You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Richard Adams <ri...@researchspace.com> on 2014/10/23 09:53:32 UTC
Shiro integration with Spring Boot and filter chain ordering.
Hi,
I’ve been using Shiro quite happlly for some years now in an existing project. Recently I started a new project using Spring Boot, and wanted to use Shiro rather than learn Spring Security, which is the ‘default’ security option in Spring Boot..
The configuration is pure Java and it took a little while to get set up, but I’ve documented my experiences in a blog post in case it’s useful to others:
http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html
One problem I’ve not been able to fix is the ordering of filter chain definitions.
public ShiroFilterFactoryBean shiroFilter (){
ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
……..
factory.setFilterChainDefinitions(
"/manage/health/=anon\n” +
"/manage/**=authc\n”
);
…..
}
For example, I’d like to make /manage/health to allow anonymous access, but all other URLS under manage/ to require authentication.
This type of approach works fine using XML configuration in my old project, but in the new Spring Boot project the '/manage/health‘ URL triggers the authentication filter. I’ve tried to swap them but no success. Does anyone have any suggestions on how to configure the ordering properly using Java rather than .ini or XML config?
Thanks
Richard
Richard Adams
richard@researchspace.com
Re: Shiro integration with Spring Boot and filter chain ordering.
Posted by Dominic Farr <do...@gmail.com>.
Hi Richard
If you make the object a LinkedHashMap the order should be preserved.
LinkedHashMap<String,String> linkedHashMap = new LinkedHashMap<>();
linkedHashMap.put("/manage/health/", "anon");
linkedHashMap.put("/manage/**, "authc");
ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
actory.setFilterChainDefinitions(linkedHashMap);
-d
On 23 October 2014 08:53, Richard Adams <ri...@researchspace.com> wrote:
> Hi,
> I’ve been using Shiro quite happlly for some years now in an existing
> project. Recently I started a new project using Spring Boot, and wanted to
> use Shiro rather than learn Spring Security, which is the ‘default’
> security option in Spring Boot..
>
> The configuration is pure Java and it took a little while to get set up,
> but I’ve documented my experiences in a blog post in case it’s useful to
> others:
>
>
> http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html
>
> One problem I’ve not been able to fix is the ordering of filter chain
> definitions.
> public ShiroFilterFactoryBean shiroFilter (){
> ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
> ……..
> factory.setFilterChainDefinitions(
> "/manage/health/=anon\n” +
> "/manage/**=authc\n”
> );
> …..
> }
>
> For example, I’d like to make /manage/health to allow anonymous access,
> but all other URLS under manage/ to require authentication.
> This type of approach works fine using XML configuration in my old
> project, but in the new Spring Boot project the '/manage/health‘ URL
> triggers the authentication filter. I’ve tried to swap them but no success.
> Does anyone have any suggestions on how to configure the ordering properly
> using Java rather than .ini or XML config?
>
> Thanks
> Richard
>
>
> Richard Adams
> richard@researchspace.com
>
>
>
>
>
Re: Shiro integration with Spring Boot and filter chain ordering.
Posted by Richard Adams <ri...@researchspace.com>.
Hi,
Sorry , still no joy - I tried:
> factory.setFilterChainDefinitions(
> "/manage/health=anon\n” +
> "/manage/**=authc\n”);
and
> factory.setFilterChainDefinitions(
> "/manage/health/**=anon\n” +
> "/manage/**=authc\n");
but still get login prompt in both cases, whether set through string or linked hash map…
It’s a bit puzzling but I have a workaround I can use with the explicit mappings below.
Thanks Richard
> On 23 Oct 2014, at 11:32, Dominic Farr <do...@gmail.com> wrote:
>
> this suggests it is a matching, not ordering, issue. will dropping the trailing slash on anon health path help?
>
> factory.setFilterChainDefinitions(
> "/manage/health=anon\n” +
> "/manage/**=authc\n");
>
> On 23 October 2014 10:49, Richard Adams <richard@researchspace.com <ma...@researchspace.com>> wrote:
> Hi Dominic
> Thanks for the suggestion, I tried this but still the /manage/health/ URL is asking for a login. If I add all the endpoints explicitly it works fine, using either String or Map based configuration.
> E.g.,
> factory.setFilterChainDefinitions(
> "/manage/health/=anon\n"+
> "/manage/metrics/**=authc\n"+
> "/manage/beans/**=authc\n"+
> "/manage/trace/**=authc\n"+
> "/manage/mappings/**=authc\n"+
> "/manage/dump/**=authc\n"+
> "/manage/autoconfig/**=authc\n"+
> "/manage/env/**=authc\n"+
> "/manage/info/**=authc”);
> .
> Thanks
> Richard
> > On 23 Oct 2014, at 08:53, Richard Adams <richard@researchspace.com <ma...@researchspace.com>> wrote:
> >
> > Hi,
> > I’ve been using Shiro quite happlly for some years now in an existing project. Recently I started a new project using Spring Boot, and wanted to use Shiro rather than learn Spring Security, which is the ‘default’ security option in Spring Boot..
> >
> > The configuration is pure Java and it took a little while to get set up, but I’ve documented my experiences in a blog post in case it’s useful to others:
> >
> > http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html <http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html>
> >
> > One problem I’ve not been able to fix is the ordering of filter chain definitions.
> > public ShiroFilterFactoryBean shiroFilter (){
> > ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
> > ……..
