123456789101112131415161718192021222324 |
- package com.yaozhitech.spring5.config;
- import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
- import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- @Configuration
- public class RoleResourceConfiguration {
- // @Bean
- public ShiroFilterChainDefinition shiroFilterChainDefinition() {
- DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
- // chainDefinition.addPathDefinition("/login", "noSessionCreation,anon"); //login不做认证,noSessionCreation的作用是用户在操作session时会抛异常
- // chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证,permissive参数的作用是当token无效时也允许请求访问,不会返回鉴权未通过的错误
- // chainDefinition.addPathDefinition("/image/**", "anon");
- chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken,anyRole[admin,manager]"); // 只允许admin或manager角色的用户访问
- chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
- chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
- chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
- return chainDefinition;
- }
- }
|