bug report

Wed, 18 Jan 2017 00:08:54 -0800 

Hello, I'm a java web developer, and I encountered some problem about shiro. In 
myproject I integrated shiro 1.3.2 with spring 4.3.0.Release. On the first it 
worked well, but recently it broked down. The urls I configured in the 
ShiroFilterFactoryBean didn't behaved as they were expected to. I set some urls 
to work without authentication, that is to say "anon", but when I visited the 
url, the application would redirect to the unauthenticated url. On the 
beginning I had no idea about it, but when I printed the 
shiroFilter.getFilterChainDefinitionMap(), I found the problem.  The urls' 
order was not by what I set  them, because I used a HashMap. So the "/**" url 
was on the front of some url which I set as "anon", and then the problem come. 
After I changed the HashMap to LinkedHaskMap, which keeps its items' order, the 
problem is solved. So is this a bug?
  Here is my shiro configuration. I've modified the variable definetionsMap's 
type to LinkedHashMap.
@Bean
public ShiroFilterFactoryBean shiroFilter(){
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();

    Map<String, Filter> map = new HashMap<>();
    map.put("addPrincipal", addPrincipalToSessionFilter());
    shiroFilter.setFilters(map);

    Map<String, String> definitionsMap = new LinkedHashMap<>();
    definitionsMap.put("/", "anon");
    definitionsMap.put("/index.jsp", "anon");
    definitionsMap.put("/backstage/**", "anon");
    definitionsMap.put("/pay/notify", "anon");
    definitionsMap.put("/pay/testRabbit", "anon");
    definitionsMap.put("/site/anon", "anon");
    definitionsMap.put("/unauthenticated", "anon");
    definitionsMap.put("/login", "anon");
    definitionsMap.put("/verification", "anon");
    definitionsMap.put("/forgetPassword", "anon");
    definitionsMap.put("/signup", "anon");
    definitionsMap.put("/admin/**", "authc, roles[admin]");
    definitionsMap.put("/pay/alipay", "authc");
    definitionsMap.put("/**", "addPrincipal, user");
    shiroFilter.setFilterChainDefinitionMap(definitionsMap);

    System.out.println(shiroFilter.getFilterChainDefinitionMap());

    shiroFilter.setLoginUrl("/unauthenticated");
    shiroFilter.setUnauthorizedUrl("/unauthorized");
    shiroFilter.setSecurityManager(securityManager());

    logger.info("Shiro Filters: " + shiroFilter.getFilters());
    return shiroFilter;
}
  If you are interested, you can visit my project on github:)
  https://github.com/Q-SJ/baobiaoshiro
  Sincerely. Hope for your reply.

Reply via email to