[
https://issues.apache.org/jira/browse/SHIRO-879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
kretz kuang updated SHIRO-879:
------------------------------
Description:
Integration with spring boot 2.6.6, Deployed in standalone Tomcat.
Inject Bean Map<String, Filter> filterMap, initialize errorPageFilter is too
early, when build Bean ShiroFilterFactoryBean. Cause BasicErrorController
injection failure, unable to add default error handling path /error.
The reason is that ErrorPageFilter is not processed by
ErrorPageRegistrarBeanPostProcessor.
Fix it like this:
change class AbstractShiroWebFilterConfiguration
{code:java}
@Autowired(required = false)
protected Map<String, Filter> filterMap;{code}
to
{code:java}
@Autowired(required = false)
@Qualifier("shiroFilters")
protected Map<String, Filter> filterMap;{code}
At present, I give up using ShiroWebFilterConfiguration and configure
shirofilterfactorybean ShiroFilterFactoryBean.
The complete configuration is as follows :
{code:java}
@Configuration
@ConditionalOnProperty(name = "shiro.web.enabled", matchIfMissing = true)
public class ShiroWebFilterConfiguration {
@Autowired
protected SecurityManager securityManager;
@Autowired
protected ShiroFilterChainDefinition shiroFilterChainDefinition;
@Autowired(required = false)
@Qualifier("shiroFilters")
protected Map<String, Filter> filterMap;
@Value("#{ @environment['shiro.loginUrl'] ?: '/login.jsp' }")
protected String loginUrl;
@Value("#{ @environment['shiro.successUrl'] ?: '/' }")
protected String successUrl;
@Value("#{ @environment['shiro.unauthorizedUrl'] ?: null }")
protected String unauthorizedUrl;
protected List<String> globalFilters() {
return Collections.singletonList(DefaultFilter.invalidRequest.name());
}
/**
* 覆盖默认提供的,添加自定义Filter Map,bean名字固定为shiroFilters
*
Filter的构造请采用直接构造的形式,不要使用Bean构造方式,否则会引起过滤器加载顺序问题(spring会将Bean方式构造的Filter置于shiroFilter外面执行)
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setLoginUrl(loginUrl);
filterFactoryBean.setSuccessUrl(successUrl);
filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
filterFactoryBean.setSecurityManager(securityManager);
filterFactoryBean.setGlobalFilters(globalFilters());
filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
filterFactoryBean.setFilters(filterMap);
return filterFactoryBean;
}
{code}
{color:#ff0000}However, using embedded Tomcat will not cause this problem{color}
was:
Integration with spring boot 2.6.6, Deployed in standalone Tomcat.
Inject Bean Map<String, Filter> filterMap, initialize errorPageFilter is too
early, when build Bean ShiroFilterFactoryBean. Cause BasicErrorController
injection failure, unable to add default error handling path /error.
The reason is that ErrorPageFilter is not processed by
ErrorPageRegistrarBeanPostProcessor.
Fix it like this:
change class AbstractShiroWebFilterConfiguration
{code:java}
@Autowired(required = false)
protected Map<String, Filter> filterMap;{code}
to
{code:java}
@Autowired(required = false)
@Qualifier("shiroFilters")
protected Map<String, Filter> filterMap;{code}
At present, I give up using ShiroWebFilterConfiguration and configure
shirofilterfactorybean ShiroFilterFactoryBean.
