shiro无法进入继承了AuthorizingRealm的验证类

yongzhong 发布于 2013/11/29 15:47
阅读 3K+
收藏 0

在filterChainDefinitions配置下我拦截了/travel/admin**=perms[user:test],发现shiro跳过了AuthorizingRealm的doGetAuthorizationInfo方法而直接进入PermissionsAuthorizationFilter类,感到很奇怪

配置文件如下

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
	<display-name>wendu</display-name>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:applicationContext.xml,classpath:shiro-Context.xml</param-value>
	</context-param>

	<!-- Filter 定义 -->
	<!-- Character Encoding filter -->
	<filter>
		<filter-name>encodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>encodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- Spring MVC Servlet -->
	<servlet>
		<servlet-name>springServlet</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:spring-mvc.xml,classpath:shiro-Context.xml</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>springServlet</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>springServlet</servlet-name>
		<url-pattern>/dwr/*</url-pattern>
	</servlet-mapping>

	<!-- open session filter -->
	<filter>
		<filter-name>openSessionInViewFilter</filter-name>
		<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
		<init-param>
			<param-name>singleSession</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>sessionFactoryBeanName</param-name>
			<param-value>sessionFactory</param-value>
		</init-param>
	</filter>

	<filter-mapping>
		<filter-name>openSessionInViewFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- session超时定义,单位为分钟 -->
	<session-config>
		<session-timeout>20</session-timeout>
	</session-config>

	<!-- Define pages of error -->
	<error-page>
		<exception-type>java.lang.Throwable</exception-type>
		<location>/WEB-INF/error/500.jsp</location>
	</error-page>
	<error-page>
		<error-code>500</error-code>
		<location>/WEB-INF/error/500.jsp</location>
	</error-page>
	<error-page>
		<error-code>404</error-code>
		<location>/WEB-INF/error/404.jsp</location>
	</error-page>

</web-app>



shiro-Context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans 
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

	<bean id="myRealm" class="xidian.hy.wendu.security.ShiroDbRealm" />

	<bean id="mySecurityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="myRealm" />
	</bean>

	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<!-- 自定义拦截器 -->
		<property name="filters">
			<map>
				<entry key="perms" value-ref="myFilter" />
			</map>
		</property>
		<property name="securityManager" ref="mySecurityManager" />
		<property name="loginUrl" value="/" />
		<property name="unauthorizedUrl" value="/" />
		<property name="filterChainDefinitions">
			<value>
				/travel/admin**=perms[user:test]
				/**=anon
				<!-- /index**=anon /test**=perms[admin:manage] /admin/listUser**=authc,perms[admin:manage] -->
			</value>
		</property>
	</bean>

	<!-- 注册自定义过滤器 -->
	<bean id="myFilter" class="xidian.hy.wendu.test.filter.PerFilter" />

	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

</beans>



spring-mvc.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
        http://www.directwebremoting.org/schema/spring-dwr   
    	http://www.directwebremoting.org/schema/spring-dwr-3.0.xsd
        ">

	<context:component-scan base-package="xidian.hy.wendu.travel.web" />

	<!-- 要求dwr在spring容器中检查拥有@RemoteProxy 和 @RemoteMethod注解的类。注意它不会去检查Spring容器之外的类。 -->
	<dwr:annotation-config id="dwr" />
	<!-- 要求DWR将util.js和engine.js映射到dwrController -->
	<dwr:url-mapping />
	<!-- 定义dwr -->
	<dwr:controller id="dwrController" debug="true">
		<dwr:config-param name="allowScriptTagRemoting" value="true" />
		<dwr:config-param name="crossDomainSessionSecurity" value="false" />
		<dwr:config-param name="activeReverseAjaxEnabled" value="true" />
	</dwr:controller>

	<mvc:annotation-driven>
		<!-- 这里有用 自定义数据绑定 -->
		<mvc:argument-resolvers>
			<bean class="xidian.hy.wendu.annotation.FormModelMethodArgumentResolver" />
		</mvc:argument-resolvers>
		<!--responseBody中文乱码解决 -->
		<mvc:message-converters register-defaults="true">
			<bean class="xidian.hy.wendu.util.UTF8StringHttpMessageConverter" />
		</mvc:message-converters>
	</mvc:annotation-driven>

	<mvc:default-servlet-handler />

	<!-- 定义首页 -->
	<mvc:view-controller path="/" view-name="redirect:/travel" />

	<!-- 扩展spring的HandlerMethodArgumentResolver以支持自定义的数据绑定方式 -->
	<!-- 这里似乎没能起到作用 -->
	<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
		<!--线程安全的访问session -->
		<property name="synchronizeOnSession" value="true" />
		<property name="customArgumentResolvers">
			<list>
				<bean class="xidian.hy.wendu.annotation.RequestJsonParamMethodArgumentResolver" />
				<bean class="xidian.hy.wendu.annotation.FormModelMethodArgumentResolver" />
			</list>
		</property>
	</bean>

	<bean class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
		<property name="basename" value="views"></property>
		<!-- <property name="order" value="0"></property> -->
	</bean>

	<bean id="freeMarkerViewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
		<property name="suffix" value=".ftl" />
		<property name="prefix" value="/" />
		<property name="contentType" value="text/html; charset=UTF-8" />
		<!-- 将Spring的FreeMarkerView改成我们扩展的View -->
		<!-- <property name="viewClass" value="xidian.hy.wendu.test.freemarker.ExFreeMarkerView" /> -->
		<property name="exposeSpringMacroHelpers" value="true" />
		<property name="exposeRequestAttributes" value="true" />
		<property name="exposeSessionAttributes" value="true" />
		<!-- 在ftl页面中获取request -->
		<property name="requestContextAttribute" value="request" />
		<property name="order" value="0"></property>
	</bean>

	<bean id="fmXmlEscape" class="freemarker.template.utility.XmlEscape" />

	<!-- 设置freeMarker的配置文件路径 -->
	<bean id="freemarkerConfiguration" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
		<property name="location" value="classpath:freemarker.properties" />
	</bean>

	<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
		<!-- 指定FreeMarker模板文件目录 -->
		<property name="templateLoaderPath" value="/WEB-INF/views" />
		<property name="freemarkerVariables">
			<map>
				<entry key="xml_escape" value-ref="fmXmlEscape" />
			</map>
		</property>
		<property name="freemarkerSettings" ref="freemarkerConfiguration">
		</property>
	</bean>

	<!-- 定义JSP -->
	<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
		<property name="prefix" value="/" />
		<property name="suffix" value=".jsp" />
		<property name="order" value="1"></property>
	</bean>


	<!-- 支持上传文件 -->
	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />

	<!-- SpringMVC在超出上传文件限制时,会抛出org.springframework.web.multipart.MaxUploadSizeExceededException -->
	<!-- 该异常是SpringMVC在检查上传的文件信息时抛出来的,而且此时还没有进入到Controller方法中 -->
	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
		<property name="exceptionMappings">
			<props>
				<!-- 遇到MaxUploadSizeExceededException异常时,自动跳转到/WEB-INF/error_fileupload.jsp页面 -->
				<prop key="org.springframework.web.multipart.MaxUploadSizeExceededException">WEB-INF/error/error_fileupload</prop>
				<prop key="java.lang.Throwable">error/500</prop>
			</props>
		</property>
	</bean>
</beans>



加载中
0
aquarius_pan
aquarius_pan
是不是缓存
0
Sherlcked
Sherlcked
http://www.oschina.net/question/204539_143447这个的问题
返回顶部
顶部