此文章只是为了要使用shiro的时候可以快速复制使用
1.引入相关的依赖
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.1</version>
</dependency>
<!--thymeleaf-shiro整合 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2.编写 ShiroConfig和UserReam
@Configuration
public class ShiroConfig {
//ShiroFilterFactoryBean:3
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager getDefaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//设置安全管理器
bean.setSecurityManager(getDefaultWebSecurityManager);
//添加shiro的内置过滤器
/*
anon:无需认证就可以访问
authc:必须认证了才能访问
user:必颈拥有记住我功能才能用
perms :拥有对某个资源的权限才能访问
role:拥有某个角色权限才能访问
*/
Map<String,String> filterMap = new LinkedHashMap<>();
//拦截
filterMap.put("/index","user");
filterMap.put("/password.html","authc");
filterMap.put("/admin/*","authc");
filterMap.put("/user/*","authc");
bean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求
bean.setLoginUrl("/toLogin");
//设置未授权页面
bean.setUnauthorizedUrl("/404");
return bean;
}
//DefaultWebSecurityManager:2
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联userReaml
securityManager.setRealm(userRealm());
return securityManager;
}
//创建UserReaml对象,需要自定义类
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
//整合ShiroDialect : 用来整合shiro thymeleaf
@Bean
public ShiroDialect getShiroDialect(){
return new ShiroDialect();
}
//添加记住我功能
@Bean
public SimpleCookie getSimpleCookie(){
SimpleCookie cookie = new SimpleCookie();
cookie.setHttpOnly(true);
cookie.setMaxAge(2592000);
// System.out.println("getSimpleCookie==>" + cookie);
return cookie;
}
}
public class UserRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Autowired
ReaderService readerService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//拿到当前登录的对象
Subject subject = SecurityUtils.getSubject();
String role = (String) subject.getSession().getAttribute("role");
if ("admin".equals(role)){ //管理员
User currentUser = (User) subject.getPrincipal();//拿到当前对象
//设置当前用户的权限
info.addStringPermission(currentUser.getRole());
}else { //学生
Reader currentReader = (Reader)subject.getPrincipal();
info.addStringPermission(currentReader.getRole());
}
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
User user=null;
Reader reader=null;
Subject subject = SecurityUtils.getSubject();
String role = (String) subject.getSession().getAttribute("role");
UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
//通过数据库验证
if ("admin".equals(role)){ //管理员
user = userService.selectUserByUsername(token.getUsername());
if (user==null){
return null; //抛出异常
}
//密码认证,shiro帮我们做
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}else { //学生
reader=readerService.selectReaderByUsername(token.getUsername());
if (reader==null){
return null;// 抛出异常
}
//密码认证,shiro帮我们做
return new SimpleAuthenticationInfo(reader,reader.getPassword(),"");
}
}
}