Spring Boot引入Shiro
当你在Spring Boot项目中引入Shiro时,首先需要确保你已经在pom.xml文件中添加了Shiro的依赖项。然后,你需要配置Shiro的相关组件,包括Realm、SecurityManager等。以下是一个简单的示例,展示了如何在Spring Boot中引入Shiro:
首先,在pom.xml中添加Shiro的依赖项:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.7.1</version>
</dependency>
创建一个自定义的Realm类,用于处理认证和授权逻辑:
@Component
public class MyRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
// 认证逻辑
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
String username = usernamePasswordToken.getUsername();
User user = userService.findByUsername(username);
if (user == null) {
throw new UnknownAccountException("用户不存在");
}
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
}
// 授权逻辑
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String) principals.getPrimaryPrincipal();
User user = userService.findByUsername(username);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
// 添加角色和权限信息
authorizationInfo.addRoles(user.getRoles());
authorizationInfo.addStringPermissions(user.getPermissions());
return authorizationInfo;
}
}
配置Shiro的安全管理器(SecurityManager):
@Configuration
public class ShiroConfig {
@Bean
public SecurityManager securityManager(MyRealm myRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm);
return securityManager;
}
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
chainDefinition.addPathDefinition("/login", "anon"); // 允许匿名访问登录接口
chainDefinition.addPathDefinition("/**", "authc"); // 其他接口需要认证
return chainDefinition;
}
}
创建一个登录接口处理用户登录逻辑:
@RestController
public class LoginController {
@PostMapping("/login")
public String login(@RequestParam String username, @RequestParam String password) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
return "登录成功";
} catch (AuthenticationException e) {
return "用户名或密码错误";
}
}
}
这只是一个简单的示例,你可以根据你的实际需求进行定制和扩展。