-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.6.0
-
Component/s: Integration: Spring
-
Labels:None
I'm using shiro-spring-boot-web-starter 1.6.0 within a web application developed with Spring Boot v2.3.2.RELEASE.
When I add one or more filters to the application using @Bean/FilterRegistrationBean (example below), the Shiro filter is not properly loaded anymore, and all requests that depend on SecurityUtils to be fulfilled start to fail.
@Bean public FilterRegistrationBean<LogoutFilter> logoutFilter() { final FilterRegistrationBean<LogoutFilter> registrationBean = new FilterRegistrationBean<>(); registrationBean.addUrlPatterns("/security/logout"); registrationBean.setFilter(new LogoutFilter()); registrationBean.setName("logoutFilter"); return registrationBean; }
I ran some tests to figure out what's going on and it turns out the @ConditionalOnMissingBean used to annotate filterShiroFilterRegistrationBean() here seems to be the culprit: the condition evaluates to false when there are more FilterRegistrationBean's annotated with @ConditionalOnMissingBean in the application, so the method is not called, and hence the Shiro filter is not loaded.
As a workaround, I've added the below configuration to override the standard one and now everything works fine:
@Configuration public class ShiroWebFilterConfig extends AbstractShiroWebFilterConfiguration { @Bean protected FilterRegistrationBean<AbstractShiroFilter> shiroFilter() throws Exception { final FilterRegistrationBean<AbstractShiroFilter> registrationBean = new FilterRegistrationBean<>(); registrationBean.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.ERROR); registrationBean.setFilter((AbstractShiroFilter) shiroFilterFactoryBean().getObject()); registrationBean.setOrder(1); return registrationBean; } }
Maybe it's worth adding a name or type element to @ConditionalOnMissingBean in order to provide a more robust solution. Makes sense?
Kind regards, Ricardo.
- links to
