Re: [I] [Question] SseEmitter.complete() throws Error:No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration. [shiro]

Sat, 11 Jan 2025 17:10:35 -0800 


phdbutbachelor commented on issue #1950:
URL: https://github.com/apache/shiro/issues/1950#issuecomment-2585520777

   Here are the beans:
   
   ```
   @Bean
   public ModularRealmAuthenticator authenticator(
           AuthenticationListener authenticationListener,
           ConfigUserAuthorizingRealm configUserAuthorizingRealm,
           UsernamePasswordAuthorizingRealm usernamePasswordAuthorizingRealm,
           SMSAuthorizingRealm smsAuthorizingRealm,
           WxMaPhoneNumberAuthorizingRealm wxMaPhoneNumberAuthorizingRealm
   ) {
       ModularRealmAuthenticator _authenticator = new 
DefaultModularRealmAuthenticator(configUserAuthorizingRealm, 
usernamePasswordAuthorizingRealm, smsAuthorizingRealm, 
wxMaPhoneNumberAuthorizingRealm);
   
       _authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
       
_authenticator.setAuthenticationListeners(Collections.singletonList(authenticationListener));
       return _authenticator;
   }
   
   @Bean
   public SessionManager sessionManager(
           SessionDAO sessionDAO,
           ShiroConfigurationProperties shiroConfigurationProperties,
           SessionListenerAdapter sessionListenerAdapter
   ) {
       DefaultWebSessionManager _sessionManager = new 
DefaultWebSessionManager();
   
       // 设置cookie
       
_sessionManager.setSessionIdCookie(shiroConfigurationProperties.getSessionIdCookie());
       _sessionManager.setSessionIdUrlRewritingEnabled(false);
   
       _sessionManager.setSessionDAO(sessionDAO);
   
       // 设置session过期时间
       
_sessionManager.setGlobalSessionTimeout(shiroConfigurationProperties.getSession().getTimeout()
 * 1000);
       // 设置session验证间隔
       
_sessionManager.setSessionValidationInterval(shiroConfigurationProperties.getSession().getValidationInterval()
 * 1000);
       // 设置session监听器
       
_sessionManager.setSessionListeners(Collections.singletonList(sessionListenerAdapter));
   
       return _sessionManager;
   }
   
   @Bean
   public DefaultWebSecurityManager securityManager(
           ConfigUserAuthorizingRealm configUserAuthorizingRealm,
           UsernamePasswordAuthorizingRealm usernamePasswordAuthorizingRealm,
           SMSAuthorizingRealm smsAuthorizingRealm,
           WxMaPhoneNumberAuthorizingRealm wxMaPhoneNumberAuthorizingRealm,
           ModularRealmAuthenticator authenticator,
           ModularRealmAuthorizer authorizer,
           SessionManager sessionManager,
           CacheManager cacheManager,
           RememberMeManager rememberMeManager
   ) {
       DefaultWebSecurityManager _manager = new DefaultWebSecurityManager();
   
       authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
       _manager.setAuthenticator(authenticator);
   
       _manager.setAuthorizer(authorizer);
   
       // 设置认证域
       _manager.setRealms(Arrays.asList(configUserAuthorizingRealm, 
usernamePasswordAuthorizingRealm, smsAuthorizingRealm, 
wxMaPhoneNumberAuthorizingRealm));
   
       // 设置会话管理器
       _manager.setSessionManager(sessionManager);
   
       // 设置缓存管理器
       _manager.setCacheManager(cacheManager);
   
       // 设置记住管理器
       _manager.setRememberMeManager(rememberMeManager);
   
       return _manager;
   }
   
   @Bean
   @ConditionalOnMissingBean
   public ShiroFilterFactoryBean 
shiroFilterFactoryBean(@Value("${sec.username}") String username, 
@Value("${sec.login.url}") String loginUrl, 
org.apache.shiro.mgt.SecurityManager securityManager, 
ShiroConfigurationProperties shiroConfigurationProperties, LoginUtil loginUtil) 
{
       ShiroFilterFactoryBean _filterFactory = new ShiroFilterFactoryBean();
       _filterFactory.setSecurityManager(securityManager);
       Map<String, Filter> _filters = new LinkedHashMap();
       _filters.put("user", new DefaultAuthenticationFilter(username, loginUrl, 
loginUtil));
       _filterFactory.setFilters(_filters);
       
_filterFactory.setFilterChainDefinitionMap(shiroConfigurationProperties.getFilterChainDefinitionMap());
       return _filterFactory;
   }
   
   @Bean
   @ConditionalOnMissingBean
   public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
       return new LifecycleBeanPostProcessor();
   }
   
   @Bean
   @ConditionalOnMissingBean
   public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
       DefaultAdvisorAutoProxyCreator _creator = new 
DefaultAdvisorAutoProxyCreator();
       _creator.setProxyTargetClass(true);
       return _creator;
   }
   
   @Bean
   @ConditionalOnMissingBean
   public AuthorizationAttributeSourceAdvisor 
authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
       AuthorizationAttributeSourceAdvisor _advisor = new 
AuthorizationAttributeSourceAdvisor();
       _advisor.setSecurityManager(securityManager);
       return _advisor;
   }
   ```
   
   And the filter chain definition map is:
   
   ```
     filter-chain-definition:
       - /sec/login/cancel, user
       - /sec/login/**, anon
       - /error, anon
       - /app/init, anon
       - /app/layout/header, anon
       - /media/read, anon
       - /media/read/force-partial-content, anon
       - /util/cmpassport/app-id, anon
       - /util/validation/jquery, anon
       - /llm/chat, anon
   ```
   
   the url '/llm/chat' is set to 'anon'. @fpapon 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to