFactoryBean.getFilterChainDefinitionMap().clear();
shiroFilterFactoryBean
    .setFilterChainDefinitionMap(loadFilterChainDefinitions());
    .getFilterChainDefinitionMap();
for (Map.Entry<String, String> entry : chains.entrySet()) {
  String url = entry.getKey();

代码示例来源:origin: battcn/spring-boot2-learning

/**
 * 加载shiroFilter权限控制规则(从数据库读取然后配置)
 */
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
  /////////////////////// 下面这些规则配置最好配置到配置文件中 ///////////////////////
  // TODO 重中之重啊,过滤顺序一定要根据自己需要排序
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
  // 需要验证的写 authc 不需要的写 anon
  filterChainDefinitionMap.put("/resource/**", "anon");
  filterChainDefinitionMap.put("/install", "anon");
  filterChainDefinitionMap.put("/hello", "anon");
  // anon:它对应的过滤器里面是空的,什么都没做
  log.info("##################从数据库读取权限规则,加载到shiroFilter中##################");
  // 不用注解也可以通过 API 方式加载权限规则
  Map<String, String> permissions = new LinkedHashMap<>();
  permissions.put("/users/find", "perms[user:find]");
  filterChainDefinitionMap.putAll(permissions);
  filterChainDefinitionMap.put("/**", "authc");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}

代码示例来源:origin: 527515025/springBoot

/**
   * ShiroFilterFactoryBean,是个factorybean,为了生成ShiroFilter。
   * 它主要保持了三项数据,securityManager,filters,filterChainDefinitionManager。
   */
  @Bean(name = "shiroFilter")
  public ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager());

    Map<String, Filter> filters = new LinkedHashMap<String, Filter>();
    LogoutFilter logoutFilter = new LogoutFilter();
    logoutFilter.setRedirectUrl("/login");
//        filters.put("logout",null);
    shiroFilterFactoryBean.setFilters(filters);

    Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>();
    filterChainDefinitionManager.put("/logout", "logout");
    filterChainDefinitionManager.put("/user/**", "authc,roles[ROLE_USER]");
    filterChainDefinitionManager.put("/events/**", "authc,roles[ROLE_ADMIN]");
//        filterChainDefinitionManager.put("/user/edit/**", "authc,perms[user:edit]");// 这里为了测试,固定写死的值,也可以从数据库或其他配置中读取
    filterChainDefinitionManager.put("/**", "anon");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);

    shiroFilterFactoryBean.setSuccessUrl("/");
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    return shiroFilterFactoryBean;
  }

相关文章