| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.spring.web; |
| |
| import org.apache.shiro.config.Ini; |
| import org.apache.shiro.mgt.SecurityManager; |
| import org.apache.shiro.util.CollectionUtils; |
| import org.apache.shiro.util.Nameable; |
| import org.apache.shiro.util.StringUtils; |
| import org.apache.shiro.web.config.IniFilterChainResolverFactory; |
| import org.apache.shiro.web.filter.AccessControlFilter; |
| import org.apache.shiro.web.filter.InvalidRequestFilter; |
| import org.apache.shiro.web.filter.authc.AuthenticationFilter; |
| import org.apache.shiro.web.filter.authz.AuthorizationFilter; |
| import org.apache.shiro.web.filter.mgt.DefaultFilter; |
| import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager; |
| import org.apache.shiro.web.filter.mgt.FilterChainManager; |
| import org.apache.shiro.web.filter.mgt.FilterChainResolver; |
| import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver; |
| import org.apache.shiro.web.mgt.WebSecurityManager; |
| import org.apache.shiro.web.servlet.AbstractShiroFilter; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| import org.springframework.beans.BeansException; |
| import org.springframework.beans.factory.BeanInitializationException; |
| import org.springframework.beans.factory.FactoryBean; |
| import org.springframework.beans.factory.config.BeanPostProcessor; |
| |
| import javax.servlet.Filter; |
| import java.util.ArrayList; |
| import java.util.LinkedHashMap; |
| import java.util.List; |
| import java.util.Map; |
| |
| /** |
| * {@link org.springframework.beans.factory.FactoryBean FactoryBean} to be used in Spring-based web applications for |
| * defining the master Shiro Filter. |
| * <h4>Usage</h4> |
| * Declare a DelegatingFilterProxy in {@code web.xml}, matching the filter name to the bean id: |
| * <pre> |
| * <filter> |
| * <filter-name><b>shiroFilter</b></filter-name> |
| * <filter-class>org.springframework.web.filter.DelegatingFilterProxy<filter-class> |
| * <init-param> |
| * <param-name>targetFilterLifecycle</param-name> |
| * <param-value>true</param-value> |
| * </init-param> |
| * </filter> |
| * </pre> |
| * Then, in your spring XML file that defines your web ApplicationContext: |
| * <pre> |
| * <bean id="<b>shiroFilter</b>" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> |
| * <property name="securityManager" ref="securityManager"/> |
| * <!-- other properties as necessary ... --> |
| * </bean> |
| * </pre> |
| * <h4>Filter Auto-Discovery</h4> |
| * While there is a {@link #setFilters(java.util.Map) filters} property that allows you to assign a filter beans |
| * to the 'pool' of filters available when defining {@link #setFilterChainDefinitions(String) filter chains}, it is |
| * optional. |
| * <p/> |
| * This implementation is also a {@link BeanPostProcessor} and will acquire |
| * any {@link javax.servlet.Filter Filter} beans defined independently in your Spring application context. Upon |
| * discovery, they will be automatically added to the {@link #setFilters(java.util.Map) map} keyed by the bean ID. |
| * That ID can then be used in the filter chain definitions, for example: |
| * |
| * <pre> |
| * <bean id="<b>myCustomFilter</b>" class="com.class.that.implements.javax.servlet.Filter"/> |
| * ... |
| * <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> |
| * ... |
| * <property name="filterChainDefinitions"> |
| * <value> |
| * /some/path/** = authc, <b>myCustomFilter</b> |
| * </value> |
| * </property> |
| * </bean> |
| * </pre> |
| * <h4>Global Property Values</h4> |
| * Most Shiro servlet Filter implementations exist for defining custom Filter |
| * {@link #setFilterChainDefinitions(String) chain definitions}. Most implementations subclass one of the |
| * {@link AccessControlFilter}, {@link AuthenticationFilter}, {@link AuthorizationFilter} classes to simplify things, |
| * and each of these 3 classes has configurable properties that are application-specific. |
| * <p/> |
| * A dilemma arises where, if you want to for example set the application's 'loginUrl' for any Filter, you don't want |
| * to have to manually specify that value for <em>each</em> filter instance definied. |
| * <p/> |
