我用springboot測試shiro,但不管像127.0.0.1:8080/index這樣的url是否被重定向到UnauthorizedUrl(「/ error」);爲什麼「/ index」重定向到shiro中的UnauthorizedUrl?
這裏是我的ShiroConfig:
@Configuration
public class ShiroConfig {
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public MyShiroRealm myShiroRealm(){
MyShiroRealm myShiroRealm = new MyShiroRealm();
myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return myShiroRealm;
}
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
hashedCredentialsMatcher.setHashIterations(2);
return hashedCredentialsMatcher;
}
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
//securityManager.setCacheManager(ehCacheManager());
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager());
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
filterChainDefinitionMap.put("/index", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/welcome");
//Unauthorized;
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
@Bean
public PassThruAuthenticationFilter passThruAuthenticationFilter(){
return new PassThruAuthenticationFilter();
}
}
和領域
public class MyShiroRealm extends AuthorizingRealm {
private static final Logger LOGGER = Logger.getLogger(MyShiroRealm.class);
@Resource
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
LOGGER.info("AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) : "+principalCollection);
String principal=(String) principalCollection.getPrimaryPrincipal();
LOGGER.info(principal);
User user=(User) userService.findUserByName(principal);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for(Role role:user.getRoles()){
info.addRole(role.getName());
for(Permission permission:role.getPermissions()){
info.addStringPermission(permission.getName());
}
}
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
LOGGER.info("AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) : "+authenticationToken);
String name=((UsernamePasswordToken)authenticationToken).getUsername();
User user=userService.findUserByName(name);
if (user != null) {
Session session = SecurityUtils.getSubject().getSession();
session.setAttribute("user", user);
return new SimpleAuthenticationInfo(name,user.getPassword(),getName());
} else {
return null;
}
}
}
屬性在application.properties
#thymeleaf
spring.thymeleaf.cache=false
#hibernate
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
spring.jpa.show-sql= true
#html
spring.mvc.view.prefix=/
spring.mvc.view.suffix=.html
DB屬性沒有給出。 Tomcat的服務器端口爲8080。
該目錄的recources: dir of resource
當我訪問 「127.0.0.1:8080/index」,它重定向到 「錯誤」 頁面設置好的由
shiroFilterFactoryBean.setUnauthorizedUrl("/error");.
當給出「/ login」控制器方法時,它將重定向到登錄頁面。
我很困惑,找不到解決問題的方法。
UPDATE
移動的index.html到模板目錄,並作出@RequestMapping(「/索引」)方法後,我得到了瀏覽器的索引。(如果是的index.html在靜態目錄, @RequestMapping(「/ index」)方法不起作用。) 我怎樣才能獲得靜態HTML?