快速上手,先熟悉下几个常用的方法
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.getPrincipal())
currentUser.hasRole("schwartz")
currentUser.isPermitted("winnebago:drive:eagle5"))
currentUser.logout();
springboot 整合shiro关键的有两个地方。
1、自定义的Realm,实现用户认证、授权功能。
2、配置ShiroConfig 注入UserRealm,ShiroFilterFactoryBean 中设置安全管理器和过滤器。
package com.example.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
//ShiroFilterFactoryBean
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//设置过滤器
Map<String, String> filterMap =new LinkedHashMap<>();
filterMap.put("/user/add","perms[user:add]");//需要授权user:add,才能访问
filterMap.put("/user/edit","perms[user:edit]");//需要授权user:add,才能访问
filterMap.put("/user/*","authc");//请求必须要认证
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
// login
shiroFilterFactoryBean.setLoginUrl("/toLogin");
return shiroFilterFactoryBean;
}
//创建DefaultWdbSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联userRealm
securityManager.setRealm(userRealm);
return securityManager;
}
//创建 UserRealm
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
package com.example.config;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
//1、自定义的Realm,实现用户认证、授权功能
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.printf("执行了授权 doGetAuthorizationInfo");
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addStringPermission("user:add");//正式项目,这里需要从数据库获取
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.printf("执行了认证 doGetAuthenticationInfo");
String name ="root" ;
String password = "123456";
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
if(!token.getUsername().equals(name)){
return null; //验证用户名
}
return new SimpleAuthenticationInfo("",password,"");
}
}