首先我们需要在pom中导入有关shiro的包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.0</version>
</dependency>
在config包中,我们首先需要创建一个UserRealm的类
public class UserRealm extends AuthorizingRealm {
@Resource
private UserMapper userMapper;
/*
* 执行授权逻辑
* */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("执行授权逻辑");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
User user = (User)subject.getPrincipal();
User finduserbyid = userMapper.finduserbyid(user.getId());
info.addStringPermission(finduserbyid.getRole());
return info;
}
/*
* 执行认证逻辑
* */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) arg0;
User user = userMapper.finduser(token.getUsername());
if(user==null){
return null;
}
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}
}
同时我们还需要创建一个ShiroConfig的类。用户如果想访问其他功能页面,必须要经过登录后方可使用。
shiro内置过滤器,可以实现权限相关的拦截器
* 常用的拦截器:
* anon: 无需认证可以访问
* authc: 必须认证才可以访问
* user: 如果使用rememberMe的功能
* perms: 该资源必须得到资源权限才可以访问
* role: 该资源必须得到角色全学才可以访问
public class ShiroConfig {
/*
* 创建ShiroFilterFactoryBean
* */
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager)
{
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
/*
* shiro内置过滤器,可以实现权限相关的拦截器
* 常用的拦截器:
* anon: 无需认证可以访问
* authc: 必须认证才可以访问
* user: 如果使用rememberMe的功能
* perms: 该资源必须得到资源权限才可以访问
* role: 该资源必须得到角色全学才可以访问
* */
Map<String,String> map = new LinkedHashMap<String,String>();
map.put("/login","anon");
map.put("/loginsuccess","anon");
map.put("/register","anon"); //pwtaddsuccess
map.put("/pwtaddsuccess","anon");
map.put("/*","authc");
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
/*
* 创建DefaultWebSecurityManager
* */
@Bean(name = "getDefaultWebSecurityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getRealm")UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager =new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
/*
* 创建Realm
* */
@Bean(name = "getRealm")
public UserRealm getRealm(){
return new UserRealm();
}
}