shiro整合swagger的注意事項
發(fā)布時(shí)間:2021-07-06 11:12
來(lái)源:腳本之家
閱讀:0
作者:開(kāi)發(fā)架構二三事
欄目: 開(kāi)發(fā)技術(shù)
swagger是一個(gè)很好的rest api管理工具��,最近又整合了基于shiro的權限控制����,出問(wèn)題了���,http://localhost:8080/swagger-ui.html訪(fǎng)問(wèn)不正常�,問(wèn)題肯定是shiro沒(méi)放行導致的
shiro 配置
在shiroFilter中的配置如下:
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//Shiro的核心安全接口,這個(gè)屬性是必須的
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filterMap = new LinkedHashMap<>();
filterMap.put("authc", new AjaxPermissionsAuthorizationFilter());
shiroFilterFactoryBean.setFilters(filterMap);
/*定義shiro過(guò)濾鏈 Map結構
* Map中key(xml中是指value值)的第一個(gè)'/'代表的路徑是相對于HttpServletRequest.getContextPath()的值來(lái)的
* anon:它對應的過(guò)濾器里面是空的,什么都沒(méi)做,這里.do和.jsp后面的*表示參數,比方說(shuō)login.jsp?main這種
* authc:該過(guò)濾器下的頁(yè)面必須驗證后才能訪(fǎng)問(wèn),它是Shiro內置的一個(gè)攔截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
*/
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
/* 過(guò)濾鏈定義���,從上向下順序執行�����,一般將 / ** 放在最為下邊:這是一個(gè)坑呢����,一不小心代碼就不好使了;
authc:所有url都必須認證通過(guò)才可以訪(fǎng)問(wèn); anon:所有url都都可以匿名訪(fǎng)問(wèn) */
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/login/auth", "anon");
filterChainDefinitionMap.put("/login/logout", "anon");
filterChainDefinitionMap.put("/error", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
首先 常規的過(guò)濾放行如下:
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/swagger-resources", "anon");
filterChainDefinitionMap.put("/v2/api-docs", "anon");
filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
重新打開(kāi)shiro�����,運行��,swagger2頁(yè)面訪(fǎng)問(wèn)正常��,但是程序日志輸出依然有權限訪(fǎng)問(wèn)出錯
于是繼續排查�����,受限請求如下:
http://localhost:8080/configuration/security
http://localhost:8080/configuration/ui
所以繼續添加放行:
filterChainDefinitionMap.put("/configuration/security", "anon");
filterChainDefinitionMap.put("/configuration/ui", "anon");
最終配置為:
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//Shiro的核心安全接口,這個(gè)屬性是必須的
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filterMap = new LinkedHashMap<>();
filterMap.put("authc", new AjaxPermissionsAuthorizationFilter());
shiroFilterFactoryBean.setFilters(filterMap);
/*定義shiro過(guò)濾鏈 Map結構
* Map中key(xml中是指value值)的第一個(gè)'/'代表的路徑是相對于HttpServletRequest.getContextPath()的值來(lái)的
* anon:它對應的過(guò)濾器里面是空的,什么都沒(méi)做,這里.do和.jsp后面的*表示參數,比方說(shuō)login.jsp?main這種
* authc:該過(guò)濾器下的頁(yè)面必須驗證后才能訪(fǎng)問(wèn),它是Shiro內置的一個(gè)攔截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
*/
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
/* 過(guò)濾鏈定義����,從上向下順序執行���,一般將 / ** 放在最為下邊:這是一個(gè)坑呢��,一不小心代碼就不好使了;
authc:所有url都必須認證通過(guò)才可以訪(fǎng)問(wèn); anon:所有url都都可以匿名訪(fǎng)問(wèn) */
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/login/auth", "anon");
filterChainDefinitionMap.put("/login/logout", "anon");
filterChainDefinitionMap.put("/error", "anon");
//swagger放行
filterChainDefinitionMap.put("/swagger-ui.html", "anon");
filterChainDefinitionMap.put("/swagger-resources", "anon");
filterChainDefinitionMap.put("/v2/api-docs", "anon");
filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
filterChainDefinitionMap.put("/configuration/security", "anon");
filterChainDefinitionMap.put("/configuration/ui", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
注意:filterChainDefinitionMap.put("/**", "authc") 需要放置在最后面���。
最終結果: 訪(fǎng)問(wèn)http://localhost:8080/api/swagger-ui.html出現
以上就是shiro整合swagger需要注意的地方的詳細內容�,更多關(guān)于shiro整合swagger的資料請關(guān)注腳本之家其它相關(guān)文章���!
