Shiro的使用
引入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.9.0</version>
</dependency>
自定义realm
@Component
public class MyRealm extends AuthorizingRealm {
public final Logger logger = LoggerFactory.getLogger(MyRealm.class);
// 授权方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
logger.info("--------------【授权方法】---------------");
return null;
}
// 认证方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
logger.info("--------------【认证方法】---------------");
return null;
}
}
添加shiro配置
1、配置安全管理器
@Bean
public SecurityManager securityManager(MyRealm myRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm);
return securityManager;
}
2、配置shiro过滤器
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager);
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/login", "anon");// 放行登录接口
filterMap.put("/**", "authc");// 所有请求都需要登录
bean.setFilterChainDefinitionMap(filterMap);
return bean;
}
这里拦截了所有路径并放行了登录接口路径
3、任意添加测试接口
@PostMapping("/login")
public String login(String username) {
return "登录成功【用户名】:" + username;
}
@PostMapping("/remove")
public String remove(