[SOLVED] Shiro filter not working in Spring Boot application

Shiro filter not working in Spring Boot application

Springboot3 + Shiro1.5.3

I have configured a Shiro filter (with JWT) in my Spring Boot application, but it doesn't seem to be working as expected. I've followed the setup instructions and added the necessary configurations, but the filter is not intercepting requests as it should. Here is my configuration

// ShiroConfig.java

@Configuration
public class ShiroConfig {

    // Other configurations...
    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }


    @Bean("securityManager")
    public SecurityManager securityManager(UserRealm realm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        return securityManager;
    }

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);

        Map<String, Filter> map = new HashMap<>();
        map.put("jwt", new UserFilter());
        shiroFilter.setFilters(map);

        Map<String, String> filterMap = new LinkedHashMap<>();
        filterMap.put("/**", "jwt");
        shiroFilter.setFilterChainDefinitionMap(filterMap);
        return shiroFilter;
    }
}

and my filter is as follows:

@Slf4j
@Component
@Scope("prototype")
public class UserFilter extends BasicHttpAuthenticationFilter {

    @Override
    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws ServiceException {
        //...
    }
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        try {
            executeLogin(request, response);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}

Despite setting up the filter and defining the filter chain in my Shiro configuration, the filter doesn't seem to be intercepting requests.

After my debugging, I found that the request doesn't even need to go through the isAccessAllowed() method of the filter.

Solution

I have resolved this issue.

It was caused by the simultaneous use of javax and jakarta in the project.