All geek questions in one place

How to configure Shiro using Spring Boot

I have a Spring MVC web application that uses Shiro authentication using Spring configuration, not shiro.ini.

I want to switch to the Spring boot application.

I was mostly successful. The application runs in Spring Boot and my Shiro environment gets set up. However, I just can't figure out how to properly configure the Shiro filter. I need this to work to make sure that the requests are ultimately handled by the correct thread.

In the original application, I configured the Shiro filter in the web.xml file as follows:

<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

I tried to replicate this using Java Config as follows:

  @Autowired private WebSecurityManager webSecurityManager; @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean() { ShiroFilterFactoryBean shiroFilterFactoryBean = new org.apache.shiro.spring.web.ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(webSecurityManager); return shiroFilterFactoryBean; } @Bean public org.apache.shiro.spring.LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new org.apache.shiro.spring.LifecycleBeanPostProcessor(); } @Bean public Filter shiroFilter() { DelegatingFilterProxy filter = new DelegatingFilterProxy(); filter.setTargetBeanName("shiroFilterFactoryBean"); filter.setTargetFilterLifecycle(true); return filter; }

However, I just canโ€™t get everything to match each other, and I donโ€™t have enough knowledge to figure it out. I just do not see to connect the filter to the environment. I would suggest that this has something to do with setting up an order.

Has anyone been able to successfully use Spring Boot and Shiro together?

+6
source share
2 answers

Well, it looks like something is missing, java config like this:

 import java.util.HashMap; import java.util.Map; import javax.servlet.Filter; import org.apache.shiro.realm.text.PropertiesRealm; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.web.filter.authc.AnonymousFilter; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.filter.authc.LogoutFilter; import org.apache.shiro.web.filter.authc.UserFilter; import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.WebSecurityManager; @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter() { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setLoginUrl("/login"); shiroFilter.setSuccessUrl("/index"); shiroFilter.setUnauthorizedUrl("/forbidden"); Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>(); filterChainDefinitionMapping.put("/", "anon"); filterChainDefinitionMapping.put("/home", "authc,roles[guest]"); filterChainDefinitionMapping.put("/admin", "authc,roles[admin]"); shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping); shiroFilter.setSecurityManager(securityManager()); Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("anon", new AnonymousFilter()); filters.put("authc", new FormAuthenticationFilter()); filters.put("logout", new LogoutFilter()); filters.put("roles", new RolesAuthorizationFilter()); filters.put("user", new UserFilter()); shiroFilter.setFilters(filters); System.out.println(shiroFilter.getFilters().size()); return shiroFilter; } @Bean(name = "securityManager") public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(realm()); return securityManager; } @Bean(name = "realm") @DependsOn("lifecycleBeanPostProcessor") public PropertiesRealm realm() { PropertiesRealm propertiesRealm = new PropertiesRealm(); propertiesRealm.init(); return propertiesRealm; } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }

https://github.com/lenicliu/eg-spring/tree/master/eg-spring-boot/eg-spring-boot-shiro

+8
source

lenicliu gave a lot of information, since I can not comment on his answer, because I do not have enough reputation. I would like to add all the import data that I had to do so that his code really compiles (maybe useful for noobies on Syro, like me).

 import java.util.HashMap; import java.util.Map; import javax.servlet.Filter; import org.apache.shiro.realm.text.PropertiesRealm; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.web.filter.authc.AnonymousFilter; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.filter.authc.LogoutFilter; import org.apache.shiro.web.filter.authc.UserFilter; import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.WebSecurityManager;
+2
source

Source: https://habr.com/ru/post/973648/

More articles:


All Articles