| * To prevent configuration duplication, this implementation provides the following properties to allow you |
| * to set relevant values in only one place: |
| * <ul> |
| * <li>{@link #setLoginUrl(String)}</li> |
| * <li>{@link #setSuccessUrl(String)}</li> |
| * <li>{@link #setUnauthorizedUrl(String)}</li> |
| * </ul> |
| * |
| * Then at startup, any values specified via these 3 properties will be applied to all configured |
| * Filter instances so you don't have to specify them individually on each filter instance. To ensure your own custom |
| * filters benefit from this convenience, your filter implementation should subclass one of the 3 mentioned |
| * earlier. |
| * |
| * @see org.springframework.web.filter.DelegatingFilterProxy DelegatingFilterProxy |
| * @since 1.0 |
| */ |
| public class ShiroFilterFactoryBean implements FactoryBean, BeanPostProcessor { |
| |
| private static transient final Logger log = LoggerFactory.getLogger(ShiroFilterFactoryBean.class); |
| |
| private SecurityManager securityManager; |
| |
| private Map<String, Filter> filters; |
| |
| private List<String> globalFilters; |
| |
| private Map<String, String> filterChainDefinitionMap; //urlPathExpression_to_comma-delimited-filter-chain-definition |
| |
| private String loginUrl; |
| private String successUrl; |
| private String unauthorizedUrl; |
| |
| private AbstractShiroFilter instance; |
| |
| public ShiroFilterFactoryBean() { |
| this.filters = new LinkedHashMap<String, Filter>(); |
| this.globalFilters = new ArrayList<>(); |
| this.globalFilters.add(DefaultFilter.invalidRequest.name()); |
| this.filterChainDefinitionMap = new LinkedHashMap<String, String>(); //order matters! |
| } |
| |
| /** |
| * Sets the application {@code SecurityManager} instance to be used by the constructed Shiro Filter. This is a |
| * required property - failure to set it will throw an initialization exception. |
| * |
| * @return the application {@code SecurityManager} instance to be used by the constructed Shiro Filter. |
| */ |
| public SecurityManager getSecurityManager() { |
| return securityManager; |
| } |
| |
| /** |
| * Sets the application {@code SecurityManager} instance to be used by the constructed Shiro Filter. This is a |
| * required property - failure to set it will throw an initialization exception. |
| * |
| * @param securityManager the application {@code SecurityManager} instance to be used by the constructed Shiro Filter. |
| */ |
| public void setSecurityManager(SecurityManager securityManager) { |
| this.securityManager = securityManager; |
| } |
| |
| /** |
| * Returns the application's login URL to be assigned to all acquired Filters that subclass |
| * {@link AccessControlFilter} or {@code null} if no value should be assigned globally. The default value |
| * is {@code null}. |
| * |
| * @return the application's login URL to be assigned to all acquired Filters that subclass |
| * {@link AccessControlFilter} or {@code null} if no value should be assigned globally. |
| * @see #setLoginUrl |
| */ |
| public String getLoginUrl() { |
| return loginUrl; |
| } |
| |
| /** |
| * Sets the application's login URL to be assigned to all acquired Filters that subclass |
| * {@link AccessControlFilter}. This is a convenience mechanism: for all configured {@link #setFilters filters}, |
| * as well for any default ones ({@code authc}, {@code user}, etc), this value will be passed on to each Filter |
| * via the {@link AccessControlFilter#setLoginUrl(String)} method<b>*</b>. This eliminates the need to |
| * configure the 'loginUrl' property manually on each filter instance, and instead that can be configured once |
| * via this attribute. |
| * <p/> |
| * <b>*</b>If a filter already has already been explicitly configured with a value, it will |
| * <em>not</em> receive this value. Individual filter configuration overrides this global convenience property. |
| * |
| * @param loginUrl the application's login URL to apply to as a convenience to all discovered |
| * {@link AccessControlFilter} instances. |
| * @see AccessControlFilter#setLoginUrl(String) |
| */ |
| public void setLoginUrl(String loginUrl) { |
| this.loginUrl = loginUrl; |
| } |
| |
| /** |
