springboot整合shiro框架
1. 导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.0-RC2</version>
</dependency>
2. shiro的启动配置
2.1 创建一个配置类,进行配置
package com.example;
import com.example.realm.DemoRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
@Configuration
public class ShiroConfiguration {
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chain = new DefaultShiroFilterChainDefinition();
chain.addPathDefinition("/plugins/**", "anon");
chain.addPathDefinition("/demo/hello", "anon");
chain.addPathDefinition("/login/login","anon");
chain.addPathDefinition("/**", "authc");
return chain;
}
@Bean
public DemoRealm demoRealm(){
return new DemoRealm();
}
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(demoRealm());
return securityManager;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
defaultAdvisorAutoProxyCreator.setUsePrefix(true);
return defaultAdvisorAutoProxyCreator;
}
}
2.2 创建认证实现类
package com.example.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class DemoRealm extends AuthorizingRealm {
{
HashedCredentialsMatcher hashMatcher = new HashedCredentialsMatcher();
hashMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
hashMatcher.setStoredCredentialsHexEncoded(false);
hashMatcher.setHashIterations(56);
this.setCredentialsMatcher(hashMatcher);
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("=============进入授权方法========");
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("==========进入认证==========");
return null;
}
}
2.3 配置application.yml
shiro:
web:
enabled: true
loginUrl: /login.html
- 关于yml中对shiro的配置,还有下面这些参数可以配置
shiro.enabled true 启用Shiro的Spring模块
shiro.web.enabled true 启用Shiro的Spring Web模块
shiro.annotations.enabled true 为Shiro的注释启用Spring支持
shiro.sessionManager.deleteInvalidSessions true 从会话存储中删除无效会话
shiro.sessionManager.sessionIdCookieEnabled true 启用会话ID到cookie,用于会话跟踪
shiro.sessionManager.sessionIdUrlRewritingEnabled true 启用会话URL重写支持
shiro.userNativeSessionManager false 如果启用,Shiro将管理HTTP会话而不是容器
shiro.sessionManager.cookie.name JSESSIONID 会话cookie名称
shiro.sessionManager.cookie.maxAge -1 会话cookie最大年龄
shiro.sessionManager.cookie.domain 空值 会话cookie域
shiro.sessionManager.cookie.path 空值 会话cookie路径
shiro.sessionManager.cookie.secure false 会话cookie安全标志
shiro.rememberMeManager.cookie.name rememberMe RememberMe cookie名称
shiro.rememberMeManager.cookie.maxAge 一年 RememberMe cookie最大年龄
shiro.rememberMeManager.cookie.domain 空值 RememberMe cookie域名
shiro.rememberMeManager.cookie.path 空值 RememberMe cookie路径
shiro.rememberMeManager.cookie.secure false RememberMe cookie安全标志
shiro.loginUrl /login.jsp 未经身份验证的用户重定向到登录页面时使用的登录URL
shiro.successUrl / 用户登录后的默认登录页面(如果在当前会话中找不到替代)
shiro.unauthorizedUrl 空值 页面将用户重定向到未授权的位置(403页)