项目源码:http://download.csdn.net/download/a295277302/9943725
添加Shiro依赖文件
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
添加ShiroConfiguration
@Configuration public class ShiroConfiguration { @Bean(name = "sessionManager") public SessionManager sessionManager(){ DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); //设置session过期时间为1小时(单位:毫秒),默认为30分钟 sessionManager.setGlobalSessionTimeout(60 * 60 * 1000); sessionManager.setSessionValidationSchedulerEnabled(true); return sessionManager; } @Bean(name = "securityManager") public SecurityManager securityManager(ShiroRealm shiroRealm, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm); securityManager.setSessionManager(sessionManager); return securityManager; } @Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); shiroFilter.setLoginUrl("/auth.html"); shiroFilter.setUnauthorizedUrl("/403.html"); Map<String, String> filterMap = new LinkedHashMap<>(); //开放swagger资源 start filterMap.put("/v2/api-docs", "anon"); filterMap.put("/webjars/**", "anon"); filterMap.put("/swagger-resources/**", "anon"); filterMap.put("/swagger-ui.html", "anon"); //开放swagger资源 end filterMap.put("/api/**", "anon"); filterMap.put("/assets/**", "anon"); filterMap.put("/fonts/**", "anon"); filterMap.put("/maps/**", "anon"); filterMap.put("/api/_devops_/init", "anon"); filterMap.put("/configuration/ui", "anon"); filterMap.put("/configuration/security", "anon"); filterMap.put("/scripts/**", "anon"); filterMap.put("/styles/**", "anon"); filterMap.put("/auth.html", "anon"); filterMap.put("/index.html", "anon"); filterMap.put("/**", "authc"); shiroFilter.setFilterChainDefinitionMap(filterMap); return shiroFilter; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator(); proxyCreator.setProxyTargetClass(true); return proxyCreator; } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } }
添加自己的Realm
ShiroRealm
@Component public class ShiroRealm extends AuthorizingRealm { @Autowired private UserService userService; @Autowired private MenuService menuService; /** * @Author : oukingtim * @Description : 授权(验证权限时调用) */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { User user = (User)principalCollection.getPrimaryPrincipal(); String userId = user.getId(); //用户权限列表 Set<String> permsSet = menuService.getPermissions(userId); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setStringPermissions(permsSet); return info; } /** * @Author : oukingtim * @Description : 认证(登录时调用) */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String username = (String) authenticationToken.getPrincipal(); String password = new String((char[]) authenticationToken.getCredentials()); //查询用户信息 User user = userService.findByUserName(username); // // //账号不存在 if(user == null) { throw new UnknownAccountException("用户名不正确"); } // // //密码错误 if(!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("密码不正确"); } // // //账号禁用 if("0".equals(user.getStatus())){ throw new LockedAccountException("用户已被禁用,请联系管理员"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; } }测试LoginController@RestController @RequestMapping("/api") @Api(value = "api",description = "用户登陆Controller") public class LoginController { @Autowired private UserService userService; @Autowired private MenuService menuService; @RequestMapping(value = "/login",method = RequestMethod.POST) @ApiOperation(value = "用户登录",notes = "根据用户名密码判断用户") @ApiImplicitParam(value = "Map",required = true,dataType = "Map") public ResultResponse login(@RequestBody Map<String, String> map) { UsernamePasswordToken token = null; try { String password = map.get("password"); String username = map.get("username"); Subject subject = ShiroUtils.getSubject(); //sha256加密 password = new Sha256Hash(password).toHex(); token = new UsernamePasswordToken(username, password); subject.login(token); } catch (UnknownAccountException e) { return ResultResponse.error(e.getMessage()); } catch (IncorrectCredentialsException e) { return ResultResponse.error(e.getMessage()); } catch (LockedAccountException e) { return ResultResponse.error(e.getMessage()); } return ResultResponse.ok(); } @RequestMapping(value = "/logout",method = RequestMethod.GET) @ApiOperation(value = "用户退出",notes = "用户退出") public ResultResponse logout() { ShiroUtils.logout(); return ResultResponse.ok(); } //test @RequestMapping(value = "/getCurrentUser",method = RequestMethod.GET) @ApiOperation(value = "当前用户",notes = "当前用户") public User getCurrentUser() { User user = ShiroUtils.getUser(); if(user == null){ user = new User(); user.setId("asdasdsa"); } return user; } }