Apache Shiro 安全框架(4)-与web集成_org.apache.shiro.web.mgt.defaultwebsecuritymanager-CSDN博客

本文链接：https://blog.csdn.net/heyrian/article/details/80988152

本文介绍了如何将Apache Shiro安全框架与Web应用进行集成，包括添加shiro-spring依赖，配置shiro，设置URL规则，以及使用shiro的注解进行权限管理。详细讲述了登录控制器的实现，URL通配符的规则，以及如何启用注解鉴权。

摘要由CSDN通过智能技术生成

要将shiro与web集成必须要添加shiro-spring依赖：

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.4.0</version>
</dependency>

配置shiro

import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * 结合spring，shiro完成web的认证和授权
 */
@Configuration
public class ShiroConfig {

    @Bean
    public DefaultSecurityManager securityManager(){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(definedRealm());
        return securityManager;
    }

    @Bean
    public DefinedRealm definedRealm(){
        DefinedRealm realm = new DefinedRealm();
        return realm;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilter(){
        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager());
        shiroFilter.setLoginUrl("/login");//