【求助】SpingBoot 模式下设置Shiro打开页面后台报错

小杨阿哥哥 发布于 2017/07/21 07:20
阅读 589
收藏 0

 JavaConfig:

@Configuration
public class ShiroConfig {


    String captchaError = "captchaError";

    @Bean(name = "lifecycleBeanPostProcessor")
    LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    AJaxSupportAuthorizationFilter aJaxSupportAuthorizationFilter() {
        AJaxSupportAuthorizationFilter aJaxSupportAuthorizationFilter = new AJaxSupportAuthorizationFilter();
        aJaxSupportAuthorizationFilter.setErrorCaptchaAttr(captchaError);
        return aJaxSupportAuthorizationFilter;
    }

    @Bean
    AdminPasswordCredentialsMatcher adminPasswordCredentialsMatcher() {
        AdminPasswordCredentialsMatcher adminPasswordCredentialsMatcher = new AdminPasswordCredentialsMatcher();
        adminPasswordCredentialsMatcher.setHashAlgorithmName("SHA-1");
        adminPasswordCredentialsMatcher.setHashIterations(1024);
        adminPasswordCredentialsMatcher.setStoredCredentialsHexEncoded(true);
        return adminPasswordCredentialsMatcher;
    }

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    AdminAuthorizingRealm adminAuthorizingRealm() {
        AdminAuthorizingRealm adminAuthorizingRealm = new AdminAuthorizingRealm();
        adminAuthorizingRealm.setCredentialsMatcher(adminPasswordCredentialsMatcher());
        return adminAuthorizingRealm;
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
        daap.setProxyTargetClass(true);
        return daap;
    }

    @Bean(name = "securityManager")
    DefaultWebSecurityManager defaultWebSecurityManager() {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(adminAuthorizingRealm());
        defaultWebSecurityManager.setSubjectFactory(new DefaultWebSubjectFactory());
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        subjectDAO.setSessionStorageEvaluator(new DefaultWebSessionStorageEvaluator());

        defaultWebSecurityManager.setSubjectDAO(subjectDAO);

        return defaultWebSecurityManager;
    }

    @Bean
    EhCacheManagerFactoryBean ehCacheManagerFactoryBean(){
        EhCacheManagerFactoryBean ehCacheManagerFactoryBean = new EhCacheManagerFactoryBean();
        return ehCacheManagerFactoryBean;
    }

    @Bean(name = "shiroFilter")
    ShiroFilterFactoryBean shiroFilterFactoryBean() {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager());
        org.apache.shiro.SecurityUtils.setSecurityManager(shiroFilterFactoryBean.getSecurityManager());
        shiroFilterFactoryBean.setLoginUrl("/login.html");
        shiroFilterFactoryBean.setSuccessUrl("/admin/");
        shiroFilterFactoryBean.setUnauthorizedUrl("/");
        HashMap<String, Filter> filters = new HashMap<>();

        CaptchaFilter captchaFilter = new CaptchaFilter();
        captchaFilter.setSessionCaptchaAttr("verifyCode");
        captchaFilter.setRequestCaptchaParam("captcha");
        captchaFilter.setErrorCaptchaAttr(captchaError);
        filters.put("captcha", captchaFilter);
        filters.put("authc", aJaxSupportAuthorizationFilter());
        shiroFilterFactoryBean.setFilters(filters);
        shiroFilterFactoryBean.setFilterChainDefinitions(
                "/admin/login=captcha,authc\n" +
                        "/admin/logout=anon\n" +
                        "/login=anon\n" +
                        "/static/**=anon\n" +
                        "/resources/**=anon\n" +
                        "/upload/**=anon\n" +
                        "/common/**=anon\n" +
                        "/ueditor/**=anon\n" +
                        "/druid/**=authc\n" +
                        "/admin/**=authc\n" +
                        "/activiti/**=authc");

        return shiroFilterFactoryBean;
    }

}

启动没有错误,打开页面报错:

java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible implementation.
	at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) ~[shiro-web-1.2.6.jar:1.2.6]
	at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) ~[shiro-web-1.2.6.jar:1.2.6]
	at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121) ~[shiro-core-1.2.6.jar:1.2.6]
	at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336) ~[shiro-core-1.2.6.jar:1.2.6]
	at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312) ~[shiro-core-1.2.6.jar:1.2.6]
	at org.apache.shiro.web.util.WebUtils.saveRequest(WebUtils.java:606) ~[shiro-web-1.2.6.jar:1.2.6]
	at org.apache.shiro.web.filter.AccessControlFilter.saveRequest(AccessControlFilter.java:208) ~[shiro-web-1.2.6.jar:1.2.6]
	at org.apache.shiro.web.filter.AccessControlFilter.saveRequestAndRedirectToLogin(AccessControlFilter.java:191) ~[shiro-web-1.2.6.jar:1.2.6]
	at cn.firegod.common.shiro.AJaxSupportAuthorizationFilter.onAccessDenied(AJaxSupportAuthorizationFilter.java:83) ~[classes/:na]

 

出现这样的一个情况,POST请求的时候没有request和response:

 

加载中
0
小杨阿哥哥
小杨阿哥哥

这个问题在于使用的SecurityManager不是一个web项目的SecurityManager,我记得是这样的,时间久了记不清了。

返回顶部
顶部