SpringBoot整合Shiro
(注意)shiro和SpringSecurity不能共用,SpringSecurity优先级高
1.导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.7.1</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.26</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.26</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.6.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.6.0</version>
</dependency>
2.使用
[[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ONX44fh3-1638933021200)(/static/img/ConfirmLevel.png “验证等级”)]]
- 1.编写Realm继承AuthorizingRealm,写认证和授权
public class UserRealm extends AuthorizingRealm {
@Autowired
UserMapper userMapper;
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;获取token中的name和password
String name = authenticationToken.getPrincipal().toString();
User user = userMapper.getUserByName(name);
// if(user==null)return null;
// HashSet<String> Info = new HashSet<>(){
// {
// add(name);
// add(user.getPassword());
// add(getName());
// }
// };
System.out.println("执行了"+getName()+name+user.getPassword());
return null;
}
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
}
- 2.编写ShiroConfig,写页面认证等级
@Configuration
public class ShiroConfig {
@Bean
UserRealm userRealm() {
return new UserRealm();
}
@Bean
DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(userRealm());
return manager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
bean.setLoginUrl("/login");
bean.setSuccessUrl("/index");
bean.setUnauthorizedUrl("/unauthorizedurl");
Map<String, String> map = new LinkedHashMap<>();
map.put("/doLogin", "anon");
map.put("/**", "authc");
bean.setFilterChainDefinitionMap(map);
return bean;
}
}