官网上的最新版本
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.1</version>
</dependency>
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class shiroConfig {
//拦截器
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("manager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilter=new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(defaultWebSecurityManager);
Map<String,String > filtermap=new LinkedHashMap<>();
// 添加需要拦截的url,需要认证才能访问
// filtermap.put("/","authc");
shiroFilter.setFilterChainDefinitionMap(filtermap);
//认证(登录)界面
shiroFilter.setLoginUrl("/touserlogin");
return shiroFilter;
}
//Shiro中的DefaultWebSecurityManager需要一个Realm,把自己的自定义Realm(对用户进行授权和认证)
//加入到securityManager中
@Bean(name="manager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("UserRealm") UserRealm UserRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(UserRealm);
return securityManager;
}
//自定义的Realm对象,在对象内进行授权认证功能
@Bean(name="UserRealm")
public UserRealm getblogUserRealm(){
return new UserRealm();
}
}
3.## 自定义Realm对象
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.lsp.community.Service.UserService;
import com.lsp.community.pojo.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import javax.servlet.http.HttpSession;
public class UserRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Override
//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection Collection) {
//这里可以通过数据库获取用户角色权限,然后给用户添加角色权限
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRole("hello");
authorizationInfo.addStringPermission("insert");
SecurityUtils.getSubject().getSession().setAttribute("permissions", "insert");
return authorizationInfo;
}
@Override
//认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken Token) throws AuthenticationException {
//获得token(令牌)
UsernamePasswordToken token = (UsernamePasswordToken) Token;
//验证用户
String username= token.getUsername();
QueryWrapper<User> wrapper=new QueryWrapper<>();
wrapper.eq("username",username);
User blogUser = userService.getOne(wrapper);
if (blogUser==null) {
//用户为空则表示账号错误,返回为空则会抛出UnknownAccountException e,需要在认证时进行捕获
return null;
}
//对密码进行验证,密码不匹配则会抛出IncorrectCredentialsException e
return new SimpleAuthenticationInfo("",blogUser.getUserpassword(), "");
}
}
Subject subject= SecurityUtils.getSubject();
UsernamePasswordToken token =new UsernamePasswordToken(username,password);
try {
subject.login(token);
}catch (UnknownAccountException e){
//账号不存在时,
}catch (IncorrectCredentialsException ex){
//密码错误时
}
//获取用户角色权限进行判断
//SecurityUtils.getSubject().hasRole("hello")
//SecurityUtils.getSubject().isPermitted("insert")