第一步:
引入pom文件
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
第二步:
添加realm
//实现AuthorizingRealm接口用户用户认证
public class MyShiroRealm extends AuthorizingRealm {
// 角色权限和对应权限添加
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 获取登录用户名
String loginId = (String) principalCollection.getPrimaryPrincipal();
// 添加角色和权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// 添加权限
//simpleAuthorizationInfo.addStringPermission("user:add");
//添加角色
//simpleAuthorizationInfo.addRole("admin");
return simpleAuthorizationInfo;
}
// 用户认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
throws AuthenticationException {
// 加这一步的目的是在Post请求的时候会先进认证,然后在到请求
if (authenticationToken.getPrincipal() == null) {
return null;
}
// 获取用户信息
String loginId = authenticationToken.getPrincipal().toString();
// if (user == null) {
// // 这里返回后会报出对应异常
// return null;
// } else {
// // 这里验证authenticationToken和simpleAuthenticationInfo的信息
// SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name,
// user.getPassword().toString(), getName());
// return simpleAuthenticationInfo;
// }
return null;
}
}
第三步:
添加config
@Configuration
public class ShiroConfiguration {
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
// 将自己的验证方式加入容器
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
// 权限管理,配置主要是Realm的管理认证
@Bean
public org.apache.shiro.mgt.SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
// Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<String, String>();
// 登出
map.put("/logout", "logout");
// 对所有用户认证
map.put("/**", "authc");
map.put("/system/auth_code/get_auth_code", "anon");
map.put("/user_login/login", "anon");
map.put("/user_login/login_test", "anon");
// 登录
shiroFilterFactoryBean.setLoginUrl("/user_login/go_login");
// 首页
shiroFilterFactoryBean.setSuccessUrl("/index");
// 错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
// 加入注解的使用,不加入这个注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
org.apache.shiro.mgt.SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
授权代码:
// 添加用户认证信息
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("admin", "pwd123456");
// 进行验证,这里可以捕获异常,然后返回对应信息
subject.login(usernamePasswordToken);
权限:
@RequiresPermissions("active:edit")
没有权限报错:参考:https://blog.csdn.net/qq_33002015/article/details/82761924?utm_source=blogxgwz3
@Configuration
public class ExceptionConf {
@Bean
public SimpleMappingExceptionResolver resolver() {
SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver();
Properties properties = new Properties();
properties.setProperty("org.apache.shiro.authz.UnauthorizedException", "/system/login/no_permission");
resolver.setExceptionMappings(properties);
return resolver;
}
}