O great god answers, mentality has collapsed,,,
Before and after the separation, consolidation springBoot Shiro, if you use your browser's address bar to access interface can be normal authentication and authorization, but if use Ajax login (after the doLogin interface) to access other interface, can jump directly to the login page (toLogin interface), and has not authorized in the middle,

Set the blocking rule is: in addition to the login interface requires certification

How to do, really don't know where there are problems

 @ Bean 
Public ShiroFilterFactoryBean ShiroFilterFactoryBean (SecurityManager SecurityManager) {
ShiroFilterFactoryBean ShiroFilterFactoryBean=new ShiroFilterFactoryBean (); 
ShiroFilterFactoryBean. SetSecurityManager (securityManager); 
The info (" -- -- -- -- -- -- -- -- Shiro interceptor factory class into success "); 
//add Shiro built-in filters 
/* 
* common filter: 
* anon: without certification (login) can access 
* authc: must certification can access 
* user: if you use rememberMe function can access 
* perms: the resource must obtain permission to visit 
* roles: the resource must be role can access authorization 
* */
Map The map=new LinkedHashMap<> (a); 
Map. The put ("/loginController/the doLogin ", "-anon"); 
The map. The put ("/* * ", "authc"); 

ShiroFilterFactoryBean. SetLoginUrl ("/loginController toLogin "); 
ShiroFilterFactoryBean. SetFilterChainDefinitionMap (map); 
Return shiroFilterFactoryBean; 
} 

CodePudding user response:

The end user and API should not be in the same way of landing?