shiro默认不配置任何过滤权限时不会自动调用授权函数_百度知道shiro自定义的authc过滤器无效 - 开源中国社区
当前访客身份：游客 [
当前位置：
&bean id=&myCaptchaFilter& class=&com.java.security.FormAuthenticationCaptchaFilter&/&
&property name=&filters&&
&entry key=&authc& value-ref=&myCaptchaFilter&/&
&/property &
配置如上，
package com.javazhout.
import javax.servlet.ServletR
import javax.servlet.ServletR
import javax.servlet.http.HttpServletR
import org.apache.shiro.SecurityU
import org.apache.shiro.authc.AuthenticationE
import org.apache.shiro.authc.AuthenticationT
import org.apache.shiro.subject.S
import org.apache.shiro.web.filter.authc.FormAuthenticationF
import org.apache.shiro.web.util.WebU
import com.javazhout.exception.CaptchaE
import com.javazhout.servlet.CaptchaS
public class FormAuthenticationCaptchaFilter extends FormAuthenticationFilter {
public static final String DEFAULT_CAPTCHA_PARAM = &captcha&;
private String captchaParam = DEFAULT_CAPTCHA_PARAM;
public String getCaptchaParam() {
return captchaP
protected String getCaptcha(ServletRequest request) {
return WebUtils.getCleanParam(request, getCaptchaParam());
protected AuthenticationToken createToken(
ServletRequest request, ServletResponse response) {
String username = getUsername(request);
String password = getPassword(request);
String captcha = getCaptcha(request);
boolean rememberMe = isRememberMe(request);
return new UsernamePasswordCaptchaToken(username,
password, rememberMe, captcha);
// 验证码校验
protected void doCaptchaValidate( HttpServletRequest request
,UsernamePasswordCaptchaToken token ){
String captcha = (String) SecurityUtils.getSubject().getSession()
.getAttribute(CaptchaServlet.KEY_CAPTCHA);
if( captcha!=null &&
!captcha.equalsIgnoreCase(token.getCaptcha()) ){
throw new CaptchaException (&验证码错误！&);
protected boolean executeLogin(ServletRequest request,
ServletResponse response) throws Exception {
UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken)createToken(request, response);
doCaptchaValidate( (HttpServletRequest)request,token );
Subject subject = getSubject(request, response);
subject.login(token);
return onLoginSuccess(token, subject, request, response);
} catch (AuthenticationException e) {
return onLoginFailure(token, e, request, response);
访问url配置为authc的，在上面的filter中下断点，进不到方法中去。请大神解答
共有5个答案
<span class="a_vote_num" id="a_vote_num_
你看你的包路径写的对吗?&
<span class="a_vote_num" id="a_vote_num_
引用来自“疯狂的舌头”的答案你看你的包路径写的对吗?&项目里包路径写的没问题，这个应该是复制的时候出了点差错。。。
<span class="a_vote_num" id="a_vote_num_
求是否已经解决问题
<span class="a_vote_num" id="a_vote_num_
<span class="a_vote_num" id="a_vote_num_
有其他Filter注解！
更多开发者职位上
有什么技术问题吗？
周梦梅的其它问题
类似的话题&&国之画&&&& &&&&&&
&& &&&&&&&&&&&&&&&&&&&&
鲁ICP备号-4
打开技术之扣，分享程序人生！shiro + jfinal， 重写shiro 的 authc 过滤器后，过滤器无效 - 开源中国社区
当前访客身份：游客 [
当前位置：
shiro.ini 配置如下
#自定义authc 过滤器 authc = com.zg.vmfun.kit.shiro.CaptchaFormAuthenticationFilter #没有认证(登录)跳转 authc.loginUrl = /admin #认证成功后跳转 authc.successUrl = /admin/abcMain #授权失败后跳转 perms.unauthorizedUrl = /admin
[urls] /admin/* = authc
*************************************************
结果是 不执行CaptchaFormAuthenticationFilter，跳转至 /admin
共有2个答案
<span class="a_vote_num" id="a_vote_num_
解决么了，IBM的文章“
” 是错的。在
FormAuthenticationFilter处，认证方法错误。至少再shiro1.2.2版本下
<span class="a_vote_num" id="a_vote_num_
&&动态数据库权限
public class MyJdbcAuthzService implements JdbcAuthzService {
public Map&String, AuthzHandler& getJdbcAuthz() {
//加载数据库的url配置
Map&String, AuthzHandler& authzJdbcMaps = new HashMap&String, AuthzHandler&();
Map&String, AuthzHandler& authzJdbcMaps = new TreeMap&String, AuthzHandler&(
new Comparator&String&() {
public int compare(String k1, String k2) {
return new Integer(k2.length()).compareTo(k1.length());
//遍历角色
List&Role& roles = Role.dao.findAll();
List&Permission& permissions =
for (Role role : roles) {
//角色可用
if (role.getDate(&daleted_at&) == null) {
permissions = Permission.dao.findByRole(&&, role.get(&id&));
//遍历权限
for (Permission permission : permissions) {
//权限可用
if (permission.getDate(&daleted_at&) == null) {
if (permission.getStr(&url&) != null && !permission.getStr(&url&).isEmpty()) {
authzJdbcMaps.put(permission.getStr(&url&), new JdbcPermissionAuthzHandler(permission.getStr(&value&)));
return authzJdbcM
--create role--
INSERT INTO sec_role(id,name, value, intro, pid,left_code,right_code,created_at)
VALUES (sec_role_id_seq.nextval,'超级管理员','R_ADMIN','',0,1,8, current_timestamp),
(sec_role_id_seq.nextval,'系统管理员','R_MANAGER','',1,2,7,current_timestamp),
(sec_role_id_seq.nextval,'会员','R_MEMBER','',2,3,4,current_timestamp),
(sec_role_id_seq.nextval,'普通用户','R_USER','',2,5,6,current_timestamp);
--create permission--
INSERT INTO sec_permission(id, name, value, url, intro,pid,left_code,right_code, created_at)
VALUES (sec_permission_id_seq.nextval,'管理员目录','P_D_ADMIN','/admin/**','',0,1,6,current_timestamp),
(sec_permission_id_seq.nextval,'角色权限管理','P_ROLE','/admin/role/**','',1,2,3,current_timestamp),
(sec_permission_id_seq.nextval,'用户管理','P_USER','/admin/user/**','',1,4,5,current_timestamp),
(sec_permission_id_seq.nextval,'会员目录','P_D_MEMBER','/member/**','',0,9,10,current_timestamp),
(sec_permission_id_seq.nextval,'普通用户目录','P_D_USER','/user/**','',0,11,12,current_timestamp);
//如果系统不重启需要加载新权限到全局过滤
ShiroKit.addJdbcAuthz(authority.getStr(&url&),authority.getStr(&auth_key&));
更多开发者职位上
有什么技术问题吗？
高跟男爵的其它问题
类似的话题