shiro-spring过滤器链

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    shiroFilterFactoryBean.setLoginUrl("/login");
    shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    // <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
    filterChainDefinitionMap.put("/webjars/**", "anon");
    filterChainDefinitionMap.put("/login", "anon");
    filterChainDefinitionMap.put("/", "anon");
    filterChainDefinitionMap.put("/front/**", "anon");
    filterChainDefinitionMap.put("/api/**", "anon");

    filterChainDefinitionMap.put("/admin/**", "authc");
    filterChainDefinitionMap.put("/user/**", "authc");
    //主要这行代码必须放在所有权限设置的最后，不然会导致所有 url 都被拦截 剩余的都需要认证
    filterChainDefinitionMap.put("/**", "authc");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}

authc这样指的就是每次进入api都要通过过滤器过滤一下，判断是否符合该过滤器的权限。anon、authc是默认的过滤器链，其他自带过滤器链包括

anon	    org.apache.shiro.web.filter.authc.AnonymousFilter
authc	    org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic	org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
perms	    org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port	    org.apache.shiro.web.filter.authz.PortFilter
rest	    org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles	    org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl	        org.apache.shiro.web.filter.authz.SslFilter
user	    org.apache.shiro.web.filter.authc.UserFilter