springboot整合shiro相关依赖和配置整理_shiro相关依赖下载-CSDN博客

本文链接：https://blog.csdn.net/weixin_44105802/article/details/106659557

本文详细介绍了如何在SpringBoot项目中整合Shiro，包括从GitHub下载Shiro的快速开始示例，添加Spring Boot项目的相关依赖，配置Shiro的properties文件，创建自定义的UserRealm实现认证和授权，以及ShiroConfig的配置步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

springboot整合shiro

一、shiro快速开始

去github下载shiro，找到samples/quickstart文件夹。用idea打开它，点进shiro.ini文件。这个时候idea会提示下载插件，下载它。

二、新建一个spring boot项目复制如下依赖

这些都是我整合好的，版本的话你可以自己控制。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.0.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>springboot06security</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springboot06security</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>


    <dependencies>
        <!-- shiro-thymeleaf整合-->
        <dependency>
            <groupId>com.github.theborakompanioni</groupId>
            <artifactId>thymeleaf-extras-shiro</artifactId>
            <version>2.0.0</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.16.10</version>
        </dependency>
        <!-- mysql-->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.19</version>
        </dependency>
        <!-- druid-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.1.12</version>
        </dependency>
        <!-- log4j-->
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
        </dependency>
        <!-- mybatis-->
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.1.2</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.5.3</version>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf-spring5</artifactId>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-java8time</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

三、改配置

我这里用的是properties，你也可以用yml。记得将quickstart里的log4j.properties复制到resources下。

spring.datasource.username=root
spring.datasource.password=admin
spring.datasource.url=jdbc:mysql:///mybatis?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

# 整合mybatis
mybatis.type-aliases-package=com.explore.shiro.pojo
mybatis.mapper-locations=classpath:mapper/*.xml

server.port=8081

四、在类路径下新建config包新建UserRealm类，继承AuthorizingRealm重写认证，授权方法。

public class UserRealm extends AuthorizingRealm {

@Autowired
UserService userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("11111111");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        //拿到当前登录的user对象
        Subject subject = SecurityUtils.getSubject();
        User principal =(User) subject.getPrincipal();

//设置当前用户的权限
info.addStringPermission(principal.getPerms());

return info;
}

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("2222222222222222");
        UsernamePasswordToken userToken = (UsernamePasswordToken) token;

//数据库取数据
User user = userService.queryUserByName(userToken.getUsername());

if(user == null){

            //如果用户名为null 抛出UnknownAccountException用户名不存在异常
            return null;
        }

        //密码认证，shiro做并且加密
        return new SimpleAuthenticationInfo(user,user.getPwd(),"");
    }
}

五、接着在config下新建ShiroConfig

@Configuration
public class ShiroConfig {

    //1.把自定义的UserRealm类给spring托管
    @Bean
    public UserRealm userRealm(){

        return new UserRealm();
    }

    //2.依赖步骤1
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        //@Qualifier通过spring把userRealm()以参数形式传过来，好让securityManager.setRealm(userRealm);关联

        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    //3.依赖步骤2
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);//执行这步前需要@Qualifier

        /*
        *   添加shiro的内置过滤器
        *
        *   anno        无需认证就能访问
        *   authc       需认证才能访问
        *   user        必须拥有 记住我 功能才能用
        *   perms       拥有对某个资源的权限才能访问
        *   role        拥有某个角色权限才能访问
        * */

        Map<String,String> filterMap = new LinkedHashMap<>();

        //授权
        filterMap.put("/user/add","perms[user:add]");
        filterMap.put("/user/update","perms[user:update]");//user:update是设置的权限

        //拦截
        /*filterMap.put("/user/add","authc");
        filterMap.put("/user/update","authc");*/
        filterMap.put("/user/*","authc");

        bean.setFilterChainDefinitionMap(filterMap);

        //设置登录的请求
        bean.setLoginUrl("/tologin");

        //设置未授权跳转的页面
        bean.setUnauthorizedUrl("/noauth");
        return bean;
    }

    //整合shiroDialect: 用来整合shiro thymeleaf
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
}