shift,查询好久资料才找到。
Shiro版本升级到1.7及以上版本后,新增了对非ASCII字符的校验,主要涉及到InvalidRequestFilter类中的blockNonAscii属性。当该属性设置为true时(这是默认值),Shiro会拦截任何包含非ASCII字符的请求,从而导致400错误。
我是老springmvc项目,
在xml中配置
<bean id="invalidRequestFilter" class="org.apache.shiro.web.filter.InvalidRequestFilter">
<property name="blockNonAscii" value="false" /> <!-- 允许非ASCII字符通过 -->
</bean>
和
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="filterChainDefinitions">
<value>
/statics/**=anon
/files/**=anon
/captcha.jpg=anon
/**=authc
</value>
</property>
<!-- 配置过滤器,应用 InvalidRequestFilter -->
<property name="filters">
<map>
<entry key="invalidRequest" value-ref="invalidRequestFilter" />
</map>
</property>
</bean>
就可以了
springboot项目的话,在Spring配置中注入一个自定义的InvalidRequestFilter
实例,并设置blockNonAscii
属性为false
@Bean
public InvalidRequestFilter invalidRequestFilter() {
InvalidRequestFilter invalidRequestFilter = new InvalidRequestFilter();
invalidRequestFilter.setBlockNonAscii(false);
return invalidRequestFilter;
}
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
// 添加自定义的InvalidRequestFilter
factoryBean.setFilters(new HashMap<String, Filter>() {{
put(DefaultFilter.invalidRequest.name, invalidRequestFilter());
}});
return factoryBean;
}