导入坐标
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.6.0</version>
</dependency>
//模板引擎是freemarker需要导入
<dependency>
<groupId>net.mingsoft</groupId>
<artifactId>shiro-freemarker-tags</artifactId>
<version>1.0.2</version>
</dependency>
2.自定义realm
public class UserRealm extends AuthorizingRealm{
@Autowired
AccountMapper accountMapper;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("授权");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// info.addStringPermission("user:add");
Subject subject = SecurityUtils.getSubject();
//获取Principal信息
Account principal = (Account) subject.getPrincipal();
//设置当前用户权限
info.addStringPermission(principal.getPerms());
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("认证");
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
Account accountByName = accountMapper.getAccountByName(token.getUsername());
if (accountByName==null){//UnknownAccountException
return null;
}
return new SimpleAuthenticationInfo(accountByName,accountByName.getMoney(),"");//IncorrectCredentialsException
//设置当前用户principal信息,证书信息(与此不同不通过)
//Object principal, Object credentials, String realmName
}
}
shiro配置
@Configuration
public class ShiroConfig {
//ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("SecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
/*
anon:无需认证就可访问
authc:必须认证了才能访问
user :必须拥有 记住我 功能才能访问
perms :拥有对某个资源的权限才能访问
role: 拥有某个用户权限才能访问
*/
//拦截
Map<String, String> map=new LinkedHashMap<>();
//controller的请求映射
map.put("/add","perms[user:add]");
map.put("/update","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//未通过认证跳到此请求
shiroFilterFactoryBean.setLoginUrl("/login");
//未授权的
shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth");
return shiroFilterFactoryBean;
}
// DefaultWebSecurityManager
@Bean("SecurityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//关联UserRealm
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
//创建realm对象,
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
//整合shiro和freemarker
@Bean
public FreeMarkerConfigurer freeMarkerConfigurer() throws IOException, TemplateException {
FreeMarkerConfigurer freeMarkerConfigurer = new FreeMarkerConfigurer();
freeMarkerConfigurer.setTemplateLoaderPath("classpath:/templates/");
freemarker.template.Configuration configuration = freeMarkerConfigurer.createConfiguration();
configuration.setDefaultEncoding("UTF-8");
//这里可以添加其他共享变量 比如sso登录地址
configuration.setSharedVariable("shiro", new ShiroTags());
freeMarkerConfigurer.setConfiguration(configuration);
return freeMarkerConfigurer;
}
}
控制器
@RequestMapping("login")
public String login(String username,String password,Model model){
//获取当前用户
Subject subject = SecurityUtils.getSubject();
//封装用户登录数据
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
return "index";
} catch (UnknownAccountException e) {//用户名不存在
model.addAttribute("msg","用户名错误");
return "login";
}catch (IncorrectCredentialsException e){//密码不正确
model.addAttribute("msg","密码错误"); return "login";
}
}
@RequestMapping("/noAuth")
public @ResponseBody String noAuth(){
return "未经授权";
}
前端
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<h1>首页</h1>
<p><#if msg??>${msg}</#if></p>
<hr>
<@shiro.hasPermission name="user:add">
<a href="/add">add</a><br>
</@shiro.hasPermission>
<a href="/update">update</a>
</body>
</html>