springboot整合shiro

 

1.shiro实现登陆拦截

package com.liu.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager ){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(securityManager);
        //自定义拦截规则
        Map<String, String> filterMap = new LinkedHashMap<>();
        /**
         * anon:无需认证就可以访问
         * authc:必须认证了才能访问
         * user:必须拥有了 记住我 功能才能用
         * perms:拥有了对某个资源的权限才能访问
         * role:拥有某个角色权限才能访问
         */
        // filterChainDefinitionMap.put("/user/**","authc");
        filterMap.put("/user/add","perms[user-add]");
        filterMap.put("/user/update","perms[user-update]");

        bean.setFilterChainDefinitionMap(filterMap);
        //设置登陆的请求
        bean.setLoginUrl("/toLogin");
        //设置未授权页面
        bean.setUnauthorizedUrl("/noauth");
        return bean;
    }

    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager SecurityManager = new DefaultWebSecurityManager();
       //关联自定义的realmm
        SecurityManager.setRealm(userRealm);
        return SecurityManager;
    }

    @Bean //自定义realm
    public UserRealm userRealm(){
        return new UserRealm();
    }

    //整合shiroDialog 整合shiro+thymeleaf
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }

}

2.shiro实现用户认证和请求授权

package com.liu.config;

import com.liu.mapper.UserMapper;
import com.liu.pojo.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
//认证===》授权===》过滤
public class UserRealm extends AuthorizingRealm {
    @Autowired
    private UserMapper userMapper;
    @Override//授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //获得当前登陆用户
        Subject subject = SecurityUtils.getSubject();
        User user = (User) subject.getPrincipal();//从认证中SimpleAuthenticationInfo添加的user
        //获得当前的登陆用户的权限
        info.addStringPermission(user.getPerms());
        return info;
    }

    @Override//认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

        //从数据库中取出用户信息
        String username = token.getUsername();

        //从数据库中取出用户信息
        User user = userMapper.getUserByUsername(username);
        if (!token.getUsername().equals(user.getName())){
            return null;
        }

        SecurityUtils.getSubject().getSession().setAttribute("loginUser",user);

        return new SimpleAuthenticationInfo(user,user.getPwd(),this.getName());
    }
}

 

posted @ 2020-05-05 23:15  帅的土掉渣  阅读(158)  评论(0编辑  收藏  举报