步骤
导入pom.xml,加入Springboot和Shiro的依赖
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<!-- 继承Spring Boot的默认父工程 -->
<!-- Spring Boot 父工程 -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.6.RELEASE</version>
</parent>
<groupId>com.liuxing</groupId>
<artifactId>springboot-shiro</artifactId>
<version>0.0.1-SNAPSHOT</version>
<!-- 导入依赖 -->
<dependencies>
<!-- 导入web支持:SpringMVC开发支持,Servlet相关的程序 -->
<!-- web支持,SpringMVC, Servlet支持等 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- 导入thymeleaf依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!-- shiro与spring整合依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
</dependencies>
<!-- 修改参数 -->
<properties>
<!-- 修改JDK的编译版本为1.8 -->
<java.version>1.8</java.version>
<!-- 修改thymeleaf的版本 -->
<thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.0.4</thymeleaf-layout-dialect.version>
</properties>
</project>
编写Springboot启动类
package com.liuxing.springbootshiro;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class,args);
}
}
编写Controller
package com.liuxing.springbootshiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SpringbootController {
@RequestMapping(value = "/hello")
@ResponseBody
public String hello(Model model) {
return "good boy";
}
@RequestMapping(value = "/testThemeleaf")
public String thymeleaf(Model model) {
model.addAttribute("hello", "helloworld");
return "test";
}
@RequestMapping("/add")
public String add() {
return "user/add";
}
@RequestMapping(value = "/toLogin")
public String toLogin() {
return "login";
}
@RequestMapping("/update")
public String update() {
return "user/update";
}
@RequestMapping("/login")
public String login(String username, String password, Model model) {
System.out.println("username:"+username);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
return "redirect:/testThemeleaf";
} catch (UnknownAccountException e) {
model.addAttribute("msg", "用户名不存在");
return "/login";
} catch (IncorrectCredentialsException e) {
model.addAttribute("msg", "密码错误");
return "/login";
}
}
}
编写Shiro配置类,使用 shiro内置过滤器,实现权限的相关拦截
package com.liuxing.springbootshiro;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean getShiroFilterManager(@Qualifier("securityManager")DefaultWebSecurityManager dwsm){
ShiroFilterFactoryBean sffb=new ShiroFilterFactoryBean();
sffb.setSecurityManager(dwsm);
Map<String,String> filterMap=new LinkedHashMap<String,String>();
filterMap.put("/*", "anon");
filterMap.put("/login", "anon");
sffb.setFilterChainDefinitionMap(filterMap);
sffb.setLoginUrl("/toLogin");
return sffb;
}
@Bean(name="securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager dwsm=new DefaultWebSecurityManager();
dwsm.setRealm(userRealm);
return dwsm;
}
@Bean(name="userRealm")
public UserRealm getRealm(){
return new UserRealm();
}
}
自定义Realm
package com.liuxing.springbootshiro;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class UserRealm extends AuthorizingRealm{
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行认证逻辑");
String username="tom";
String password="jack";
UsernamePasswordToken upt=(UsernamePasswordToken) token;
if(!username.equals(upt.getUsername())){
return null;
}
return new SimpleAuthenticationInfo("",password,"");
}
}