I am trying to integrate Spring Boot and Shiro. When I tried to call SecurityUtils.getSubject() in one of my controllers, an exception occurred: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
I just followed some tutorials and docs to configure Shiro and here is my ShiroConfig class:
@Configuration public class ShiroConfig { @Bean public Realm realm() { return new UserRealm(); } @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName(PasswordEncoder.getALGORITHM()); hashedCredentialsMatcher.setHashIterations(PasswordEncoder.getITERATION()); return hashedCredentialsMatcher; } @Bean public UserRealm shiroRealm() { UserRealm userRealm = new UserRealm(); userRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return userRealm; } @Bean public SessionsSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm()); return securityManager; } @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); defaultAdvisorAutoProxyCreator.setUsePrefix(true); return defaultAdvisorAutoProxyCreator; } @Bean public ShiroFilterChainDefinition shiroFilterChainDefinition() { DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition(); definition.addPathDefinition("/login", "anon"); definition.addPathDefinition("/register", "anon"); definition.addPathDefinition("/api/**", "user"); return definition; } } And this is the code which caused exception:
@PostMapping("/login") @ResponseBody public Object login(@RequestParam("username") String username, @RequestParam("password") String password) { if (username.equals("") || password.equals("")) { return "please provide complete information"; } UsernamePasswordToken token = new UsernamePasswordToken(username, password); Subject subject = SecurityUtils.getSubject(); // this line caused exception ... } I am very confused about this exception. Could anyone help?
EDIT I am using Spring Boot 2.1.6.RELEASE and shiro-spring-boot-starter 1.4.0.
31 Answer
Are you using the shiro-spring-boot-web-starter dependency instead of the shiro-spring-boot-starter dependency?
It looks like that is required for spring boot web applications according to this doc.
0