Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-879

spring boot errorPageFilter is not eligible for getting processed by all BeanPostProcessors

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.9.0
    • None
    • Configuration
    • None
    • spring boot 2.6.6
      standalone apache-tomcat-9.0.62

    Description

      Integration with spring boot 2.6.6, Deployed in standalone Tomcat.

      Inject Bean Map<String, Filter> filterMap, initialize errorPageFilter is too early, when build Bean ShiroFilterFactoryBean. Cause BasicErrorController injection failure,  unable to add default error handling path /error. 

      The reason is that ErrorPageFilter is not processed by ErrorPageRegistrarBeanPostProcessor.

      Fix it like this:

      change class AbstractShiroWebFilterConfiguration

      @Autowired(required = false)
protected Map<String, Filter> filterMap;

      to 

      @Autowired(required = false)
@Qualifier("shiroFilters")
protected Map<String, Filter> filterMap;

       It's just that we need to qualify name as shiroFilters  in custom filters.

      @Bean
public Map<String, Filter> shiroFilters(AuthorizationManager authorizationProvider) {
   Map<String, Filter> filters = new HashMap<>();
   filters.put("authc", new CaptchaFormAuthenticationFilter());
   filters.put("perms", new UrlAuthorizationFilter(authorizationProvider));
    return filters;
}

       At present, I give up using ShiroWebFilterConfiguration and configure ShiroFilterFactoryBean separately.

       The complete configuration is as follows :

      @Configuration
@ConditionalOnProperty(name = "shiro.web.enabled", matchIfMissing = true)
public class ShiroWebFilterConfiguration {
    
    @Autowired
    protected SecurityManager securityManager;
    @Autowired
    protected ShiroFilterChainDefinition shiroFilterChainDefinition;
    @Autowired(required = false)
    @Qualifier("shiroFilters")
    protected Map<String, Filter> filterMap;
    @Value("#{ @environment['shiro.loginUrl'] ?: '/login.jsp' }")
    protected String loginUrl;
    @Value("#{ @environment['shiro.successUrl'] ?: '/' }")
    protected String successUrl;
    @Value("#{ @environment['shiro.unauthorizedUrl'] ?: null }")
    protected String unauthorizedUrl;
    protected List<String> globalFilters() {
        return Collections.singletonList(DefaultFilter.invalidRequest.name());
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean() {
        ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
        filterFactoryBean.setLoginUrl(loginUrl);
        filterFactoryBean.setSuccessUrl(successUrl);
        filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
        filterFactoryBean.setSecurityManager(securityManager);
        filterFactoryBean.setGlobalFilters(globalFilters());
        filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
        filterFactoryBean.setFilters(filterMap);
        return filterFactoryBean;
    }

       

      However, using embedded Tomcat will not cause this problem

      Attachments

        1. Original log .png
          158 kB
          kretz kuang
        2. Original debugger.png
          60 kB
          kretz kuang
        3. Original error page.png
          13 kB
          kretz kuang
        4. fixed error page.png
          15 kB
          kretz kuang
        5. fixed debugger.png
          53 kB
          kretz kuang
        6. fixed log.png
          101 kB
          kretz kuang

        Activity

          People

            Unassigned Unassigned
            kretz kretz kuang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: