Spring Shiro Learning (ii)

Last Update:2017-07-19 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

The Shiro default comes with the following filters:

Filter Name	Class
Anon	Org.apache.shiro.web.filter.authc.AnonymousFilter
Authc	Org.apache.shiro.web.filter.authc.FormAuthenticationFilter
Authcbasic	Org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
Logout	Org.apache.shiro.web.filter.authc.LogoutFilter
Nosessioncreation	Org.apache.shiro.web.filter.session.NoSessionCreationFilter
Perms	Org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
Port	Org.apache.shiro.web.filter.authz.PortFilter
Rest	Org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Roles	Org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
Qs.	Org.apache.shiro.web.filter.authz.SslFilter
User	Org.apache.shiro.web.filter.authc.UserFilter

We usually use anon: anyone can access; AUTHC: must be logged in to access, do not include rememberme; User : Login users can access, including RememberMe ;p erms: Specify the filter rules, this is generally extended use, will not use the original, such as Springrain extension for the frameperms.

Filterchaindefinitions is to specify the filter rules, generally the use of public configuration files, such as JS CSS img These resource files are not intercepted, business-related URL configuration to the database, there is a filter query database for permission to judge.

<BeanID= "Shirofilter"class= "Org.apache.shiro.spring.web.ShiroFilterFactoryBean">        < Propertyname= "SecurityManager"ref= "SecurityManager"/>        < Propertyname= "Loginurl"value= "${zheng.upms.sso.server.url}"/>        < Propertyname= "Successurl"value= "${zheng.upms.successurl}"/>        < Propertyname= "Unauthorizedurl"value= "${zheng.upms.unauthorizedurl}"/>        < Propertyname= "Filters">            <Util:map>                <entryKey= "AUTHC"Value-ref= "Upmsauthenticationfilter"/>            </Util:map>        </ Property>        < Propertyname= "Filterchaindefinitions">            <value>/manage/** = Upmssessionforcelogout,authc/manage/index = user/druid/** = user/swagger-ui.html = user/resources/** = Anon/** = Anon 
    </value>        </ Property>    </Bean>

Filterchaindefinitions is defining the interception rules

The priority of the Interceptor is: from top to bottom, from left to right, if a matching interceptor is blocked and returned, such as Access/manage/index the second interceptor user matches, returns true, no longer matches down.

The last sentence is/**=anon means that except for those above, everything else has to go through anon. Anyone can access

Spring Shiro Learning (ii)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Spring Shiro Learning (ii)

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support