Closed chen-jie closed 7 years ago
chains.put("/logout", "logout"); chains.put("/**", "authc,perms");
看了下shiro的配置,似乎敲localhost/logout的时候,被第二个“/**”的拦截到了,没有被精确匹配的"/logout"拦截
@chen-jie 这个demo是对/进行拦截的perms,参考URLPermissionsFilter,所有的url都需要配置的 参考方法
List<String> urls = userService.findPermissionUrl(subject.getPrincipal().toString());
下面是配置shiro filterChain
`Map<String, String> chains = Maps.newHashMap();
chains.put("/login", "anon");
chains.put("/unauthor", "anon");
chains.put("/logout", "logout");
chains.put("/base/", "anon");
chains.put("/css/", "anon");
chains.put("/layer/", "anon");
chains.put("/**", "perms");
`
其他url都是匿名的, logout是LogoutFilter进行处理的
@Override public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { String curUrl = getRequestUrl(request); Subject subject = SecurityUtils.getSubject(); if(subject.getPrincipal() == null || StringUtils.endsWithAny(curUrl, ".js",".css",".html") || StringUtils.endsWithAny(curUrl, ".jpg",".png",".gif", ".jpeg") || StringUtils.equals(curUrl, "/unauthor")) { return true; } List urls = userService.findPermissionUrl(subject.getPrincipal().toString());
return urls.contains(curUrl);
}