Blog reprint: http://blog.csdn.net/userrefister/article/details/47807075
/**
* Shiro-1.2.2 built-in FilterChain
* @see =========================================================================================================
* @see 1) When Shiro verifies the URL, if the URL matches successfully, it will not continue to match and search (so pay attention to the URL order in the configuration file, especially when using wildcards)
* @see Therefore, the configuration order of filterChainDefinitions is from top to bottom, whichever is the top
* @see 2) When running a web application, Shiro will create some useful default Filter instances and automatically make them available in the [main] item
* @see The default Filter instance that is automatically available is defined by the DefaultFilter enumeration class, and the name field of the enumeration is the name that can be configured
* @see anon---------------org.apache.shiro.web.filter.authc.AnonymousFilter
* @see authc--------------org.apache.shiro.web.filter.authc.FormAuthenticationFilter
* @see authcBasic---------org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
* @see logout-------------org.apache.shiro.web.filter.authc.LogoutFilter
* @see noSessionCreation--org.apache.shiro.web.filter.session.NoSessionCreationFilter
* @see perms--------------org.apache.shiro.web.filter.authz.PermissionAuthorizationFilter
* portsee port --------------- org.apache.shiro.web.filter.authz.PortFilter
* @see rest---------------org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
* @see roles--------------org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
* @see ssl----------------org.apache.shiro.web.filter.authz.SslFilter
*@see user---------------org.apache.shiro.web.filter.authz.UserFilter
* @see =========================================================================================================
* @see 3) These filters can generally be divided into two groups
* @see anon,authc,authcBasic,user is the first set of authentication filters
* @see perms,port,rest,roles,ssl are the second set of authorization filters
* @see Note that user and authc are different: when rememberMe is enabled in the application, the user can be a user next time they visit, but it will never be authc, because authc needs to be re-authenticated
* @see user means that the user is not necessarily authenticated, as long as the user who has been remembered by Shiro's login status can initiate a request normally, such as rememberMe
* @see To put it bluntly, a previous user turned on rememberMe when he logged in, and then he closed the browser. The next time he visits, he will be a user without authc
* @see ==========================================================================================================
* @see 4) to give some examples
* @see /admin=authc,roles[admin] means that the user must be authenticated and have the admin role to initiate a '/admin' request normally
* @see /edit=authc,perms[admin:edit] Indicates that the user must be authenticated and have the admin:edit permission to initiate the '/edit' request normally
* @see /home=user Indicates that the user does not necessarily need to have been authenticated, as long as the login status has been remembered by Shiro, the '/home' request can be initiated normally
* @see ==========================================================================================================
* @see 5) The default filters are commonly used as follows (note that two stars are used in the URL Pattern, so as to achieve full matching at any level)
* @see /admins/**=anon No parameter, it can be used anonymously, which can be understood as an anonymous user or tourist
* @see /admins/user/**=authc No parameter, it means authentication is required to use
* @see /admins/user/**=authcBasic No parameter, means httpBasic authentication
* @see /admins/user/**=user No parameter, indicating that there must be a user, no check is performed when logging in
* @see /admins/user/**=ssl No parameter, indicating a secure URL request, the protocol is https
* @see /admins/user/**=perms[user:add:*]
* @see parameters can be written multiple times, quotes must be added when multiple parameters, and the parameters are separated by commas, such as /admins/user/**=perms["user:add:*,user:modify:*"]
* @see When there are multiple parameters, each parameter must be passed to pass, which is equivalent to the isPermitedAll() method
* @see /admins/user/**=port[8081]
* @see When the requested URL port is not 8081, jump to schema://serverName:8081?queryString
* @see where schmal is the protocol http or https, etc., serverName is the Host you are visiting, 8081 is the Port port, and queryString is the parameter in the URL you are visiting?
* @see /admins/user/**=rest[user]
* @see According to the requested method, it is equivalent to /admins/user/**=perms[user:method], where method is post, get, delete, etc.
* @see /admins/user/**=roles[admin]
* @see parameters can be written multiple times, quotes must be added, and the parameters are separated by commas, such as /admins/user/**=roles["admin,guest"]
* @see When there are multiple parameters, each parameter must be passed to pass, which is equivalent to the hasAllRoles() method
* @see
================================================================================================================
There are two ways to configure shiro logout in spring.
1. Implement your own logout method in ordinary actions, get the Subject, and then logout,
which needs to be configured in ShiroFilterFactoryBean.
The url of the action corresponding to filterChainDefinitions is anon
<property name=" filterChainDefinitions">
<value>
# some example chain definitions:
/index.htm = anon
/logout = anon
/unauthed = anon
/console/** = anon
/css/** = anon
/js/** = anon
/lib/ ** = anon
/admin/** = authc, roles[admin]
/docs/** = authc, perms[document:read]
/** = authc
# more URL-to-FilterChain definitions here
</value>
2. To use the logout filter provided by shiro, you
need to define the corresponding bean
<bean id="logout" class="org.apache.shiro.web.filter .authc.LogoutFilter">
<property name="redirectUrl" value="/loginform" />
</bean>
Then configure the corresponding url filter to logout as follows
<property name="filterChainDefinitions">
<value>
# some example chain definitions:
/index. htm = anon
/logout = logout
/unauthed = anon
/console/** = anon
/css/** = anon
/js/** = anon
/lib/** = anon
/admin/** = authc, roles[admin]
/docs/** = authc, perms[document:read]
/** = authc
# more URL-to-FilterChain definitions here
</value>