2. 程式人生 > >Shiro 整合 No SecurityManager accessible to the calling code....

Shiro 整合 No SecurityManager accessible to the calling code....

阿新 發佈:2019-01-12

重寫AccessControlFilter的時候一直報下面這個錯誤,

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
    at org.apache.shiro.SecurityUtils
 
.getSecurityManager(SecurityUtils.java:123) ~[shiro-core-1.4.0.jar:1.4.0]
    at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[shiro-core-1.4.0.jar:1.4.0]
    at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[shiro-core-1.4.0.jar:1.4.0]
    at com.test.shiro
 
.filter.MyAccessControlFilter.onAccessDenied(MyAccessControlFilter.java:70) ~[classes/:na]

程式碼:

package com.test.shiro.filter;

import com.test.shiro.service.TokenService;
//import com.test.shiro.shiro.MyUsernamePasswordToken;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import
 
 org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author Created by pangkunkun on 2017/11/18.
 */
@Component
public class MyAccessControlFilter extends AccessControlFilter {

    private static final Logger log= LoggerFactory.getLogger(MyAccessControlFilter.class);


    /**
     *
     * 如果isAccessAllowed返回true則onAccessDenied方法不會繼續執行
     * 這裡可以用來判斷一些不被通過的連結(個人備註)
     * */
    @Override
    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object object) throws Exception{
        return false;
    }

    /**
     * 表示當訪問拒絕時是否已經處理了;如果返回true表示需要繼續處理;如果返回false表示該攔截器例項已經處理了,將直接返回即可。
     * onAccessDenied是否執行取決於isAccessAllowed的值,如果返回true則onAccessDenied不會執行;如果返回false,執行onAccessDenied
     * 如果onAccessDenied也返回false,則直接返回,不會進入請求的方法(只有isAccessAllowed和onAccessDenied的情況下)
     * */
    @Override
    public boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{
        System.out.println("onAccessDenied");
        UsernamePasswordToken token1=new UsernamePasswordToken("admin","admin");
        Subject subject= SecurityUtils.getSubject();
        try {
            subject.login(token1);
//            subject.isPermitted("add");
            log.info("subject.hasRole(\"user\");"+subject.hasRole("user"));
        }catch (Exception e){
            log.info("登陸失敗");
            log.info(e.getMessage());
            onLoginFail(response);
            return false;
        }
        log.info("登陸成功");
        return true;
    }

    /**
     * 登入失敗
     * */
    private void onLoginFail(ServletResponse response) throws IOException {
        log.info("設定返回");
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
//        httpResponse.getWriter().write("login error");
    }

    /**
     * TODO 跨域請求
     */
    private void dealCrossDomain(){

    }
}

查了好多資料感覺都不符合我的問題,後來仔細看異常,有一處This is an invalid application configuration.
這時想到了上面有個@Component註解,這個註解本來想做其它處理的,後來用不到了。將此註解去掉後重新執行OK了。

問題思考,Shiro中的filter是在專案本身的Filter鏈執行之前載入的,所以感覺這個標籤的存在讓它沒有被正常載入進Shiro的配置中,或者被註冊成了Spring的bean,無法被Shiro使用。

相關推薦

Shiro 整合 No SecurityManager accessible to the calling code....

重寫AccessControlFilter的時候一直報下面這個錯誤, org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the call

shiro報錯:No SecurityManager accessible to the calling code

報錯資訊: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code,either bound to the org.ap

fastjson No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.uti

1、異常 No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singlet

SpringMVC配置錯誤頁後, Shiro報錯No SecurityManager accessible to the calling code...

Root Cause: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either boun

junit整合maven。 No SecurityManager accessible to the calling code, either bound to the org.apache.shir

啟動JUNIT,檢查到缺少SecurityManager。 需要在shiro.xml中加入 <bean class="org.springframework.beans.factory.conf

Shiro報錯No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.