The complete configuration is as follows :
{code:java}
@Configuration
@ConditionalOnProperty(name = "shiro.web.enabled", matchIfMissing = true)
public class ShiroWebFilterConfiguration {
@Autowired
protected SecurityManager securityManager;
@Autowired
protected ShiroFilterChainDefinition shiroFilterChainDefinition;
@Autowired(required = false)
@Qualifier("shiroFilters")
protected Map<String, Filter> filterMap;
@Value("#{ @environment['shiro.loginUrl'] ?: '/login.jsp' }")
protected String loginUrl;
@Value("#{ @environment['shiro.successUrl'] ?: '/' }")
protected String successUrl;
@Value("#{ @environment['shiro.unauthorizedUrl'] ?: null }")
protected String unauthorizedUrl;
protected List<String> globalFilters() {
return Collections.singletonList(DefaultFilter.invalidRequest.name());
}
/**
* 覆盖默认提供的,添加自定义Filter Map,bean名字固定为shiroFilters
*
Filter的构造请采用直接构造的形式,不要使用Bean构造方式,否则会引起过滤器加载顺序问题(spring会将Bean方式构造的Filter置于shiroFilter外面执行)
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setLoginUrl(loginUrl);
filterFactoryBean.setSuccessUrl(successUrl);
filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
filterFactoryBean.setSecurityManager(securityManager);
filterFactoryBean.setGlobalFilters(globalFilters());
filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
filterFactoryBean.setFilters(filterMap);
return filterFactoryBean;
}
{code}
{color:#FF0000}However, using embedded Tomcat will not cause this problem{color}
> spring boot errorPageFilterConfiguration and errorPageFilteris not eligible
> for getting processed by all BeanPostProcessors
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-879
> URL: https://issues.apache.org/jira/browse/SHIRO-879
> Project: Shiro
> Issue Type: Bug
> Components: Configuration
> Affects Versions: 1.9.0
> Environment: spring boot 2.6.6
> standalone apache-tomcat-9.0.62
> Reporter: kretz kuang
> Priority: Minor
> Attachments: Original debugger.png, Original error page.png,
> Original log .png, modified error page.png, modified debugger.png,
> modified log.png
>
>
> Integration with spring boot 2.6.6, Deployed in standalone Tomcat.
> Inject Bean Map<String, Filter> filterMap, initialize errorPageFilter is too
> early, when build Bean ShiroFilterFactoryBean. Cause BasicErrorController
> injection failure, unable to add default error handling path /error.
> The reason is that ErrorPageFilter is not processed by
> ErrorPageRegistrarBeanPostProcessor.
> Fix it like this:
> change class AbstractShiroWebFilterConfiguration
> {code:java}
> @Autowired(required = false)
> protected Map<String, Filter> filterMap;{code}
> to
> {code:java}
> @Autowired(required = false)
> @Qualifier("shiroFilters")
> protected Map<String, Filter> filterMap;{code}
> At present, I give up using ShiroWebFilterConfiguration and configure
> shirofilterfactorybean ShiroFilterFactoryBean.
> The complete configuration is as follows :
> {code:java}
> @Configuration
> @ConditionalOnProperty(name = "shiro.web.enabled", matchIfMissing = true)
> public class ShiroWebFilterConfiguration {
>
> @Autowired
> protected SecurityManager securityManager;
> @Autowired
> protected ShiroFilterChainDefinition shiroFilterChainDefinition;
> @Autowired(required = false)
> @Qualifier("shiroFilters")
> protected Map<String, Filter> filterMap;
> @Value("#{ @environment['shiro.loginUrl'] ?: '/login.jsp' }")
> protected String loginUrl;
> @Value("#{ @environment['shiro.successUrl'] ?: '/' }")
> protected String successUrl;
> @Value("#{ @environment['shiro.unauthorizedUrl'] ?: null }")
> protected String unauthorizedUrl;
> protected List<String> globalFilters() {
> return Collections.singletonList(DefaultFilter.invalidRequest.name());
> }
> /**
> * 覆盖默认提供的,添加自定义Filter Map,bean名字固定为shiroFilters
> *
> Filter的构造请采用直接构造的形式,不要使用Bean构造方式,否则会引起过滤器加载顺序问题(spring会将Bean方式构造的Filter置于shiroFilter外面执行)
> */
> @Bean
> public ShiroFilterFactoryBean shiroFilterFactoryBean() {
> ShiroFilterFactoryBean filterFactoryBean = new
> ShiroFilterFactoryBean();
> filterFactoryBean.setLoginUrl(loginUrl);
> filterFactoryBean.setSuccessUrl(successUrl);
> filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
> filterFactoryBean.setSecurityManager(securityManager);
> filterFactoryBean.setGlobalFilters(globalFilters());
>
> filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
> filterFactoryBean.setFilters(filterMap);
> return filterFactoryBean;
> }
> {code}
>
> {color:#ff0000}However, using embedded Tomcat will not cause this
> problem{color}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
