I'm using shiro-spring-boot-web-starter 1.6.0 within a web application developed with Spring Boot v2.3.2.RELEASE.
When I add one or more filters to the application using @Bean/FilterRegistrationBean (example below), the Shiro filter is not properly loaded anymore, and all requests that depend on SecurityUtils to be fulfilled start to fail.
I ran some tests to figure out what's going on and it turns out the @ConditionalOnMissingBean used to annotate filterShiroFilterRegistrationBean() here seems to be the culprit: the condition evaluates to false when there are more FilterRegistrationBean's annotated with @ConditionalOnMissingBean in the application, so the method is not called, and hence the Shiro filter is not loaded.
As a workaround, I've added the below configuration to override the standard one and now everything works fine:
Maybe it's worth adding a name or type element to @ConditionalOnMissingBean in order to provide a more robust solution. Makes sense?
Kind regards, Ricardo.