| * Returns the application's after-login success URL to be assigned to all acquired Filters that subclass |
| * {@link AuthenticationFilter} or {@code null} if no value should be assigned globally. The default value |
| * is {@code null}. |
| * |
| * @return the application's after-login success URL to be assigned to all acquired Filters that subclass |
| * {@link AuthenticationFilter} or {@code null} if no value should be assigned globally. |
| * @see #setSuccessUrl |
| */ |
| public String getSuccessUrl() { |
| return successUrl; |
| } |
| |
| /** |
| * Sets the application's after-login success URL to be assigned to all acquired Filters that subclass |
| * {@link AuthenticationFilter}. This is a convenience mechanism: for all configured {@link #setFilters filters}, |
| * as well for any default ones ({@code authc}, {@code user}, etc), this value will be passed on to each Filter |
| * via the {@link AuthenticationFilter#setSuccessUrl(String)} method<b>*</b>. This eliminates the need to |
| * configure the 'successUrl' property manually on each filter instance, and instead that can be configured once |
| * via this attribute. |
| * <p/> |
| * <b>*</b>If a filter already has already been explicitly configured with a value, it will |
| * <em>not</em> receive this value. Individual filter configuration overrides this global convenience property. |
| * |
| * @param successUrl the application's after-login success URL to apply to as a convenience to all discovered |
| * {@link AccessControlFilter} instances. |
| * @see AuthenticationFilter#setSuccessUrl(String) |
| */ |
| public void setSuccessUrl(String successUrl) { |
| this.successUrl = successUrl; |
| } |
| |
| /** |
| * Returns the application's after-login success URL to be assigned to all acquired Filters that subclass |
| * {@link AuthenticationFilter} or {@code null} if no value should be assigned globally. The default value |
| * is {@code null}. |
| * |
| * @return the application's after-login success URL to be assigned to all acquired Filters that subclass |
| * {@link AuthenticationFilter} or {@code null} if no value should be assigned globally. |
| * @see #setSuccessUrl |
| */ |
| public String getUnauthorizedUrl() { |
| return unauthorizedUrl; |
| } |
| |
| /** |
| * Sets the application's 'unauthorized' URL to be assigned to all acquired Filters that subclass |
| * {@link AuthorizationFilter}. This is a convenience mechanism: for all configured {@link #setFilters filters}, |
| * as well for any default ones ({@code roles}, {@code perms}, etc), this value will be passed on to each Filter |
| * via the {@link AuthorizationFilter#setUnauthorizedUrl(String)} method<b>*</b>. This eliminates the need to |
| * configure the 'unauthorizedUrl' property manually on each filter instance, and instead that can be configured once |
| * via this attribute. |
| * <p/> |
| * <b>*</b>If a filter already has already been explicitly configured with a value, it will |
| * <em>not</em> receive this value. Individual filter configuration overrides this global convenience property. |
| * |
| * @param unauthorizedUrl the application's 'unauthorized' URL to apply to as a convenience to all discovered |
| * {@link AuthorizationFilter} instances. |
| * @see AuthorizationFilter#setUnauthorizedUrl(String) |
| */ |
| public void setUnauthorizedUrl(String unauthorizedUrl) { |
| this.unauthorizedUrl = unauthorizedUrl; |
| } |
| |
| /** |
| * Returns the filterName-to-Filter map of filters available for reference when defining filter chain definitions. |
| * All filter chain definitions will reference filters by the names in this map (i.e. the keys). |
| * |
| * @return the filterName-to-Filter map of filters available for reference when defining filter chain definitions. |
| */ |
| public Map<String, Filter> getFilters() { |
| return filters; |
| } |
| |
| /** |
| * Sets the filterName-to-Filter map of filters available for reference when creating |
| * {@link #setFilterChainDefinitionMap(java.util.Map) filter chain definitions}. |
| * <p/> |
| * <b>Note:</b> This property is optional: this {@code FactoryBean} implementation will discover all beans in the |
| * web application context that implement the {@link Filter} interface and automatically add them to this filter |
