Nutz
  1. 主页/
  2. 问答
NutzCN Logo
问答 关于shiro整合的各种问题
发布于 2712天前 作者 老司机 2263 次浏览 复制 上一个帖子 下一个帖子
标签: shiro

shiro.ini

authc = org.nutz.integration.shiro.SimpleAuthenticationFilter
authc.loginUrl  = /user/index

为什么@RequiresUser总是跳转到/user/login有没有办法改过来?

20 回复

NutShiroProcessor执行的跳转, 可以通过org.nutz.integration.shiro.NutShiro.DefaultLoginURL属性进行修改

@wendal authc.loginUrl是什么作用呢?

shiro.ini里面的urls

恩, 想了想,SimpleAuthenticationFilter应该覆盖setLoginUrl方法,我改改

https://github.com/nutzam/nutzmore/commit/90eab55c2327f37c39c33c85d4dff6bc564ee37e

@wendal upToken.getPrincipal()和 principals.getPrimaryPrincipal()取的值是在 SecurityUtils.getSubject().login(new SimpleShiroToken(?)),SimpleShiroToken里塞的值吗?

@qq_c1bab051 不是

看realm的实现类

@wendal 那就net.wendal.nutzbook.shiro.realm.SimpleAuthorizingRealm而言,他的upToken.getPrincipal()是net.wendal.nutzbook.module.UserModule里

Toolkit.doLogin(new SimpleShiroToken(user.getId()), user.getId());

里new SimpleShiroToken所传入的值吗?

是SimpleAuthenticationInfo的第一个参数

@wendal 添加了@RequiresPermissions("admin")后直接跳转到登录界面,debug protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) 发现没有进这个方法,请问,什么时候要进这个方法?这个应该是哪里错了?

不添加的时候, 能进入不?

登录过的session才会走doGetAuthorizationInfo

@wendal 添加@RequiresUser能实行登录访问功能,去掉任何注解也能直接访问

@wendal @RequiresUser可用,而且debug protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException 无异常

给你贴个堆栈信息, 访问一个入口方法带如下注解(论坛源码中的YvrAdminModule.update方法):

@RequiresPermissions("topic:update")


	at net.wendal.nutzbook.shiro.realm.SimpleAuthorizingRealm.doGetAuthorizationInfo(SimpleAuthorizingRealm.java:28)
	at org.apache.shiro.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:341)
	at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:462)
	at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:458)
	at org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:223)
	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:322)
	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84)
	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
	at org.nutz.integration.shiro.NutShiroMethodInterceptor.assertAuthorized(NutShiroMethodInterceptor.java:40)
	at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:120)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at net.wendal.nutzbook.mvc.DailyUniqueUsersProcessor.process(DailyUniqueUsersProcessor.java:48)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at net.wendal.nutzbook.mvc.LogTimeProcessor.process(LogTimeProcessor.java:19)
	at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
	at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:68)
	at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
	at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:198)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

可以看到是NutShiroProcessor触发了检查

@wendal @RequiresRoles和@RequiresPermissions怎么实现或与非的关系?

@qq_c1bab051 没有,而且不建议混用

@wendal 那比如我现在要建一个HR主管的user,然后A接口的权限是主管级别(不区分部门),B接口的权限是HR成员(不区分级别),C接口的权限是HR主管,那我必须要给这个user加三个permission?

@qq_c1bab051 例如让角色支持继承

添加回复
请先登陆
回到顶部