Hi, I’ve been using Shiro quite happlly for some years now in an existing project. Recently I started a new project using Spring Boot, and wanted to use Shiro rather than learn Spring Security, which is the ‘default’ security option in Spring Boot..
The configuration is pure Java and it took a little while to get set up, but I’ve documented my experiences in a blog post in case it’s useful to others: http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html One problem I’ve not been able to fix is the ordering of filter chain definitions. public ShiroFilterFactoryBean shiroFilter (){ ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean (); …….. factory.setFilterChainDefinitions( "/manage/health/=anon\n” + "/manage/**=authc\n” ); ….. } For example, I’d like to make /manage/health to allow anonymous access, but all other URLS under manage/ to require authentication. This type of approach works fine using XML configuration in my old project, but in the new Spring Boot project the '/manage/health‘ URL triggers the authentication filter. I’ve tried to swap them but no success. Does anyone have any suggestions on how to configure the ordering properly using Java rather than .ini or XML config? Thanks Richard Richard Adams [email protected]