問題描述: 專案使用 SpringMVC 並使用 Shiro 來管理Session控制權限。 經常會不定期的發現異常: org.apache.shiro.UnavailableSecurityManagerException: No SecurityM

Shiro 報錯 No SecurityManager accessible(彙總)

序 在寫這篇文章之前,想了好長時間的題目該寫什麼,最後考慮到寫這篇文章的目的,也就沒有再起什麼花哨的主題,而是找了這麼一個簡單粗暴有效的題目,方便有同樣問題的童鞋們搜尋。 背景 一如往昔,在談這個問題之前,首先說說問題的背景所在。這個問題是前幾天遇到的事,最近設計部給提

shiro報錯No SecurityManager accessible

  在使用shiro的過程中報錯org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code,either bound to th

Selenium: either the element is no longer attached to the DOM, it is not in the curren

either the element is no longer attached to the DOM, it is not in the curren 元素不再附加到DOM 解決方法 每次都重新尋找xpath,並且加上延時 while n < 30 :

ansible Failed to connect to the host via ssh: no such identity: /root/.ssh/id_rsa.bak

選項 failed id_rsa 發現 文件 hang 創建 conf nec 中控機和遠端主機配置完密鑰後,在中控臺上通過ansible檢測聯通性 ansible -i inventory.cfg all -m ping 10.1.1.1 | UNREACHABLE!

測試錯誤ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.問題的解決

sin ces level initial prope 系統 找到 default The ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging

沒有生產者 Failed to check the status of the service org.java.service.HotelService. No provider available for the service

ble 1.0 防火墻 stat 設定 火墻 xml文件 tro 問題 經過反復查找原因終於鎖定了生產者XML文件中的version="1.0" 教訓:如果生產者設定了服務的版本,消費者一定要提供相應的版本號(或空或寫入對應的版本號) 如果有朋友不是這個問題,建議看看防

完美解決 No IDEA annotations attached to the JDK 1.8 (C:\Program Files\Android\Android Studio\jre)

問題背景 今天上午開啟AS後突然發現所有xml介面無法預覽,開啟class檔案也發現從頭到尾全是錯誤,在class檔案介面上方提示No IDEA annotations attached to the JDK 1.8 (C:\Program Files\Android\Android

webpack又報錯:BREAKING CHANGE: It's no longer allowed to omit the '-loader' suffix when using loaders.

完整錯誤資訊如下: ERROR in multi ./app/js/index.js Module not found: Error: Can't resolve 'babel' in 'E:\work

'There is no God': Stephen Hawking's final book reveals his answers to the 'big questions'

With the publication of his final book, Professor Stephen Hawking has revealed his answers to 10 'fundamental questions' he was constantly being asked. Now

Ambari學習10_ambari安裝過程Registration with the server failed和[Errno 256] No more mirrors to try

今天重新安裝ambari過程中,遇到了幾個問題,耗費了我很長時間,在此記錄一下 ambari重新安裝可參考我之前的一篇隨筆 http://www.cnblogs.com/6tian/p/4097401.html 遇到的問題一: 此問題是在安裝第二步,註冊主機時遇

SpringBoot2.x整合Spring Security5,登陸報錯:There is no PasswordEncoder mapped for the id "null"

解決: 在繼承了WebSecurityConfigurerAdapter的自定義類SecurityConfig上新增一個BCryptPasswordEncoder型別的PasswordEncoder 元件: @EnableWebSecurity //@EnableWeb

dubbo異常:Failed to check the status of the service . No provider available for the service 解決

dubbo配置的時候需要一個註冊中心 這個註冊中心主要起的作用為服務做配置 每當一個服務生產者去註冊服務時候 會把這個生產者的ip跟埠號丟上去註冊中心 而服務的消費方就會從註冊中心拿到服務的ip跟埠號 放在本地檔案中 底層呼叫netty訪問服務 昨天跟同事一塊調程式 他開服

mysql workbench 錯誤 No database selected Select the default DB to be used by double-clicking its nam

mysql workbench 錯誤  Error Code: 1046. No database selected Select the default DB to be used by doubl

SpringBoot2.x整合Security5(完美解決 There is no PasswordEncoder mapped for the id "null")

問題描述 以前做過一次SpringBoot整合Security的專案,但最近重新嘗試SpringBoot整合Security的專案時卻碰到了問題 java.lang.IllegalArgumentException: There is no PasswordEn