shiro.xml配置文件
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/web/signon/unauthenticated" />
<property name="filterChainDefinitions">
<value>
/web/signon/**=anon
/web/security/**=anon
/web/monitor/**=anon
/**=user
</value>
</property>
</bean>
复制代码所有请求都会根据filter进行过滤,入口为org.apache.shiro.web.servlet.AbstractShiroFilter#doFilterInternal
配置文件中配置了 /**=user 表示使用UserFilter过滤器org.apache.shiro.web.filter.authc.UserFilter#isAccessAllowed