| * map under their bean name. |
| * <p/> |
| * For example, just defining this bean in a web Spring XML application context: |
| * <pre> |
| * <bean id="myFilter" class="com.class.that.implements.javax.servlet.Filter"> |
| * ... |
| * </bean></pre> |
| * Will automatically place that bean into this Filters map under the key '<b>myFilter</b>'. |
| * |
| * @param filters the optional filterName-to-Filter map of filters available for reference when creating |
| * {@link #setFilterChainDefinitionMap (java.util.Map) filter chain definitions}. |
| */ |
| public void setFilters(Map<String, Filter> filters) { |
| this.filters = filters; |
| } |
| |
| /** |
| * Returns the chainName-to-chainDefinition map of chain definitions to use for creating filter chains intercepted |
| * by the Shiro Filter. Each map entry should conform to the format defined by the |
| * {@link FilterChainManager#createChain(String, String)} JavaDoc, where the map key is the chain name (e.g. URL |
| * path expression) and the map value is the comma-delimited string chain definition. |
| * |
| * @return he chainName-to-chainDefinition map of chain definitions to use for creating filter chains intercepted |
| * by the Shiro Filter. |
| */ |
| public Map<String, String> getFilterChainDefinitionMap() { |
| return filterChainDefinitionMap; |
| } |
| |
| /** |
| * Sets the chainName-to-chainDefinition map of chain definitions to use for creating filter chains intercepted |
| * by the Shiro Filter. Each map entry should conform to the format defined by the |
| * {@link FilterChainManager#createChain(String, String)} JavaDoc, where the map key is the chain name (e.g. URL |
| * path expression) and the map value is the comma-delimited string chain definition. |
| * |
| * @param filterChainDefinitionMap the chainName-to-chainDefinition map of chain definitions to use for creating |
| * filter chains intercepted by the Shiro Filter. |
| */ |
| public void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) { |
| this.filterChainDefinitionMap = filterChainDefinitionMap; |
| } |
| |
| /** |
| * A convenience method that sets the {@link #setFilterChainDefinitionMap(java.util.Map) filterChainDefinitionMap} |
| * property by accepting a {@link java.util.Properties Properties}-compatible string (multi-line key/value pairs). |
| * Each key/value pair must conform to the format defined by the |
| * {@link FilterChainManager#createChain(String,String)} JavaDoc - each property key is an ant URL |
| * path expression and the value is the comma-delimited chain definition. |
| * |
| * @param definitions a {@link java.util.Properties Properties}-compatible string (multi-line key/value pairs) |
| * where each key/value pair represents a single urlPathExpression-commaDelimitedChainDefinition. |
| */ |
| public void setFilterChainDefinitions(String definitions) { |
| Ini ini = new Ini(); |
| ini.load(definitions); |
| //did they explicitly state a 'urls' section? Not necessary, but just in case: |
| Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS); |
| if (CollectionUtils.isEmpty(section)) { |
| //no urls section. Since this _is_ a urls chain definition property, just assume the |
| //default section contains only the definitions: |
| section = ini.getSection(Ini.DEFAULT_SECTION_NAME); |
| } |
| setFilterChainDefinitionMap(section); |
| } |
| |
| /** |
| * Sets the list of filters that will be executed against every request. Defaults to the {@link InvalidRequestFilter} which will block known invalid request attacks. |
| * @param globalFilters the list of filters to execute before specific path filters. |
| */ |
| public void setGlobalFilters(List<String> globalFilters) { |
| this.globalFilters = globalFilters; |
| } |
| |
| /** |
| * Lazily creates and returns a {@link AbstractShiroFilter} concrete instance via the |
| * {@link #createInstance} method. |
| * |
| * @return the application's Shiro Filter instance used to filter incoming web requests. |
| * @throws Exception if there is a problem creating the {@code Filter} instance. |
| */ |
| public Object getObject() throws Exception { |
| if (instance == null) { |
| instance = createInstance(); |
| } |
| return instance; |
| } |
| |
| /** |