> > factory.setFilterChainDefinitions(
> > "/manage/health/=anon\n” +
> > "/manage/**=authc\n”
> > );
> > …..
> > }
> >
> > For example, I’d like to make /manage/health to allow anonymous access, but all other URLS under manage/ to require authentication.
> > This type of approach works fine using XML configuration in my old project, but in the new Spring Boot project the '/manage/health‘ URL triggers the authentication filter. I’ve tried to swap them but no success. Does anyone have any suggestions on how to configure the ordering properly using Java rather than .ini or XML config?
> >
> > Thanks
> > Richard
> >
> >
> > Richard Adams
> > richard@researchspace.com <ma...@researchspace.com>
> >
> >
> >
> >
>
> Richard Adams
> richard@researchspace.com <ma...@researchspace.com>
>
>
>
>
>
Richard Adams
richard@researchspace.com
Re: Shiro integration with Spring Boot and filter chain ordering.
Posted by Dominic Farr <do...@gmail.com>.
this suggests it is a matching, not ordering, issue. will dropping the
trailing slash on anon health path help?
factory.setFilterChainDefinitions(
"/manage/health=anon\n” +
"/manage/**=authc\n");
On 23 October 2014 10:49, Richard Adams <ri...@researchspace.com> wrote:
> Hi Dominic
> Thanks for the suggestion, I tried this but still the /manage/health/ URL
> is asking for a login. If I add all the endpoints explicitly it works fine,
> using either String or Map based configuration.
> E.g.,
> factory.setFilterChainDefinitions(
> "/manage/health/=anon\n"+
> "/manage/metrics/**=authc\n"+
> "/manage/beans/**=authc\n"+
> "/manage/trace/**=authc\n"+
> "/manage/mappings/**=authc\n"+
> "/manage/dump/**=authc\n"+
> "/manage/autoconfig/**=authc\n"+
> "/manage/env/**=authc\n"+
> "/manage/info/**=authc”);
> .
> Thanks
> Richard
> > On 23 Oct 2014, at 08:53, Richard Adams <ri...@researchspace.com>
> wrote:
> >
> > Hi,
> > I’ve been using Shiro quite happlly for some years now in an existing
> project. Recently I started a new project using Spring Boot, and wanted to
> use Shiro rather than learn Spring Security, which is the ‘default’
> security option in Spring Boot..
> >
> > The configuration is pure Java and it took a little while to get set up,
> but I’ve documented my experiences in a blog post in case it’s useful to
> others:
> >
> >
> http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html
> >
> > One problem I’ve not been able to fix is the ordering of filter chain
> definitions.
> > public ShiroFilterFactoryBean shiroFilter (){
> > ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
> > ……..
> > factory.setFilterChainDefinitions(
> > "/manage/health/=anon\n” +
> > "/manage/**=authc\n”
> > );
> > …..
> > }
> >
> > For example, I’d like to make /manage/health to allow anonymous access,
> but all other URLS under manage/ to require authentication.
> > This type of approach works fine using XML configuration in my old
> project, but in the new Spring Boot project the '/manage/health‘ URL
> triggers the authentication filter. I’ve tried to swap them but no success.
> Does anyone have any suggestions on how to configure the ordering properly
> using Java rather than .ini or XML config?
> >
> > Thanks
> > Richard
> >
> >
> > Richard Adams
> > richard@researchspace.com
> >
> >
> >
> >
>
> Richard Adams
> richard@researchspace.com
>
>
>
>
>
Re: Shiro integration with Spring Boot and filter chain ordering.
Posted by Richard Adams <ri...@researchspace.com>.
Hi Dominic
Thanks for the suggestion, I tried this but still the /manage/health/ URL is asking for a login. If I add all the endpoints explicitly it works fine, using either String or Map based configuration.
E.g.,
factory.setFilterChainDefinitions(
"/manage/health/=anon\n"+
"/manage/metrics/**=authc\n"+
"/manage/beans/**=authc\n"+
"/manage/trace/**=authc\n"+
"/manage/mappings/**=authc\n"+
"/manage/dump/**=authc\n"+
"/manage/autoconfig/**=authc\n"+
"/manage/env/**=authc\n"+
"/manage/info/**=authc”);
.
Thanks
Richard
> On 23 Oct 2014, at 08:53, Richard Adams <ri...@researchspace.com> wrote:
>
> Hi,
> I’ve been using Shiro quite happlly for some years now in an existing project. Recently I started a new project using Spring Boot, and wanted to use Shiro rather than learn Spring Security, which is the ‘default’ security option in Spring Boot..
>
> The configuration is pure Java and it took a little while to get set up, but I’ve documented my experiences in a blog post in case it’s useful to others:
>
> http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html
>
> One problem I’ve not been able to fix is the ordering of filter chain definitions.
> public ShiroFilterFactoryBean shiroFilter (){
> ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
> ……..
> factory.setFilterChainDefinitions(
> "/manage/health/=anon\n” +
> "/manage/**=authc\n”
> );
> …..
> }
>
> For example, I’d like to make /manage/health to allow anonymous access, but all other URLS under manage/ to require authentication.
> This type of approach works fine using XML configuration in my old project, but in the new Spring Boot project the '/manage/health‘ URL triggers the authentication filter. I’ve tried to swap them but no success. Does anyone have any suggestions on how to configure the ordering properly using Java rather than .ini or XML config?
>
> Thanks
> Richard
>
>
> Richard Adams
> richard@researchspace.com
>
>
>
>
Richard Adams
richard@researchspace.com