SpringBoot集成Shiro和FreeMarker

一个非凡的网站 http://www.hikson.com，RJ海客森

视频录制

1. git地址：https://gitee.com/hikseason/demo-bk-security-all.git
2. 视频地址：https://pan.baidu.com/s/19mrxCE9Y5R5ntSEg_EReOg SpringBoot集成Shiro和FreeMarker

0.导包

1. POM依赖
2. 配置，使用@Configuration

1.WebConfig配置Web工程

1. 定义静态资源，实现WebMvcConfigurer

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/statics/**").addResourceLocations("classpath:/statics/");
}

2.FilterConfig过滤器

1. 主要设置过滤器shiroFilter

@Bean
public FilterRegistrationBean shiroFilterRegistration() {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    //ShiroConfig下面配置了一个Bean叫shiroFilter，（ShiroFilterFactoryBean）
    registration.setFilter(new DelegatingFilterProxy("shiroFilter"));
    //该值缺省为false，表示生命周期由SpringApplicationContext管理，设置为true则表示由ServletContainer管理
    registration.addInitParameter("targetFilterLifecycle", "true");
    registration.setEnabled(true);
    //次最低等级的
    System.out.println();
    registration.setOrder(Integer.MAX_VALUE - 1);
    registration.addUrlPatterns("/*");
    return registration;
}

3.ShiroConfig配置

1. 主要配置securityManager

@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setSecurityManager(securityManager);
    shiroFilter.setLoginUrl("/login.html");
    shiroFilter.setUnauthorizedUrl("/");
    Map<String, String> filterMap = new LinkedHashMap<>();
    filterMap.put("/webjars/**", "anon");
    filterMap.put("/statics/**", "anon");
    filterMap.put("/login.html", "anon");
    filterMap.put("/sys/login", "anon");
    filterMap.put("/favicon.ico", "anon");
    filterMap.put("/captcha.jpg", "anon");
    filterMap.put("/**", "authc");
    shiroFilter.setFilterChainDefinitionMap(filterMap);
    return shiroFilter;
}

2. lifecycleBeanPostProcessor

4.继承AuthorizingRealm

1.认证

@Override
protected AuthenticationInfo doGetAuthenticationInfo(
		AuthenticationToken authcToken) throws AuthenticationException {
	UsernamePasswordToken token = (UsernamePasswordToken)authcToken;

	//查询用户信息,实际是从数据库查找出来的
	String username = token.getUsername();
	String toeknCr = new String(token.getPassword());
	String salt = "YzcmCZNvbXocrsz9dm8e";
	String password = ShiroUtils.sha256(toeknCr, salt);
//		String password = "e1153123d7d180ceeb820d577ff119876678732a68eef4e6ffc0b1f06a01f91b";
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, password, ByteSource.Util.bytes(salt), getName());
	return info;
}

2.授权

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
	Set<String> permsSet = new HashSet<>();
	//数据库查找，进行相关赋值//todo
	String uesr = (String)principals.getPrimaryPrincipal();
	if (uesr.equals("admin")) {
		permsSet.add("user:test");
	}
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	info.setStringPermissions(permsSet);
	return info;
}

5.FreeMarker配置

1. 定义了shiroTag

@Bean
public FreeMarkerConfigurer freeMarkerConfigurer(ShiroTag shiroTag){
    FreeMarkerConfigurer configurer = new FreeMarkerConfigurer();
    configurer.setTemplateLoaderPath("classpath:/templates");
    Map<String, Object> variables = new HashMap<>(1);
    //将权限放在shiro
    variables.put("shiro", shiroTag);
    configurer.setFreemarkerVariables(variables);
    System.out.println();
    Properties settings = new Properties();
    settings.setProperty("default_encoding", "utf-8");
    settings.setProperty("number_format", "0.##");
    configurer.setFreemarkerSettings(settings);
    return configurer;
}

6.测试

1. 登录：http://localhost:8080/admin/index.html
2. 页面权限：http://localhost:8080/admin/testHtml
3. 权限：http://localhost:8080/admin/test

转载于:https://my.oschina.net/u/3888250/blog/1836733