SpringBoot从零到有 (shiro入门篇)
1 ===>导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
2 ===>两个配置类
shiroFilter
import org.apache.shiro.mgt.SecurityManager;
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login.html");
shiroFilterFactoryBean.setSuccessUrl("/admin/index.html");
shiroFilterFactoryBean.setUnauthorizedUrl("/notRole.html");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/image/**", "anon");
filterChainDefinitionMap.put("/plugins/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/login.html", "anon");
filterChainDefinitionMap.put("/Lg/Login", "anon");
// 主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截 剩余的都需要认证
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
defaultSecurityManager.setRealm(customRealm());
return defaultSecurityManager;
}
@Bean
public CustomRealm customRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn({ "lifecycleBeanPostProcessor" })
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
CRealm(名字自定义,随便你,爱咋取咋取)
public class CustomRealm extends AuthorizingRealm{
@Autowired AdminInfoServiceImpl adminInfoServiceImpl;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("授权中.......");
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("认证中....................");
这里将会是subject.login(token);的方法的实现
}
}
3===>登录方法
@RestController
@RequestMapping("/Lg")
public class LoginController {
@RequestMapping(value = "Login", method = RequestMethod.POST)
public Result login(@RequestBody AdminInfo info) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(info.getUserName(), info.getPassWord());
try {
subject.login(token);
} catch (UnknownAccountException uae) {
return Result.erroReuslt("登陆失败");
} catch (IncorrectCredentialsException ice) {
return Result.erroReuslt("登陆失败");
} catch (LockedAccountException lae) {
return Result.erroReuslt("登陆失败");
} catch (ExcessiveAttemptsException eae) {
return Result.erroReuslt("登陆失败");
}
if (subject.isAuthenticated()) {
return Result.successReuslt("登陆成功!",null);
} else {
token.clear();
return Result.erroReuslt("失败");
}
}
}
这样子就可以用shiro了,是不是超级简单?