Apache Shiro Web应用过滤器

Shiro中一些默认的过滤器：

Filter Name

Class

anon

org.apache.shiro.web.filter.authc.AnonymousFilter

authc

org.apache.shiro.web.filter.authc.FormAuthenticationFilter

authcBasic

org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter

logout

org.apache.shiro.web.filter.authc.LogoutFilter

noSessionCreation

org.apache.shiro.web.filter.session.NoSessionCreationFilter

perms

org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter

port

org.apache.shiro.web.filter.authz.PortFilter

rest

org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter

roles

org.apache.shiro.web.filter.authz.RolesAuthorizationFilter

ssl

org.apache.shiro.web.filter.authz.SslFilter

user

org.apache.shiro.web.filter.authc.UserFilter

一般为所有的请求启用或禁用一个过滤器是通过设置其enabled 属性为true 或false。默认的设置是true， 因为 如果他们被配置在一个过滤器链中则本质上是需要执行的。禁用过滤器的例子如下：

[main]

…

# configure Shiro's default 'ssl' filter to be disabled while testing:

ssl.enabled = false

[urls]

…

/some/path = ssl, authc

/another/path = ssl, roles[admin]

…