Not a bug, you should be using a LinkedHashMap (or other map that will preserve order).
That said, we could print a log message if we detect something other then a LinkedHashMap. The downside though, I'm sure there are other map implementations that would work here too. Thoughts? On Wed, Jan 18, 2017 at 3:08 AM, 千年&yi叹 <[email protected]> wrote: > Hello, I'm a java web developer, and I encountered some problem about > shiro. In myproject I integrated shiro 1.3.2 with spring 4.3.0.Release. On the > first it worked well, but recently it broked down. The urls I configured in > the ShiroFilterFactoryBean didn't behaved as they were expected to. I set > some urls to work without authentication, that is to say "anon", but when I > visited the url, the application would redirect to the unauthenticated url. > On the beginning I had no idea about it, but when I printed the > shiroFilter.getFilterChainDefinitionMap(), > I found the problem. The urls' order was not by what I set them, because > I used a HashMap. So the "/**" url was on the front of some url which I set > as "anon", and then the problem come. After I changed the HashMap to > LinkedHaskMap, which keeps its items' order, the problem is solved. So is > this a bug? > Here is my shiro configuration. I've modified the variable > definetionsMap's type to LinkedHashMap. > > @Bean > public ShiroFilterFactoryBean shiroFilter(){ > ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); > > Map<String, Filter> map = new HashMap<>(); > map.put("addPrincipal", addPrincipalToSessionFilter()); > shiroFilter.setFilters(map); > > Map<String, String> definitionsMap = new LinkedHashMap<>(); > definitionsMap.put("/", "anon"); > definitionsMap.put("/index.jsp", "anon"); > definitionsMap.put("/backstage/**", "anon"); > definitionsMap.put("/pay/notify", "anon"); > definitionsMap.put("/pay/testRabbit", "anon"); > definitionsMap.put("/site/anon", "anon"); > definitionsMap.put("/unauthenticated", "anon"); > definitionsMap.put("/login", "anon"); > definitionsMap.put("/verification", "anon"); > definitionsMap.put("/forgetPassword", "anon"); > definitionsMap.put("/signup", "anon"); > definitionsMap.put("/admin/**", "authc, roles[admin]"); > definitionsMap.put("/pay/alipay", "authc"); > definitionsMap.put("/**", "addPrincipal, user"); > shiroFilter.setFilterChainDefinitionMap(definitionsMap); > > System.out.println(shiroFilter.getFilterChainDefinitionMap()); > > shiroFilter.setLoginUrl("/unauthenticated"); > shiroFilter.setUnauthorizedUrl("/unauthorized"); > shiroFilter.setSecurityManager(securityManager()); > > logger.info("Shiro Filters: " + shiroFilter.getFilters()); > return shiroFilter; > } > > If you are interested, you can visit my project on github:) > https://github.com/Q-SJ/baobiaoshiro > Sincerely. Hope for your reply. >
