一.shiro的核心API
Subject:用户主体(把操作交给SecurityManager)
SecurityManager:安全管理器(关联Realm)
Realm:Shiro 连接数据的桥梁
二.SpringBoot整合Shiro
1. 导入Shiro与springboot整合的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
2.自定义Reaml类
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权逻辑");
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行认证逻辑");
return null;
}
}
3.编写Shiro配置类过滤器实现页面拦截
@Configuration
public class ShiroConfig {
/*
创建ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager)
{
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
//1.设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
/**2. 添加shiro内置过滤器,可以实现权限相关的拦截
* 常用的过滤器:
* anon:无需认证(登录)可以访问
* authc: 必须认证才能访问
* user: 如果使用rememberMe的功能可以直接访问
* perms:该资源必须得到资源权限才可以访问
* role:该资源必须得到角色权限才能访问
**/
Map<String,String> filterMap=new LinkedHashMap<String,String>();
filterMap.put("/sysmenu/*","anon");
filterMap.put("/index","anon");
filterMap.put("/*","authc");
//修改跳转的登录页面
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/*
创建DefaultWebSecurityManager
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm)
{
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
/*
创建Realm
*/
@Bean(name="userRealm")
public UserRealm getReal(){
return new UserRealm();
}
}