The problem of shiro Custom filter intercepting restful style

premise

now do a separate front and rear application, use shiro as permission control in the background, use jwt instead of session"s stateless web application, customize a shiro filter.url with restful style. All interfaces url begin with / api . I want all url, starting with / api to go to my custom filter.

if they need authentication.

question

now I have four rul:

  1. / api/user/1 -- GET
  2. / api/user -- POST
  3. / api/user -- PATCH
  4. / api/user -- PUT

now I just want to control the permissions of the POST method. I don"t know how to control the filter,shiro that I customized.

the configuration of my custom filter in shiro.xml is as follows:


        <value>
            /api/**=jwt
            /**=anon
        </value>
    </property>
</bean>

I just thought about not configuring / api/**=jwt , and then adding @ RequiresAuthentication to the method, but in this way, that method does not follow my JWTFilter , how to make the url that needs authentication follow my custom filter, how to configure and solve. Thank you.

Mar.22,2021

I also encountered this problem. I was thinking that all external api interfaces should provide an account and password for verification. How do I do this? It is in the custom JWTFilter to verify whether the account password is correct, isn't it? Is it convenient and simple to take a look at two lines of code?
follow-up question: which filter?? of shiro do you inherit from the custom JWTFilter?


you can take a look at this https://github.com/Smith-Crui.


follow the tips of tomsun28/bootshiro here to read his article: 's shiro-based transformation integration really supports restful requests

.
  1. overrides the getChain method of PathMatchingFilterChainResolver :
  the transformation integration based on shiro really supports restful requests  and rewrites the  pathsMatch  method of  RestPathMatchingFilter . In his article, this class is mainly used for authorization of  BJwtFilter  inheritance. For the time being, I only use authentication, so I don't have an in-depth understanding yet. 
the above has been able to solve the authorization problem of different httpMethod requests in the same url. If there are any problems, please point out

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b30ad9-2bd2d.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b30ad9-2bd2d.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?