记一个jwt拦截的错误为什么拦截会失效呢？

原创

机智的爆爆哥 2021-12-09 16:14:35 博主文章分类：问题 ©著作权

文章标签 shiro spring lua 安全管理拦截器 文章分类 Java 后端开发

©著作权归作者所有：来自51CTO博客作者机智的爆爆哥的原创作品，请联系作者获取转载授权，否则将追究法律责任

看代码

@Configuration
public class ShiroConfig {

    @Bean
    public DefaultWebSecurityManager securityManager(ShiroRealmConfig shiroRealmConfig) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 将对于的realm设置进去
        securityManager.setRealms(shiroRealmConfig.allRealms());
        // 关闭session验证 需要用到dao
        DefaultSubjectDAO subjectDAO = (DefaultSubjectDAO) securityManager.getSubjectDAO();
        DefaultSessionStorageEvaluator evaluator = (DefaultSessionStorageEvaluator) subjectDAO.getSessionStorageEvaluator();
        // 关闭自带session 我们采用的是token机制
        evaluator.setSessionStorageEnabled(false);
        // dao设置
        subjectDAO.setSessionStorageEvaluator(evaluator);
        return securityManager;
    }

    /**
     * 通过工厂将安全管理器设置进去
     *
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
        // 1.创建工厂
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        // 2.创建map map中放入jwt拦截器
        JwtFilter jwtFilter = new JwtFilter();
        Map<String, Filter> filterMap = new HashMap<>();
        filterMap.put("jwt", jwtFilter);
        // 3.工厂加入map
        factoryBean.setFilters(filterMap);
        // 4.工厂设置安全管理器
        factoryBean.setSecurityManager(securityManager);
        // 5.创建url拦截map map中设置对应的规则


        //最关键的一点 必须使用LinkedHashMap 否则顺序会乱掉
        Map<String, String> filterRuleMap = new LinkedHashMap<>();



        //登陆请求之类的都是要放行的
        filterRuleMap.put("/api/vi/user/getLogin", "anon");
        //swagger2相关
        filterRuleMap.put("/doc.html/**", "anon");
        filterRuleMap.put("/swagger-resources/**", "anon");
        filterRuleMap.put("/webjars/**", "anon");
        filterRuleMap.put("/v2/**", "anon");
        //其他请求都要通过jwtFilter
        filterRuleMap.put("/**", "jwt");
        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
        // 6.工厂加入对应的map 返回
        return factoryBean;
    }

    /**
     * 添加注解支持
     */
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true); // 强制使用cglib，防止重复代理和可能引起代理出错的问题
        return defaultAdvisorAutoProxyCreator;
    }

    /**
     * 添加注解依赖
     */
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    /**
     * 开启注解验证
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}