Shiro错误之No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util

提示：No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.具体错误信息如下：18:35:03.909 ERROR org.apache.juli.logging.Di...

Mint6

22405人浏览 · 2020-02-16 21:56:54

Mint6 · 2020-02-16 21:56:54 发布

提示：

No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.

意思就是：你还没有登录，所以我不能给你提供当前登录人的信息。

具体错误信息如下：

20:43:04.495 ERROR org.apache.juli.logging.DirectJDKLog 175 log - Servlet.service() for servlet [dispatcherServlet] threw exception org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
	at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[shiro-core-1.4.2.jar:1.4.2]

分析流程：

找到抛出错误的位置：at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

SecurityUtils

debug发现当前线程没有创建SecurityManager，所以问题是：请求进来了，但是SecurityManager没初始化。

为什么没有初始化？因为没有正确登录。

只有在正确的调用这个登录方法后subject.login(usernamePasswordToken)，才会存在对应的主体信息。

所以需要排除调用 /login接口之前，从shiro调用SecurityUtils.getSubject()获取主体信息。

这里查看报错代码，自己写的代码报错的位置：com.fast.admin.interceptor.LoginInterceptor.preHandle(LoginInterceptor.java:37

Caused by: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
	at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[shiro-core-1.4.2.jar:1.4.2]
	at com.fast.framework.utils.ShiroUtil.getSubjct(ShiroUtil.java:20) ~[classes/:?]
	at com.fast.framework.utils.ShiroUtil.getUser(ShiroUtil.java:33) ~[classes/:?]
	at com.fast.admin.interceptor.LoginInterceptor.preHandle(LoginInterceptor.java:37) ~[classes/:?]

在这个地方避免调用登录接口之前调用SecurityUtils.getSubject()，修复后解决问题。