問題描述

我想實現shiro rememberMe之后，再次訪問后自動登錄并把一些用戶信息再存入session

我現在是按照http://blog.csdn.net/Q_AN1314...這篇文章，寫了一個過濾器，但是在過濾器里獲取subject時出現錯誤

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.

這是過濾器

public class AddPrincipalToSessionFilter extends OncePerRequestFilter { @Resource private ManagerService managerService; @Override protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {Subject subject = SecurityUtils.getSubject();if (subject.isRemembered()) { String principal = (String) subject.getPrincipal(); Manager manager = managerService.queryManager(principal); //將用戶信息存入session ContextHelper.saveLoginUserInfoToSeesion(manager);}filterChain.doFilter(servletRequest, servletResponse); }}

這是shiroFilter

@Bean @Autowired public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();// 必須設置 SecurityManagershiroFilterFactoryBean.setSecurityManager(securityManager);Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();//獲取filtersfilters.put('authc', new CustomFormAuthenticationFilter());//驗證碼過濾器filters.put('addPrincipal', addPrincipalToSessionFilter());//rememberMe存session過濾器//攔截器.Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();//配置退出過濾器,其中的具體的退出代碼Shiro已經替我們實現了filterChainDefinitionMap.put('/logout', 'logout');filterChainDefinitionMap.put('/favicon.ico', 'anon');filterChainDefinitionMap.put('/js/**', 'anon');filterChainDefinitionMap.put('/css/**', 'anon');filterChainDefinitionMap.put('/img/**', 'anon');filterChainDefinitionMap.put('/fonts/**', 'anon');filterChainDefinitionMap.put('/icons/**', 'anon');filterChainDefinitionMap.put('/error/**', 'anon');filterChainDefinitionMap.put('/validateCode', 'anon');//配置記住我或認證通過可以訪問的地址filterChainDefinitionMap.put('/', 'addPrincipal,user');filterChainDefinitionMap.put('/index', 'addPrincipal,user');filterChainDefinitionMap.put('/index.html', 'addPrincipal,user');//<!-- 過濾鏈定義，從上向下順序執行，一般將 /**放在最為下邊//<!-- authc:所有url都必須認證通過才可以訪問; anon:所有url都都可以匿名訪問-->filterChainDefinitionMap.put('/**', 'authc');shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);// 如果不設置默認會自動尋找Web工程根目錄下的'/login.jsp'頁面shiroFilterFactoryBean.setLoginUrl('/login.html');// 登錄成功后要跳轉的鏈接shiroFilterFactoryBean.setSuccessUrl('/index.html');// 未授權要跳轉的鏈接shiroFilterFactoryBean.setUnauthorizedUrl('/error/403');return shiroFilterFactoryBean; }}

請問一下大家這是怎么回事？或者大家有什么更好的實現方法請指教一下

問題解答

已解決 1.這個bean的注入一定要在shiroFilter下面

@Beanpublic AddPrincipalToSessionFilter addPrincipalToSessionFilter(){ return new AddPrincipalToSessionFilter();}

2.user要寫在addPrincipal前面 filterChainDefinitionMap.put('/', 'user,addPrincipal');