It’s all done here:
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
If you can’t edit web.xml (which is very, very strange) you can probably
subclass the above classes with your own @WebListener and @WebFilter annotations
provided of course you are using Servlet 3.x or above.
> On Aug 11, 2016, at 11:27 AM, 张云 <[email protected]> wrote:
>
> Thank you for your reply.
> But I don't have the permission to edit web.xml or write a
> WebApplicationIntializer.
> I go around this by wtriting a spring intial izing bean to load Shiro's
> environment and register the shiro filter. It works for
>
> /demo = authc
>
> When I request /demo, It redirct me to the loginUrl
>
> Maybe The problem is that I don't config shiro filter with the four
> Dispachers.
>
> Thanks again.
> By the way, do you known where the security manager is bound to ThreadContex ?
>
>
>
> 发自 网易邮箱大师 <http://u.163.com/signature>
> On 08/12/2016 00:12, Tomas Lund Petersen <mailto:[email protected]>
> wrote:
> Hi,
> Im not an expert but i wanted to give you a quick reply.
> I think its in the webFilter. But it depends of your configuration.
>
> take a look at http://shiro.apache.org/webapp-tutorial.html
> <http://shiro.apache.org/webapp-tutorial.html>
> you should have something like this in your web.xml
>
> 1b: Enable Shiro in web.xml
>
> While we have a shiro.ini configuration, we need to actually load it and
> start a new Shiro environment and make that environment available to the web
> application.
>
> We do all of this by adding a few things to the existing
> src/main/webapp/WEB-INF/web.xml file:
>
> <listener>
>
> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
> </listener>
>
> <filter>
> <filter-name>ShiroFilter</filter-name>
> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>ShiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>FORWARD</dispatcher>
> <dispatcher>INCLUDE</dispatcher>
> <dispatcher>ERROR</dispatcher>
> </filter-mapping>
>
> On Thu, Aug 11, 2016 at 12:19 PM, 张云 <[email protected]
> <mailto:[email protected]>> wrote:
> hi,all
> I use shiro with spring and configure ShiroFilterFactoryBean without any
> customized filters.
> I set the filterChainDefinition:
>
> /sys/menu = user
>
> When I access the url, I think it will redirect me to loginUrl. But he pass
> the request and throw the exception where SecurityUtils.getSubject is called.
>
> I step into the call, and find the exception is thrown by the
> ThreadContex.getSecurityManager.
>
> I want to know where the security manager is bound to ThreadContex? Or if I
> made a wrong configuration?
>
> Thx.
>
> 发自 网易邮箱大师 <http://u.163.com/signature>
>
>
>
>
