shiro整合SpringBoot笔记
1.自定义一个UserRealm 继承 AuthorizingRealm,实现授权认证方法。
2.定义一个shiro配置类
分别配置ShiroFilterFactoryBean,DefaultWebSecurityManager,UserRealm的调用,并都加上@Bean注解放入Spring容器中。
@Bean(name = "userRealm")
public UserRealm getUserRealm(){
return new UserRealm();
}
UserRealm被DefaultWebSecurityManager调用
//创建DeafultwebSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联realm
securityManager.setRealm(userRealm);
return securityManager;
}
securityManager也被shirofilterfactorybean调用
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
/**
* anon 无需认证
* authc 必须认证才可以访问
* user rememberMe功能才能访问
* perms 该资源必须得到资源权限才可以访问
* role 该资源必须得到角色权限才可以访问
*/
Map<String, String> map = new LinkedHashMap<>();
map.put("/","anon");
map.put("/login","anon");
map.put("/add","perms[user:add]");
map.put("/update","perms[user:update]");
map.put("/*","authc");
shiroFilterFactoryBean.setLoginUrl("/tologin");
//设置未授权url
shiroFilterFactoryBean.setUnauthorizedUrl("/noAuthc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
其中主要在shiro过滤器中设置认证,授权功能。
此时返回UserRealm对其进行重写
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("UserRealm授权操作");
//给资源授权
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
/*info.addStringPermission("user:add");*/
Subject subject = SecurityUtils.getSubject();
//数据库查询授权字符串
UserInfo userInfo=(UserInfo)subject.getPrincipal();
UserInfo dbInfo = userInfoService.findById(userInfo.getId());
info.addStringPermission(dbInfo.getPerms());
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("UserRealm 认证操作");
/*String name="admin";
String password="admin";*/
UsernamePasswordToken token=(UsernamePasswordToken)authenticationToken;
UserInfo info = userInfoService.findByName(token.getUsername());
if(info==null){
return null;
}
return new SimpleAuthenticationInfo(info,info.getPassword(),"");
}
当然这是给自己看的。
详细开发文档和代码已贴。
提取码:7nru