How to configure Shiro with Spring Boot

Question 1

How to configure Shiro with Spring Boot

spring-mvc spring-boot shiro

Daniel Vaughan · Aug 11, 2014 · Viewed 11.3k times · Source

Answer

Answer

Well, it seems that the lack of something, java config like this:

import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setLoginUrl("/login");
    shiroFilter.setSuccessUrl("/index");
    shiroFilter.setUnauthorizedUrl("/forbidden");
    Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>();
    filterChainDefinitionMapping.put("/", "anon");
    filterChainDefinitionMapping.put("/home", "authc,roles[guest]");
    filterChainDefinitionMapping.put("/admin", "authc,roles[admin]");
    shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
    shiroFilter.setSecurityManager(securityManager());
    Map<String, Filter> filters = new HashMap<String, Filter>();
    filters.put("anon", new AnonymousFilter());
    filters.put("authc", new FormAuthenticationFilter());
    filters.put("logout", new LogoutFilter());
    filters.put("roles", new RolesAuthorizationFilter());
    filters.put("user", new UserFilter());
    shiroFilter.setFilters(filters);
    System.out.println(shiroFilter.getFilters().size());
    return shiroFilter;
}

@Bean(name = "securityManager")
public SecurityManager securityManager() {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm());
    return securityManager;
}

@Bean(name = "realm")
@DependsOn("lifecycleBeanPostProcessor")
public PropertiesRealm realm() {
    PropertiesRealm propertiesRealm = new PropertiesRealm();
    propertiesRealm.init();
    return propertiesRealm;
}

@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
}

https://github.com/lenicliu/eg-spring/tree/master/eg-spring-boot/eg-spring-boot-shiro

Question 2

I have a Spring MVC web application that uses Shiro authentication using Spring configuration rather than a shiro.ini.

I want to transition to a Spring Boot application.

I have been mainly successful. The application starts in Spring Boot and my Shiro environment gets setup. However I just cannot work out how to setup the Shiro Filter correctly. I need this to be working to make sure requests end up being handled by the correct thread.

In the original app I configured the Shiro Filter in the web.xml like this:

<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

I have tried replicate this using a Java Config like this:

  @Autowired
  private WebSecurityManager webSecurityManager;

  @Bean
  public ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new org.apache.shiro.spring.web.ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(webSecurityManager);
    return shiroFilterFactoryBean;
  }

  @Bean
  public org.apache.shiro.spring.LifecycleBeanPostProcessor lifecycleBeanPostProcessor()
  {
    return new org.apache.shiro.spring.LifecycleBeanPostProcessor();
  }

  @Bean
  public Filter shiroFilter()
  {
    DelegatingFilterProxy filter = new DelegatingFilterProxy();
    filter.setTargetBeanName("shiroFilterFactoryBean");
    filter.setTargetFilterLifecycle(true);
    return filter;
  }

However I just cannot get everything to fit together and don't have enough knowledge to sort it out. I just can't see to connect the filter to the environment. I would guess it is something to do with the order things are setup.

Has anyone managed to use Spring Boot and Shiro together successfully?

How to configure Shiro with Spring Boot

Answer

Related questions