shiro springboot不跳转到配置成功页面

问题描述

我在springboot 和shiro 整合的过程中，发现登陆成功后不能跳转到shiro配置的登陆成功后的url，而是直接返回了controller的消息，请各位大佬指教下

问题出现的环境背景及自己尝试过哪些方法

相关代码

// 请把代码文本粘贴到下方（请勿用图片代替代码）
@Configuration
public class ShiroConfiguration {

/**
 * LifecycleBeanPostProcessor，这是个DestructionAwareBeanPostProcessor的子类，
 * 负责org.apache.shiro.util.Initializable类型bean的生命周期的，初始化和销毁。
 * 主要是AuthorizingRealm类的子类，以及EhCacheManager类。
 */
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
}

/**
 * DefaultAdvisorAutoProxyCreator，Spring的一个bean，由Advisor决定对哪些类的方法进行AOP代理。
 */
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
    DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
    defaultAAP.setProxyTargetClass(true);
    return defaultAAP;
}
/**
 * FilterRegistrationBean
 * @return
 */
@Bean
public FilterRegistrationBean filterRegistrationBean() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
    filterRegistration.setEnabled(true);
    filterRegistration.addUrlPatterns("/*");
    filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
    return filterRegistration;
}



/**
 * HashedCredentialsMatcher，这个类是为了对密码进行编码的，
 * 防止密码在数据库里明码保存，当然在登陆认证的时候，
 * 这个类也负责对form里输入的密码进行编码。
 */
@Bean(name = "hashedCredentialsMatcher")
public HashedCredentialsMatcher hashedCredentialsMatcher() {
    HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
    credentialsMatcher.setHashAlgorithmName("MD5");
    credentialsMatcher.setHashIterations(2);
    credentialsMatcher.setStoredCredentialsHexEncoded(true);
    return credentialsMatcher;
}

/**
 * ShiroRealm，这是个自定义的认证类，继承自AuthorizingRealm，
 * 负责用户的认证和权限的处理，可以参考JdbcRealm的实现。
 */
@Bean(name = "shiroRealm")
@DependsOn("lifecycleBeanPostProcessor")
public ShiroRealm shiroRealm() {
    ShiroRealm realm = new ShiroRealm();

// realm.setCredentialsMatcher(hashedCredentialsMatcher());

    return realm;
}

// /**
// * EhCacheManager，缓存管理，用户登陆成功后，把用户信息和权限信息缓存起来，
// * 然后每次用户请求时，放入用户的session中，如果不设置这个bean，每个请求都会查询一次数据库。
// */
// @Bean(name = "ehCacheManager")
// @DependsOn("lifecycleBeanPostProcessor")
// public EhCacheManager ehCacheManager() {
// return new EhCacheManager();
// }

/**
 * SecurityManager，权限管理，这个类组合了登陆，登出，权限，session的处理，是个比较重要的类。
 * //
 */
@Bean(name = "securityManager")
public DefaultWebSecurityManager securityManager() {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(shiroRealm());

// securityManager.setCacheManager(ehCacheManager());

    return securityManager;
}

/**
 * ShiroFilterFactoryBean，是个factorybean，为了生成ShiroFilter。
 * 它主要保持了三项数据，securityManager，filters，filterChainDefinitionManager。
 */
@Bean(name="shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager());

    Map<String, Filter> filters = new LinkedHashMap<String, Filter>();

// LogoutFilter logoutFilter = new LogoutFilter();
// logoutFilter.setRedirectUrl("/login");
// filters.put("logout",null);
// shiroFilterFactoryBean.setFilters(filters);

    Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>();
    filterChainDefinitionManager.put("/login", "anon");
    filterChainDefinitionManager.put("/logout", "logout");
    filterChainDefinitionManager.put("/**", "authc");

// filterChainDefinitionManager.put("/events/**", "authc,roles[ROLE_ADMIN]");
// filterChainDefinitionManager.put("/user/edit/**", "authc,perms[user:edit]");// 这里为了测试，固定写死的值，也可以从数据库或其他配置中读取
// filterChainDefinitionManager.put("/**", "anon");

    shiroFilterFactoryBean.setSuccessUrl("/");
    shiroFilterFactoryBean.setLoginUrl("/login");
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);
    return shiroFilterFactoryBean;
}



/**
 * AuthorizationAttributeSourceAdvisor，shiro里实现的Advisor类，
 * 内部使用AopAllianceAnnotationsAuthorizingMethodInterceptor来拦截用以下注解的方法。
 */
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
    AuthorizationAttributeSourceAdvisor aASA = new AuthorizationAttributeSourceAdvisor();
    aASA.setSecurityManager(securityManager());
    return aASA;
}

}

下面的是我realm 及contrller 代码

private Logger logger = LoggerFactory.getLogger(this.getClass());

@Autowired
private UserService userService;

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    logger.info("doGetAuthorizationInfo+"+principalCollection.toString());
    UserPO user = userService.findByUserName((String) principalCollection.getPrimaryPrincipal());


    //把principals放session中 key=userId value=principals
    SecurityUtils.getSubject().getSession().setAttribute(String.valueOf(user.getId()),SecurityUtils.getSubject().getPrincipals());

    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();


    //设置登录次数、时间

// userService.updateUserLogin(user);

    return info;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    logger.info("doGetAuthenticationInfo +"  + authenticationToken.toString());

    UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
    String userName=token.getUsername();
    logger.info(userName+token.getPassword());

    UserPO user = userService.findByUserName(token.getUsername());
    if (user != null) {

// byte[] salt = Encodes.decodeHex(user.getSalt());
// ShiroUser shiroUser=new ShiroUser(user.getId(), user.getLoginName(), user.getName());

        //设置用户session
        System.out.println(user.getPassword());
        Session session = SecurityUtils.getSubject().getSession();
        session.setAttribute("user", user);
        return new SimpleAuthenticationInfo(userName,token.getPassword(),getName());
    } else {
        return null;
    }

// return null;

}





/**
 * Go login
 * @param request
 * @return
 */
@RequestMapping(value="login", method= RequestMethod.POST)
public String login(HttpServletRequest request, RedirectAttributes redriect) {
    String account = request.getParameter("name");
    String password = request.getParameter("password");

    UsernamePasswordToken upt = new UsernamePasswordToken(account, password);
    Subject subject = SecurityUtils.getSubject();
    try {
        subject.login(upt);
    } catch (AuthenticationException e) {
        e.printStackTrace();
        redriect.addFlashAttribute("errorText", "您的账号或密码输入错误!");
        return "redirect:/login";
    }
    return "{\"Msg\":\"登陆成功\",\"state\":\"success\"}";
}

你期待的结果是什么？实际看到的错误信息又是什么？