| * Returns <code>{@link org.apache.shiro.web.servlet.AbstractShiroFilter}.class</code> |
| * |
| * @return <code>{@link org.apache.shiro.web.servlet.AbstractShiroFilter}.class</code> |
| */ |
| public Class getObjectType() { |
| return SpringShiroFilter.class; |
| } |
| |
| /** |
| * Returns {@code true} always. There is almost always only ever 1 Shiro {@code Filter} per web application. |
| * |
| * @return {@code true} always. There is almost always only ever 1 Shiro {@code Filter} per web application. |
| */ |
| public boolean isSingleton() { |
| return true; |
| } |
| |
| protected FilterChainManager createFilterChainManager() { |
| |
| DefaultFilterChainManager manager = new DefaultFilterChainManager(); |
| Map<String, Filter> defaultFilters = manager.getFilters(); |
| //apply global settings if necessary: |
| for (Filter filter : defaultFilters.values()) { |
| applyGlobalPropertiesIfNecessary(filter); |
| } |
| |
| //Apply the acquired and/or configured filters: |
| Map<String, Filter> filters = getFilters(); |
| if (!CollectionUtils.isEmpty(filters)) { |
| for (Map.Entry<String, Filter> entry : filters.entrySet()) { |
| String name = entry.getKey(); |
| Filter filter = entry.getValue(); |
| applyGlobalPropertiesIfNecessary(filter); |
| if (filter instanceof Nameable) { |
| ((Nameable) filter).setName(name); |
| } |
| //'init' argument is false, since Spring-configured filters should be initialized |
| //in Spring (i.e. 'init-method=blah') or implement InitializingBean: |
| manager.addFilter(name, filter, false); |
| } |
| } |
| |
| // set the global filters |
| manager.setGlobalFilters(this.globalFilters); |
| |
| //build up the chains: |
| Map<String, String> chains = getFilterChainDefinitionMap(); |
| if (!CollectionUtils.isEmpty(chains)) { |
| for (Map.Entry<String, String> entry : chains.entrySet()) { |
| String url = entry.getKey(); |
| String chainDefinition = entry.getValue(); |
| manager.createChain(url, chainDefinition); |
| } |
| } |
| |
| // create the default chain, to match anything the path matching would have missed |
| manager.createDefaultChain("/**"); // TODO this assumes ANT path matching, which might be OK here |
| |
| return manager; |
| } |
| |
| /** |
| * This implementation: |
| * <ol> |
| * <li>Ensures the required {@link #setSecurityManager(org.apache.shiro.mgt.SecurityManager) securityManager} |
| * property has been set</li> |
| * <li>{@link #createFilterChainManager() Creates} a {@link FilterChainManager} instance that reflects the |
| * configured {@link #setFilters(java.util.Map) filters} and |
| * {@link #setFilterChainDefinitionMap(java.util.Map) filter chain definitions}</li> |
| * <li>Wraps the FilterChainManager with a suitable |
| * {@link org.apache.shiro.web.filter.mgt.FilterChainResolver FilterChainResolver} since the Shiro Filter |
| * implementations do not know of {@code FilterChainManager}s</li> |
| * <li>Sets both the {@code SecurityManager} and {@code FilterChainResolver} instances on a new Shiro Filter |
| * instance and returns that filter instance.</li> |
| * </ol> |
| * |
| * @return a new Shiro Filter reflecting any configured filters and filter chain definitions. |
| * @throws Exception if there is a problem creating the AbstractShiroFilter instance. |
| */ |
| protected AbstractShiroFilter createInstance() throws Exception { |
| |
| log.debug("Creating Shiro Filter instance."); |
| |
| SecurityManager securityManager = getSecurityManager(); |
| if (securityManager == null) { |
| String msg = "SecurityManager property must be set."; |
| throw new BeanInitializationException(msg); |
| } |
| |
| if (!(securityManager instanceof WebSecurityManager)) { |
| String msg = "The security manager does not implement the WebSecurityManager interface."; |
| throw new BeanInitializationException(msg); |
| } |
| |
| FilterChainManager manager = createFilterChainManager(); |
| |
| //Expose the constructed FilterChainManager by first wrapping it in a |
| // FilterChainResolver implementation. The AbstractShiroFilter implementations |
| // do not know about FilterChainManagers - only resolvers: |
| PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver(); |
| chainResolver.setFilterChainManager(manager); |
