关于shiro整合的各种问题

wendal

1楼•2929天前

NutShiroProcessor执行的跳转, 可以通过org.nutz.integration.shiro.NutShiro.DefaultLoginURL属性进行修改

老司机(qq_c1bab051) 2楼•2929天前

@wendal authc.loginUrl是什么作用呢？

wendal

3楼•2929天前

shiro.ini里面的urls

wendal

4楼•2929天前

恩, 想了想,SimpleAuthenticationFilter应该覆盖setLoginUrl方法,我改改

wendal

5楼•2929天前

https://github.com/nutzam/nutzmore/commit/90eab55c2327f37c39c33c85d4dff6bc564ee37e

老司机(qq_c1bab051) 6楼•2929天前

@wendal upToken.getPrincipal()和 principals.getPrimaryPrincipal()取的值是在 SecurityUtils.getSubject().login(new SimpleShiroToken(?)),SimpleShiroToken里塞的值吗？

wendal

7楼•2929天前

@qq_c1bab051 不是

看realm的实现类

老司机(qq_c1bab051) 8楼•2929天前

@wendal 那就net.wendal.nutzbook.shiro.realm.SimpleAuthorizingRealm而言，他的upToken.getPrincipal()是net.wendal.nutzbook.module.UserModule里

Toolkit.doLogin(new SimpleShiroToken(user.getId()), user.getId());

里new SimpleShiroToken所传入的值吗？

wendal

9楼•2929天前

是SimpleAuthenticationInfo的第一个参数

老司机(qq_c1bab051) 10楼•2929天前

@wendal 添加了@RequiresPermissions("admin")后直接跳转到登录界面，debug protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) 发现没有进这个方法，请问，什么时候要进这个方法？这个应该是哪里错了？

wendal

11楼•2928天前

不添加的时候, 能进入不?

wendal

12楼•2928天前

登录过的session才会走doGetAuthorizationInfo

老司机(qq_c1bab051) 13楼•2928天前

@wendal 添加@RequiresUser能实行登录访问功能，去掉任何注解也能直接访问

老司机(qq_c1bab051) 14楼•2928天前

@wendal @RequiresUser可用，而且debug protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException 无异常

wendal

15楼•2928天前

给你贴个堆栈信息, 访问一个入口方法带如下注解(论坛源码中的YvrAdminModule.update方法):

@RequiresPermissions("topic:update")

	at net.wendal.nutzbook.shiro.realm.SimpleAuthorizingRealm.doGetAuthorizationInfo(SimpleAuthorizingRealm.java:28)
	at org.apache.shiro.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:341)
	at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:462)
	at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:458)
	at org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:223)
	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:322)
	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84)
	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
	at org.nutz.integration.shiro.NutShiroMethodInterceptor.assertAuthorized(NutShiroMethodInterceptor.java:40)
	at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:120)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at net.wendal.nutzbook.mvc.DailyUniqueUsersProcessor.process(DailyUniqueUsersProcessor.java:48)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at net.wendal.nutzbook.mvc.LogTimeProcessor.process(LogTimeProcessor.java:19)
	at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
	at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:68)
	at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
	at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:198)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

wendal

16楼•2928天前

可以看到是NutShiroProcessor触发了检查

老司机(qq_c1bab051) 17楼•2928天前

@wendal @RequiresRoles和@RequiresPermissions怎么实现或与非的关系？

wendal

18楼•2928天前

@qq_c1bab051 没有，而且不建议混用

老司机(qq_c1bab051) 19楼•2928天前

@wendal 那比如我现在要建一个HR主管的user，然后A接口的权限是主管级别（不区分部门），B接口的权限是HR成员（不区分级别），C接口的权限是HR主管，那我必须要给这个user加三个permission？

wendal

20楼•2928天前

@qq_c1bab051 例如让角色支持继承