当前位置 主页 > 服务器问题 > Linux/apache问题 >

    Springboot整合Shiro的代码实例

    栏目:Linux/apache问题 时间:2019-11-05 16:47

    这篇文章主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

    1、导入依赖

    <!--shiro-->
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-spring</artifactId>
      <version>1.4.0</version>
    </dependency>

    2、创建ShiroRealm.java文件

    (这里按照需求,只做登录认证这块)

    package com.hyqfx.manager.shiro;
    
    import com.baomidou.mybatisplus.mapper.EntityWrapper;
    import com.hyqfx.manager.entity.po.SystemAdmin;
    import com.hyqfx.manager.service.ISystemAdminService;
    import org.apache.shiro.authc.*;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.springframework.beans.factory.annotation.Autowired;
    
    public class ShiroRealm extends AuthorizingRealm {
    
      @Autowired
      private ISystemAdminService adminService;
    
      //授权
      @Override
      protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        /*
        //获取登录用户名
        String name= (String) principalCollection.getPrimaryPrincipal();
        //查询用户名称
        User user = loginService.findByName(name);
        //添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (Role role:user.getRoles()) {
          //添加角色
          simpleAuthorizationInfo.addRole(role.getRoleName());
          for (Permission permission:role.getPermissions()) {
            //添加权限
            simpleAuthorizationInfo.addStringPermission(permission.getPermission());
          }
        }
        return simpleAuthorizationInfo;*/
    
    
        return null;
      }
    
      //认证
      @Override
      protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //加这一步的目的是在Post请求的时候会先进认证,然后在到请求
        if (authenticationToken.getPrincipal() == null) {
          return null;
        }
        //获取用户信息
        String name = authenticationToken.getPrincipal().toString(); 
        SystemAdmin admin = adminService.selectOne(new EntityWrapper<SystemAdmin>().eq("username",name));
    
        if (admin == null) {
          return null;
        } else {
          //这里验证authenticationToken和simpleAuthenticationInfo的信息
          SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, admin.getPassword().toString(), getName());
          return simpleAuthenticationInfo;
        }
      }
    }

    3、创建ShiroConfiguration.java文件

    package com.becl.config;
    
    import com.becl.shiro.PasswordMatcher;
    import com.becl.shiro.ShiroRealm;
    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import java.util.HashMap;
    import java.util.Map;
    
    @Configuration
    public class ShiroConfiguration {
    
    
    
      //将自己的验证方式加入容器
      @Bean
      public ShiroRealm myShiroRealm() {
        ShiroRealm myShiroRealm = new ShiroRealm();
        myShiroRealm.setCredentialsMatcher(passwordMatcher());//装配自定义的密码验证方式
        return myShiroRealm;
      }
    
      // 配置加密方式
      // 配置了一下,这货就是验证不过,,改成手动验证算了,以后换加密方式也方便
      @Bean
      public PasswordMatcher passwordMatcher() {
        return new PasswordMatcher();
      }
    
      //权限管理,配置主要是Realm的管理认证
      @Bean
      public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        return securityManager;
      }
    
      //Filter工厂,设置对应的过滤条件和跳转条件
      @Bean
      public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String,String> map = new HashMap<String, String>();
        //登出
        map.put("/logout","logout");
        //不需要认证
        map.put("/logout","anon");
        map.put("/login*","anon");
        map.put("/shiroError","anon");
        //对所有用户认证
        map.put("/**","authc");
        //map.put("/**","anon");
        //登录
        shiroFilterFactoryBean.setLoginUrl("/login");
        //首页
        shiroFilterFactoryBean.setSuccessUrl("/index");
        //错误页面,认证不通过跳转
        shiroFilterFactoryBean.setUnauthorizedUrl("/shiroError");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;
      }
    
      //加入注解的使用,不加入这个注解不生效
      @Bean
      public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
      }
    
    }