第一步:引入Shiro的依赖
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.3</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.3</version> </dependency>第二步:使用AutoConfiguration方式注入
@Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter() { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setLoginUrl("/login"); shiroFilter.setSuccessUrl("/index"); shiroFilter.setUnauthorizedUrl("/forbidden"); Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>(); filterChainDefinitionMapping.put("/", "anon"); filterChainDefinitionMapping.put("/home", "authc,roles[guest]"); filterChainDefinitionMapping.put("/admin", "authc,roles[admin]"); shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping); shiroFilter.setSecurityManager(securityManager()); Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("anon", new AnonymousFilter()); filters.put("authc", new FormAuthenticationFilter()); filters.put("logout", new LogoutFilter()); filters.put("roles", new RolesAuthorizationFilter()); filters.put("user", new UserFilter()); shiroFilter.setFilters(filters); System.out.println(shiroFilter.getFilters().size()); return shiroFilter; } @Bean(name = "securityManager") public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(realm()); return securityManager; } @Bean(name = "realm") @DependsOn("lifecycleBeanPostProcessor") public PropertiesRealm realm() { PropertiesRealm propertiesRealm = new PropertiesRealm(); propertiesRealm.init(); return propertiesRealm; } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }第三步:使用Shiro的PropertiesRealm作为认证和授权管理器,所以添加classpath:/shiro-users.properties,格式为user.username = password,role1,role1,...
user.admin = 567890,admin,guest user.lenic = 123456,guest