一、spring 依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.2</version>
</dependency>
二、java配置
@Configuration
public class SecurityAutoConfigure {
@Bean
public Realm buildRealm(HashedCredentialsMatcher credentialsMatcher) {
AuthorizingRealm realm = new AuthorizingRealm() {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(Sets.newHashSet("admin"));
authorizationInfo.setStringPermissions(Sets.newHashSet("system:add"));
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
JSONObject userInfo = new JSONObject();
userInfo.put("name", "sss");
userInfo.put("position", "ceo");
String password = "12345";
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userInfo, password, getName());
return info;
}
};
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");
matcher.setHashIterations(1);
realm.setCredentialsMatcher(credentialsMatcher);
return realm;
}
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("login.json");
shiroFilterFactoryBean.setSuccessUrl("index.html");
shiroFilterFactoryBean.setUnauthorizedUrl("fail.html");
Map<String, String> map = new LinkedHashMap<>();
map.put("/**", "user");
map.put("/logout", "logout");
map.put("/login", "authc");
map.put("/js/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager(Realm realm, SecurityProperties securityProperties) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
securityManager.setSessionManager(sessionManager());
return securityManager;
}
@Bean
public SessionManager sessionManager() {
SimpleCookie cookie = new SimpleCookie();
cookie.setName("test");
cookie.setDomain("test");
RedisSessionDAO sessionDao = new RedisSessionDAO();
sessionDao.setKeyPrefix("redis-test");
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(3600000);
sessionManager.setSessionIdCookie(cookie);
sessionManager.setSessionDAO(sessionDao);
sessionManager.setSessionValidationSchedulerEnabled(true);
return sessionManager;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@ConditionalOnMissingBean(DefaultAdvisorAutoProxyCreator.class)
@DependsOn("lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
creator.setProxyTargetClass(true);
return creator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}