当前位置 博文首页 > m0_46212244的博客:springboot整合shiro
1.导入需要(shiro)的依赖
<!--shiro依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<!--shiro和thymeleaf整合-->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2.代码演示
package com.zte.mds.web.config.security;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import java.util.HashMap;
import java.util.Map;
public class RealmConfig extends AuthorizingRealm {
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 拿到当前登录的对象
Subject subject = SecurityUtils.getSubject();
// 拿到User对象,这个是认证方法返回的
User principal = (User) subject.getPrincipal();
// 设置当前用户数据
info.addStringPermission(principal.getUserName());
return info;
}
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行认证");
// 演练比如数据库取到数据 ---PS:可以自行连接数据库测试
String userName = "1437";
String passWord = "201437";
String roles = "user:delete";
User user = new User();
user.setUserName(userName);
user.setPassWord(passWord);
user.setRoles(roles);
UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
if (!userToken.getUsername().equals(userName)) {
return null; // 抛出异常
}
// 将当前用户存入session
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
session.setAttribute("index", user);
// 密码认证shiro帮我们做了
return new SimpleAuthenticationInfo(user, passWord, "");
}
}
package com.zte.mds.web.config.security;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
@SuppressWarnings({"all"})
public class ShiroConfig {
// 创建shiro过滤工厂Bean
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(
@Qualifier("securityManagerBean") DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
/**
* anon: 无需认证就可以访问
* authc: 必须认证了才能访问
* user: 必须拥有记住我才能访问
* perms: 拥有对某个资源的权限才能访问
* role: 拥有某个角色权限才能访问
*/
Map<String, String> filterMap = new LinkedHashMap<>();
// 表示home页面下的所有请求都需要认证才能访问
filterMap.put("/home/*", "authc");
// 表示下面请求都需要认证才能访问
filterMap.put("/user/delete", "authc");
filterMap.put("/user/update", "authc");
// 将过滤的设置添加进bean
bean.setFilterChainDefinitionMap(filterMap);
// 如果没有认证 就跳转去登录页面
bean.setLoginUrl("/login");
// 授权,一般情况下,没有授权会跳转到未授权页面
filterMap.put("/user/delete", "perms[user:delete]");
filterMap.put("/user/update", "perms[user:update]");
// 如果没有授权
bean.setUnauthorizedUrl("/unauthorized");
return bean;
}
// 创建安全管理员
@Bean(name = "securityManagerBean")
public DefaultWebSecurityManager defaultWebSecurityManager(
@Qualifier("realmConfigBean") RealmConfig realmConfig) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realmConfig);
return securityManager;
}
// 创建realm对象
@Bean(name = "realmConfigBean")
public RealmConfig realmConfig() {
return new RealmConfig();
}
// 整合shiroDialect --用来整合shiro和thymelaef
@Bean(name = "shiroDialectBean")
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
}
package com.zte.mds.web.config.security;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.