Apache Shiro Web应用过滤器
Shiro中一些默认的过滤器:
Filter Name
Class
anon
org.apache.shiro.web.filter.authc.AnonymousFilter
authc
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic
org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout
org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation
org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms
org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port
org.apache.shiro.web.filter.authz.PortFilter
rest
org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles
org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl
org.apache.shiro.web.filter.authz.SslFilter
user
org.apache.shiro.web.filter.authc.UserFilter
一般为所有的请求启用或禁用一个过滤器是通过设置其enabled 属性为true 或false。默认的设置是true, 因为 如果他们被配置在一个过滤器链中则本质上是需要执行的。禁用过滤器的例子如下:
[main]
…
# configure Shiro's default 'ssl' filter to be disabled while testing:
ssl.enabled = false
[urls]
…
/some/path = ssl, authc
/another/path = ssl, roles[admin]
…
