1、pom引入 shiro-core 和 shiro-spring(引入shiro-spring即可)
<!-- 集成shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency> |
2、创建 ShiroConfig.java,配置session管理
package com.qfedu.dtboot.config; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * Created by helen on 2018/3/6 * Shiro配置 * */ @Configuration public class ShiroConfig { /** * session管理器 * @return */ @Bean(name = "sessionManager") public SessionManager sessionManager(){ DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); //设置session过期时间为1小时(单位:毫秒),默认为30分钟 sessionManager.setGlobalSessionTimeout(60 * 60 * 1000); //扫描session线程,负责清理超时会话 sessionManager.setSessionValidationSchedulerEnabled(true); //去掉URL中的JSESSIONID sessionManager.setSessionIdUrlRewritingEnabled(false); return sessionManager; } } |
3、创建UserRealm的骨架
package com.qfedu.dtboot.shiro; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.stereotype.Component; /** * Created by helen on 2018/3/6 */ @Component public class UserRealm extends AuthorizingRealm { /** * 认证 * @param token * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("认证。。。。。。"); return null; } /** * 授权 * @param principals * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("授权。。。。。。"); return null; } } |
4、
ShiroConfig中配置SecurityManager
@Bean(name = "securityManager") public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); securityManager.setSessionManager(sessionManager); return securityManager; } |
引入的包
import com.qfedu.dtboot.shiro.UserRealm; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; |
5、 ShiroConfig中配置过滤器
/** * 过滤器 * @param securityManager * @return */ @Bean("shiroFilter") public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); shiroFilter.setLoginUrl("/login.html");//登录 shiroFilter.setSuccessUrl("/index.html");//认证成功 shiroFilter.setUnauthorizedUrl("/");//未授权 //anon:它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main --> //authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter Map<String, String> filterMap = new LinkedHashMap<>(); filterMap.put("/public/**", "anon"); filterMap.put("/login.html", "anon"); filterMap.put("/sys/login", "anon"); filterMap.put("/captcha.jpg", "anon"); filterMap.put("/**", "authc"); shiroFilter.setFilterChainDefinitionMap(filterMap); return shiroFilter; } |
6、其他配置
@Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator(); proxyCreator.setProxyTargetClass(true); return proxyCreator; } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } |
7、测试
访问其他页面,均跳转到登录页面