1.pom文件
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
2.shiro配置类
package club.jiajiajia.bulider.config.shiro;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import club.jiajiajia.bulider.entity.sys.SysPermission;
import club.jiajiajia.bulider.entity.sys.SysRole;
import club.jiajiajia.bulider.service.SystemService;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
/**
* shiro配置类
* @author JIA_JIAJIA
* @website http://www.jiajiajia.club
* @da2019年5月6日
*/
@Configuration
public class ShiroConfig {
/**
* 注入service查询系统全部权限
*/
@Autowired
private SystemService systemService;
/**
* 自定义realm
* 用于认证和授权
* @return
*/
@Bean(name="userRealm")
public UserRealm getUserRealm() {
UserRealm userRealm = new UserRealm();
userRealm.setCachingEnabled(true);
//启用身份验证缓存,即缓存AuthenticationInfo信息,默认false
userRealm.setAuthenticationCachingEnabled(true);
//缓存AuthenticationInfo信息的缓存名称 在ehcache-shiro.xml中有对应缓存的配置
userRealm.setAuthenticationCacheName("authenticationCache");
//启用授权缓存,即缓存AuthorizationInfo信息,默认false
userRealm.setAuthorizationCachingEnabled(true);
//缓存AuthorizationInfo信息的缓存名称 在ehcache-shiro.xml中有对应缓存的配置
userRealm.setAuthorizationCacheName("authorizationCache");
return userRealm;
}
/**
* 安全管理器
* @return
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager getSecurityManager(@Qualifier("userRealm")UserRealm userRealm,
@Qualifier("ehCacheManager")EhCacheManager ehCacheManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
securityManager.setCacheManager(ehCacheManager);
return securityManager;
}
/***
* 开启权限缓存
* 避免每次请求都会调用UserRealm中的授权方法
* @return
*/
@Bean(name="ehCacheManager")
public EhCacheManager getEhCacheManager(){
EhCacheManager ehCacheManager = new EhCacheManager();
ehCacheManager.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");
return ehCacheManager;
}
/**
* 设置过滤规则
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager")DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("roles", new CustomRolesAuthorizationFilter());//覆盖原来的shiro拦截器
/**
* 自定义权限拦截器,重写了shiro自带的roles拦截器。
* 主要目的是为了重写认证失败后返回的信息,例如ajax请求没有权限的路径是,弹出提示,您没有访问权限等。
*/
shiroFilterFactoryBean.setSecurityManager(securityManager);//
shiroFilterFactoryBean.setLog