ChenTH
commented
6 years ago /**
* cas核心过滤器,把支持的client写上,filter过滤时才会处理,clients必须在casConfig.clients已经注册
*
* @return
*/
@Bean
public Filter casSecurityFilter() {
SecurityFilter filter = new SecurityFilter();
filter.setClients("cas,rest");
filter.setConfig(casConfig());
return filter;
}
这个filter不应该在这儿创建 因为会加到整个系统的filter里,每个请求都会进行拦截。
kawhii
在sso-client-shiro-demo中的ShiroConfiguration.java对过滤路径进行了配置如下:
/*** 路径过滤设置** @return*/@Beanpublic ShiroFilterChainDefinition shiroFilterChainDefinition() {DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();definition.addPathDefinition("/callback", "callbackFilter");definition.addPathDefinition("/logout", "logoutFilter");definition.addPathDefinition("/user/**", "anon");definition.addPathDefinition("/**", "casSecurityFilter");return definition;}但是/user/**的anon并没有启用 访问依然会跳转cas的登陆界面。