写在前面,本次 SpringBoot 整合shiro 用的是 shiro-spring 更优雅的方式应该是 shiro-spring-boot-starter ,这个整合详见官网教程:https://shiro.apache.org/spring-boot.html
好了,下面是本次整合的教程。
一.创建一个SpringBoot的Maven项目,你可以来这里:https://start.spring.io/
二.然后就是加入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--shiro 和 spring 整合依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
三.创建shiro的pe配置类
@Configuration
@Data
public class ShiroConfig {
/*这个map用来控制url需要哪些权限,key是路径,value是需要的权限*/
@Bean("filterChainDefinitionMap")
public LinkedHashMap<String, String> getFilterChainDefinitionMap() {
LinkedHashMap<String, String> map = new LinkedHashMap();
map.put("/index", "anon");
map.put("/userLogin", "anon");
map.put("/add", "perms[user:add]");//添加页面一定要有user:add这个权限
map.put("/*", "authc");
return map;
}
/*创建ShiroFilterFactoryBean*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager,
@Qualifier("filterChainDefinitionMap") LinkedHashMap map) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
//设计登陆页面
shiroFilterFactoryBean.setLoginUrl("/login");
//添加shiro内置过滤器
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
/*创建 DefaultWebSecurityManager*/
@Bean("securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
/*创建Realm*/
@Bean("userRealm")
public UserRealm getRealm() {
return new UserRealm();
}
}
四.创建一个Realm,这个类是用来授权和认证的
public class UserRealm extends AuthorizingRealm {
/*授权*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
System.out.println("授权 ");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//获取当前用户
Subject currentUser = SecurityUtils.getSubject();
//强转
User u = (User) currentUser.getPrincipal();
if (u.getUserName().equals("tom")) {
info.addStringPermission("user:add");
}
return info;
}
/*认证,就是登陆*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("认证");
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
//这个应该获取数据库中的数据,然后进行比对
User user = new User();
user.setPassword(token.getPassword().toString());
user.setUserName(token.getUsername().toString());
//比对的过程由shiro帮我们完成,密码为123就可以登录,你可以点进去看其他都构造函数,这里用一个比较简单的
//这里把user传进去,然后再授权的时候可以获取这个user对象,在26行
return new SimpleAuthenticationInfo(user, "123", getName());
}
}
五.然后就是简单的跳转和一些静态页面
这里就不一一贴出来了
github地址:https://github.com/ydoublemm/springboot-shiro
如有错误,请海涵。