【Java漏洞】Shiro 漏洞：SpringBoot 整合 Shiro+退出登录

在我们的ShiroAutoConfiguration::ShiroFilterFactoryBean中, 我们增加如下代码:

@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(securityManager);Map<String, String> hashMap = new HashMap<>();hashMap.put("/", "anon");hashMap.put("/login", "anon");hashMap.put("/static/**", "anon");hashMap.put("/logout", "logout"); // 访问则退出登录shiroFilterFactoryBean.setFilterChainDefinitionMap(hashMap);shiroFilterFactoryBean.setLoginUrl("/login");shiroFilterFactoryBean.setUnauthorizedUrl("/");return shiroFilterFactoryBean;
}

当我们访问/logout时, 就会退出登录. 当然也可以在前端页面加入该功能:

<shiro:guest><ul class="layui-nav layui-layout-right"><li class="layui-nav-item layui-hide layui-show-md-inline-block"><a href="/login">登录</a></li></ul>
</shiro:guest>
<shiro:user><ul class="layui-nav layui-layout-right"><li class="layui-nav-item layui-hide layui-show-md-inline-block"><a href="javascript:;"><img src="x" alt="图片显示错误" class="layui-nav-img"><shiro:principal/></a><dl class="layui-nav-child"><dd><a href="">Your Profile</a></dd><dd><a href="">Settings</a></dd><dd><a href="/logout">Sign out</a></dd> <!-- 单机则退出登录 --></dl></li><li class="layui-nav-item" lay-header-event="menuRight" lay-unselect><a href="javascript:;"><i class="layui-icon layui-icon-more-vertical"></i></a></li></ul></shiro:user>
</div>