我想實現shiro rememberMe之後,再次訪問後自動登錄並把一些用戶信息再存入session
我現在是按照http://blog.csdn.net/Q_AN1314...这篇文章,写了一个过滤器,但是在过滤器里获取subject时出现错误
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
這是過濾器
public class AddPrincipalToSessionFilter extends OncePerRequestFilter {
@Resource
private ManagerService managerService;
@Override
protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
Subject subject = SecurityUtils.getSubject();
if (subject.isRemembered()) {
String principal = (String) subject.getPrincipal();
Manager manager = managerService.queryManager(principal);
//将用户信息存入session
ContextHelper.saveLoginUserInfoToSeesion(manager);
}
filterChain.doFilter(servletRequest, servletResponse);
}
}
這是shiroFilter
@Bean
@Autowired
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();//获取filters
filters.put("authc", new CustomFormAuthenticationFilter());//验证码过滤器
filters.put("addPrincipal", addPrincipalToSessionFilter());//rememberMe存session过滤器
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
//配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/favicon.ico", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/icons/**", "anon");
filterChainDefinitionMap.put("/error/**", "anon");
filterChainDefinitionMap.put("/validateCode", "anon");
//配置记住我或认证通过可以访问的地址
filterChainDefinitionMap.put("/", "addPrincipal,user");
filterChainDefinitionMap.put("/index", "addPrincipal,user");
filterChainDefinitionMap.put("/index.html", "addPrincipal,user");
//<!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login.html");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index.html");
// 未授权要跳转的链接
shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
return shiroFilterFactoryBean;
}
}
請問一下大家這是怎麼回事?或者大家有什麼更好的實現方法請指教一下
已解決
1.這個bean的注入一定要在shiroFilter下面
2.user要寫在addPrincipal前面
filterChainDefinitionMap.put("/", "user,addPrincipal");