爲什麼「/ index」重定向到shiro中的UnauthorizedUrl？

Question

我用springboot測試shiro，但不管像127.0.0.1:8080/index這樣的url是否被重定向到UnauthorizedUrl（「/ error」）;

這裏是我的ShiroConfig：

@Configuration 
public class ShiroConfig { 

    @Bean(name = "lifecycleBeanPostProcessor") 
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { 
     return new LifecycleBeanPostProcessor(); 
    } 

    @Bean 
    @DependsOn("lifecycleBeanPostProcessor") 
    public MyShiroRealm myShiroRealm(){ 
     MyShiroRealm myShiroRealm = new MyShiroRealm(); 
     myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher()); 
     return myShiroRealm; 
    } 

    @Bean 
    public HashedCredentialsMatcher hashedCredentialsMatcher(){ 
     HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); 
     hashedCredentialsMatcher.setHashAlgorithmName("MD5"); 
     hashedCredentialsMatcher.setHashIterations(2); 
     return hashedCredentialsMatcher; 
    } 

    @Bean 
    public DefaultWebSecurityManager securityManager() { 
     DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); 
     securityManager.setRealm(myShiroRealm()); 
     //securityManager.setCacheManager(ehCacheManager()); 
     return securityManager; 
    } 

    @Bean 
    public ShiroFilterFactoryBean shiroFilter() { 
     ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); 
     shiroFilterFactoryBean.setSecurityManager(securityManager()); 

     Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>(); 
     filterChainDefinitionMap.put("/index", "anon"); 

     filterChainDefinitionMap.put("/logout", "logout"); 

     filterChainDefinitionMap.put("/**", "authc"); 

     shiroFilterFactoryBean.setLoginUrl("/login"); 

     shiroFilterFactoryBean.setSuccessUrl("/welcome"); 
     //Unauthorized; 
     shiroFilterFactoryBean.setUnauthorizedUrl("/error");   
     shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);  
     return shiroFilterFactoryBean; 
    } 

    @Bean 
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(){ 
     AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); 
     authorizationAttributeSourceAdvisor.setSecurityManager(securityManager()); 
     return authorizationAttributeSourceAdvisor; 
    } 

    @Bean 
    @ConditionalOnMissingBean 
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { 
     DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator(); 
     defaultAAP.setProxyTargetClass(true); 
     return defaultAAP; 
    } 

    @Bean 
    public PassThruAuthenticationFilter passThruAuthenticationFilter(){ 
     return new PassThruAuthenticationFilter(); 
    } 
} 

和領域

public class MyShiroRealm extends AuthorizingRealm { 
    private static final Logger LOGGER = Logger.getLogger(MyShiroRealm.class); 
    @Resource 
    UserService userService; 

    @Override 
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { 
     LOGGER.info("AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) : "+principalCollection); 
     String principal=(String) principalCollection.getPrimaryPrincipal(); 
     LOGGER.info(principal); 
     User user=(User) userService.findUserByName(principal); 
     SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); 
     for(Role role:user.getRoles()){ 
      info.addRole(role.getName()); 
      for(Permission permission:role.getPermissions()){ 
       info.addStringPermission(permission.getName()); 
      } 
     } 
     return info; 
    } 

    @Override 
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { 
     LOGGER.info("AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) : "+authenticationToken); 
     String name=((UsernamePasswordToken)authenticationToken).getUsername(); 
     User user=userService.findUserByName(name); 
     if (user != null) { 
      Session session = SecurityUtils.getSubject().getSession(); 
      session.setAttribute("user", user); 
      return new SimpleAuthenticationInfo(name,user.getPassword(),getName()); 
     } else { 
      return null; 
     } 
    } 
} 

屬性在application.properties

#thymeleaf 
spring.thymeleaf.cache=false 

#hibernate 
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect 

spring.jpa.show-sql= true 
#html 

spring.mvc.view.prefix=/ 

spring.mvc.view.suffix=.html 

DB屬性沒有給出。 Tomcat的服務器端口爲8080。

該目錄的recources： dir of resource

當我訪問 「127.0.0.1:8080/index」，它重定向到 「錯誤」 頁面設置好的由

shiroFilterFactoryBean.setUnauthorizedUrl("/error");. 

當給出「/ login」控制器方法時，它將重定向到登錄頁面。

我很困惑，找不到解決問題的方法。

UPDATE

移動的index.html到模板目錄，並作出@RequestMapping（「/索引」）方法後，我得到了瀏覽器的索引。（如果是的index.html在靜態目錄， @RequestMapping（「/ index」）方法不起作用。） 我怎樣才能獲得靜態HTML？

Answer 1

正如我測試，對於像「/css/**","/index.html」靜態文件夾中的資源，

如果我們想訪問他們不受四郎被攔截，

全名狀

"127.0.0.1:8080/css/a.css" or "127.0.0.1:8080/index.html", 

，應使用

其中filterChainDefinitionMap應設置好的作爲

filterChainDefinitionMap.put("/index.html", "anon"); 

    filterChainDefinitionMap.put("/css/**", "anon");