New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
敏感资源如果没有携带TOKEN #63
Comments
这和URL配置还是注解配置没有关系。敏感资源不带token照样不能访问。URL配置和注解配置只是两种不同的配置方式而已,这两种配置方式最后都能拦截转发到JWTFilter处理。 |
@GeXyu 哥们 有解决方案了吗 |
https://github.com/Smith-Cruise/Spring-Boot-Shiro/blob/master/src/main/java/org/inlighting/shiro/JWTFilter.java protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (isLoginAttempt(request, response)) {
try {
executeLogin(request, response);
} catch (Exception e) {
response401(request, response);
}
}
return true;
} |
在url如果配置了该过滤器 ,说明是需要进行Token校验的,所以必须携带token,如果没有携带则认为无效请求,如果想匿名访问,则配置anno过滤器 //必须登录且具有admin角色
filterRuleMap.put("/**", "jwt,roles[admin]");
//必须登录
filterRuleMap.put("/**", "jwt");
//匿名访问
filterRuleMap.put("/login", "anon"); |
通过URL方式配置,敏感资源如果没有携带TOKEN,是不是就能访问了呢? 因为isAccessAllowed方法没有携带则直接通过了
或者说,这种方式只适用于注解的形式?URL配置只是为了拦截并转发到JWTFilter处理。
The text was updated successfully, but these errors were encountered: