The problem of shiro Custom filter intercepting restful style

premise

now do a separate front and rear application, use shiro as permission control in the background, use jwt instead of session"s stateless web application, customize a shiro filter.url with restful style. All interfaces url begin with / api . I want all url, starting with / api to go to my custom filter.

if they need authentication.

question

now I have four rul:

  1. / api/user/1 -- GET
  2. / api/user -- POST
  3. / api/user -- PATCH
  4. / api/user -- PUT

now I just want to control the permissions of the POST method. I don"t know how to control the filter,shiro that I customized.

the configuration of my custom filter in shiro.xml is as follows: 


        <value>
            /api/**=jwt
            /**=anon
        </value>
    </property>
</bean>

I just thought about not configuring / api/**=jwt , and then adding @ RequiresAuthentication to the method, but in this way, that method does not follow my JWTFilter , how to make the url that needs authentication follow my custom filter, how to configure and solve. Thank you.

Jwt restful shiro spring-mvc
Mar.22,2021

I also encountered this problem. I was thinking that all external api interfaces should provide an account and password for verification. How do I do this? It is in the custom JWTFilter to verify whether the account password is correct, isn't it? Is it convenient and simple to take a look at two lines of code?
follow-up question: which filter?? of shiro do you inherit from the custom JWTFilter?

you can take a look at this https://github.com/Smith-Crui.

follow the tips of tomsun28/bootshiro here to read his article: 's shiro-based transformation integration really supports restful requests

.
  1. overrides the getChain method of PathMatchingFilterChainResolver : 
  the transformation integration based on shiro really supports restful requests  and rewrites the  pathsMatch  method of  RestPathMatchingFilter . In his article, this class is mainly used for authorization of  BJwtFilter  inheritance. For the time being, I only use authentication, so I don't have an in-depth understanding yet. 
 the above has been able to solve the authorization problem of different httpMethod requests in the same url. If there are any problems, please point out 
.

Previous: How do you loop through an asynchronous method in nodejs?

Next: Why does this rule not match the following string?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b30ad9-2bd2d.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b30ad9-2bd2d.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?