Quantcast

bug report

classic Classic list List threaded Threaded
1 message Options
jia
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

bug report

jia
This post has NOT been accepted by the mailing list yet.
  Hello, I'm a java web developer, and I encountered some problem about shiro. In myproject I integrated shiro 1.3.2 with spring 4.3.0.Release. On the first it worked well, but recently it broked down. The urls I configured in the ShiroFilterFactoryBean didn't behaved as they were expected to. I set some urls to work without authentication, that is to say "anon", but when I visited the url, the application would redirect to the unauthenticated url. On the beginning I had no idea about it, but when I printed the shiroFilter.getFilterChainDefinitionMap(), I found the problem.  The urls' order was not by what I set  them, because I used a HashMap. So the "/**" url was on the front of some url which I set as "anon", and then the problem come. After I changed the HashMap to LinkedHaskMap, which keeps its items' order, the problem is solved. So is this a bug?
  Here is my shiro configuration. I've modified the variable definetionsMap's type to LinkedHashMap.
@Bean
public ShiroFilterFactoryBean shiroFilter(){
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();

Map<String, Filter> map = new HashMap<>();
map.put("addPrincipal", addPrincipalToSessionFilter());
shiroFilter.setFilters(map);

Map<String, String> definitionsMap = new LinkedHashMap<>();
definitionsMap.put("/", "anon");
definitionsMap.put("/index.jsp", "anon");
definitionsMap.put("/backstage/**", "anon");
definitionsMap.put("/pay/notify", "anon");
definitionsMap.put("/pay/testRabbit", "anon");
definitionsMap.put("/site/anon", "anon");
definitionsMap.put("/unauthenticated", "anon");
definitionsMap.put("/login", "anon");
definitionsMap.put("/verification", "anon");
definitionsMap.put("/forgetPassword", "anon");
definitionsMap.put("/signup", "anon");
definitionsMap.put("/admin/**", "authc, roles[admin]");
definitionsMap.put("/pay/alipay", "authc");
definitionsMap.put("/**", "addPrincipal, user");
shiroFilter.setFilterChainDefinitionMap(definitionsMap);

System.out.println(shiroFilter.getFilterChainDefinitionMap());

shiroFilter.setLoginUrl("/unauthenticated");
shiroFilter.setUnauthorizedUrl("/unauthorized");
shiroFilter.setSecurityManager(securityManager());

logger.info("Shiro Filters: " + shiroFilter.getFilters());
return shiroFilter;
}
  If you are interested, you can visit my project on github:)
  https://github.com/Q-SJ/baobiaoshiro
  Sincerely. Hope for your reply.
Loading...