shiro
简单搭建项目环境
1、首先进行springboot项目的创建
2、导入shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
</dependency>
3、配置自定义realm 继承shiro的认证类 AuthorizingRealm
在这个类中有两个方法,分别是认证和授权,认证是对角色的登录校验,授权是对角色的权限进行赋值
public class UserRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权");
Subject subject = SecurityUtils.getSubject();
String username = subject.getPrincipal().toString();
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
if (username.equals("admin")){
info.addRole("admin");
}
return info;
}
//身份认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
String s = authenticationToken.getPrincipal().toString();
System.out.println(s+"想登录");
if (s.equals("admin")){
return new SimpleAuthenticationInfo(authenticationToken.getPrincipal(),"123456","qwe");
}
return null;
}
}
4、配置shiroconfig,将自定义认证类交给shiro的securityManager管理,同时配置shiro的filter来进行身份过滤。
@Configuration
public class ShiroConfig {
//创建自定义认证类
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//添加身份认证过滤器
/*
anno:无需认证
authc:必须认证
user:必须拥有记住我功能
perms:拥有某个资源的权限
role:拥有某个角色
*/
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/add","authc");
filterChainDefinitionMap.put("/add","perms[user:add]");
filterChainDefinitionMap.put("/del","roles[admin]");
shiroFilterFactoryBean.setLoginUrl("/toLogin");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
}
5、简单案列 详情参照springboot整合thymeleaf
<--login.html 登录界面-->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<form method="post" action="/login">
<input name="username" type="text"><br>
<input name="password" type="text"><br>
<input type="submit" value="提交">
</form>
</body>
</html>
《---index.html--》
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<a href="/add">add</a><br>
<a href="/del">del</a><br>
</body>
</html>
controller
@Controller
@Slf4j
public class UserController {
@RequestMapping("/")
public String index(){
return "index";
}
@RequestMapping("/add")
public String add(){
return "user/add";
}
@RequestMapping("/del")
public String del(){
return "user/del";
}
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
@RequestMapping("/login")
public String login(String username,String password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
try {
subject.login(token);
} catch (UnknownAccountException uae) {
log.info("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
log.info("The account for username " + token.getPrincipal() + " is locked. " +
"Please contact your administrator to unlock it.");
}
return "index";
}
@RequestMapping("/logout")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "index";
}
}
总结:通过上述步骤就可以将shiro简单整合到springboot中去了,这只是一个简单的案列,更多配置请参照官方文档