Bootstrap

SpringBoot整合shiro-spring-boot-web-starter启动报错

最近在做一个SpringBoot整合常用框架的系统,在整合Shiro时启动就报错,现将解决办法总结如下:
SpringBoot使用的是最新的2.3.4版本,Shiro使用的是shiro-spring-boot-web-starter1.6.0版本,在配置文件ShiroConfig中添加安全管理器,代码如下:

@Bean
public SecurityManager securityManager(UserRealm userRealm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    //配置realm
    securityManager.setRealm(userRealm);
    return securityManager;
}

项目启动时报错如下:

Description:
The bean 'securityManager', defined in class path resource [org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [com/xlhj/shiro/config/ShiroConfig.class] and overriding is disabled.
Action:
Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

根据异常信息查看ShiroWebAutoConfiguration源码时发现其中已经定义了securityManager,ShiroConfig配置文件中再次定义securityManager,因返回的类与其不一样导致出错,shiro-spring-boot-web-starter包中定义securityManager的代码如下:

@Bean
@ConditionalOnMissingBean
@Override
protected SessionsSecurityManager securityManager(List<Realm> realms) {
    return super.securityManager(realms);
}

从源代码中可以看出securityManager返回的是SessionsSecurityManager,而自己定义的ShiroConfig中返回的是SecurityManager,所以如果要定义securityManager,返回类型只能是SessionsSecurityManager及其子类,而SessionsSecurityManager的子类是DefaultSecurityManager,DefaultWebSecurityManager又继承与DefaultSecurityManager,相关类图如下:
DefaultWebSecurityManager类图
故而正确的代码应该是:

@Bean
public SessionsSecurityManager securityManager(UserRealm userRealm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    //配置realm
    securityManager.setRealm(userRealm);
    return securityManager;
}
;