Shiro之ShiroFilterFactoryBean

Shiro提供了与Web集成的支持，其通过一个ShiroFilter入口来拦截需要安全控制的URL，然后进行相应的控制。本文主要介绍在spring-boot 中用ShiroFilterFactoryBean 来创建ShiroFilter：

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    # 创建ShiroFilterFactoryBean对象
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    # 用LinkedHashMap添加拦截的uri,其中authc指定需要认证的uri，anon指定排除认证的uri
    Map filterChainDefinitionMap = new LinkedHashMap();
    filterChainDefinitionMap.put("/admin/auth/login", "anon");
    filterChainDefinitionMap.put("/admin/auth/401", "anon");
    filterChainDefinitionMap.put("/admin/auth/index", "anon");
    filterChainDefinitionMap.put("/admin/auth/403", "anon");
    filterChainDefinitionMap.put("/admin/**", "authc");
    # 设置登录失败，授权成功、授权失败之后的uri
    shiroFilterFactoryBean.setLoginUrl("/admin/auth/401");
    shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index");
    shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403");
    # 
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}

将上述方法加入到ShiroConfig中即可实现拦截URL。