Shiro No SecurityManager 可供调用代码访问

Posted

技术标签:

【中文标题】Shiro No SecurityManager 可供调用代码访问【英文标题】:Shiro No SecurityManager accessible to the calling code 【发布时间】:2019-11-02 19:42:23 【问题描述】:

我正在尝试集成 Spring Boot 和 Shiro。当我尝试在我的一个控制器中调用 SecurityUtils.getSubject() 时,发生了异常: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.

我只是按照一些教程和文档来配置 Shiro,这是我的 ShiroConfig 课程:

@Configuration
public class ShiroConfig 

    @Bean
    public Realm realm() 
        return new UserRealm();
    

    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() 
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName(PasswordEncoder.getALGORITHM()); 
        hashedCredentialsMatcher.setHashIterations(PasswordEncoder.getITERATION()); 
        return hashedCredentialsMatcher;
    

    @Bean
    public UserRealm shiroRealm() 
        UserRealm userRealm = new UserRealm();
        userRealm.setCredentialsMatcher(hashedCredentialsMatcher()); 
        return userRealm;
    

    @Bean
    public SessionsSecurityManager securityManager() 
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(shiroRealm());
        return securityManager;
    

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() 
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
        return defaultAdvisorAutoProxyCreator;
    

    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition() 
        DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
        definition.addPathDefinition("/login", "anon");
        definition.addPathDefinition("/register", "anon");
        definition.addPathDefinition("/api/**", "user");
        return definition;

这是导致异常的代码:

    @PostMapping("/login")
    @ResponseBody
    public Object login(@RequestParam("username") String username,
                        @RequestParam("password") String password) 
        if (username.equals("") || password.equals("")) 
            return "please provide complete information";
        
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        Subject subject = SecurityUtils.getSubject(); // this line caused exception
        ...

我对这个异常感到很困惑。有人可以帮忙吗?

编辑 我正在使用 Spring Boot 2.1.6.RELEASE 和 shiro-spring-boot-starter 1.4.0。

【问题讨论】:

你为什么使用 Shiro 而不是 Spring Security? 我组的前辈让我这样做哈哈@chrylis 可以分享使用教程的链接吗? 【参考方案1】:

您是否使用 shiro-spring-boot-web-starter 依赖项而不是 shiro-spring-boot-starter 依赖项?

根据此文档,Spring Boot Web 应用程序似乎需要这样做。

https://shiro.apache.org/spring-boot.html#Spring-WebApplications

【讨论】:

以上是关于Shiro No SecurityManager 可供调用代码访问的主要内容,如果未能解决你的问题,请参考以下文章

SpringBoot2整合Shiro报错 UnavailableSecurityManagerException: No SecurityManager accessible to the calli

No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadC

No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadC

No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadC

全栈编程系列SpringBoot整合Shiro(含KickoutSessionControlFilter并发在线人数控制以及不生效问题配置启动异常No SecurityManager...)(代码片段

[Shiro] tutorial 1 :SecurityManager and Subject