| |
| //Now create a concrete ShiroFilter instance and apply the acquired SecurityManager and built |
| //FilterChainResolver. It doesn't matter that the instance is an anonymous inner class |
| //here - we're just using it because it is a concrete AbstractShiroFilter instance that accepts |
| //injection of the SecurityManager and FilterChainResolver: |
| return new SpringShiroFilter((WebSecurityManager) securityManager, chainResolver); |
| } |
| |
| private void applyLoginUrlIfNecessary(Filter filter) { |
| String loginUrl = getLoginUrl(); |
| if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { |
| AccessControlFilter acFilter = (AccessControlFilter) filter; |
| //only apply the login url if they haven't explicitly configured one already: |
| String existingLoginUrl = acFilter.getLoginUrl(); |
| if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { |
| acFilter.setLoginUrl(loginUrl); |
| } |
| } |
| } |
| |
| private void applySuccessUrlIfNecessary(Filter filter) { |
| String successUrl = getSuccessUrl(); |
| if (StringUtils.hasText(successUrl) && (filter instanceof AuthenticationFilter)) { |
| AuthenticationFilter authcFilter = (AuthenticationFilter) filter; |
| //only apply the successUrl if they haven't explicitly configured one already: |
| String existingSuccessUrl = authcFilter.getSuccessUrl(); |
| if (AuthenticationFilter.DEFAULT_SUCCESS_URL.equals(existingSuccessUrl)) { |
| authcFilter.setSuccessUrl(successUrl); |
| } |
| } |
| } |
| |
| private void applyUnauthorizedUrlIfNecessary(Filter filter) { |
| String unauthorizedUrl = getUnauthorizedUrl(); |
| if (StringUtils.hasText(unauthorizedUrl) && (filter instanceof AuthorizationFilter)) { |
| AuthorizationFilter authzFilter = (AuthorizationFilter) filter; |
| //only apply the unauthorizedUrl if they haven't explicitly configured one already: |
| String existingUnauthorizedUrl = authzFilter.getUnauthorizedUrl(); |
| if (existingUnauthorizedUrl == null) { |
| authzFilter.setUnauthorizedUrl(unauthorizedUrl); |
| } |
| } |
| } |
| |
| private void applyGlobalPropertiesIfNecessary(Filter filter) { |
| applyLoginUrlIfNecessary(filter); |
| applySuccessUrlIfNecessary(filter); |
| applyUnauthorizedUrlIfNecessary(filter); |
| } |
| |
| /** |
| * Inspects a bean, and if it implements the {@link Filter} interface, automatically adds that filter |
| * instance to the internal {@link #setFilters(java.util.Map) filters map} that will be referenced |
| * later during filter chain construction. |
| */ |
| public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { |
| if (bean instanceof Filter) { |
| log.debug("Found filter chain candidate filter '{}'", beanName); |
| Filter filter = (Filter) bean; |
| applyGlobalPropertiesIfNecessary(filter); |
| getFilters().put(beanName, filter); |
| } else { |
| log.trace("Ignoring non-Filter bean '{}'", beanName); |
| } |
| return bean; |
| } |
| |
| /** |
| * Does nothing - only exists to satisfy the BeanPostProcessor interface and immediately returns the |
| * {@code bean} argument. |
| */ |
| public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { |
| return bean; |
| } |
| |
| /** |
| * Ordinarily the {@code AbstractShiroFilter} must be subclassed to additionally perform configuration |
| * and initialization behavior. Because this {@code FactoryBean} implementation manually builds the |
| * {@link AbstractShiroFilter}'s |
| * {@link AbstractShiroFilter#setSecurityManager(org.apache.shiro.web.mgt.WebSecurityManager) securityManager} and |
| * {@link AbstractShiroFilter#setFilterChainResolver(org.apache.shiro.web.filter.mgt.FilterChainResolver) filterChainResolver} |
| * properties, the only thing left to do is set those properties explicitly. We do that in a simple |
| * concrete subclass in the constructor. |
| */ |
| private static final class SpringShiroFilter extends AbstractShiroFilter { |
| |
| protected SpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) { |
| super(); |
| if (webSecurityManager == null) { |
| throw new IllegalArgumentException("WebSecurityManager property cannot be null."); |
| } |
| setSecurityManager(webSecurityManager); |
| |
| if (resolver != null) { |
| setFilterChainResolver(resolver); |
| } |
| } |
| } |
| } |