Shiro升级为1.9.1不兼容

眩雾

2022 年 6 月 29 日，Apache 官方披露 Apache Shiro 权限绕过漏洞(CVE-2022-32532)，当 Apache Shiro 中使用 RegexRequestMatcher 进行权限配置，且正则表达式中携带“.”时，未经授权的远程攻击者可通过构造恶意数据包绕过身份认证，导致配置的权限验证失效。目前该漏洞利用细节已公开，官方已在 Apache Shiro 1.9.1 版本中修复该漏洞，建议受影响的用户及时更新至安全版本。

眩雾

Error starting Tomcat context. Exception: org.springframework.beans.factory.BeanCreationException. Message: Error creating bean with name 'filterShiroFilterRegistrationBean' defined in class path resource [org/apache/shiro/spring/config/web/autoconfigure/ShiroWebFilterConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'filterShiroFilterRegistrationBean' threw exception; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'shiroFilterFactoryBean' available