SpringBoot整合Shiro 一:搭建环境
Java项目的安全框架一般使用 shiro 与 spring security
具体怎么选择可以参考文章:安全框架 Shiro 和 Spring Security 如何选择
我这里选择使用Shiro
环境搭建
创建SpringBoot项目
导入Maven依赖
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.5.1</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> <version>2.2.5.RELEASE</version> </dependency>
创建 Realm 类
需要继承 AuthorizingRealm
package com.zy.config; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class UserRealm extends AuthorizingRealm { //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("执行了=>授权doGetAuthorizationInfo"); return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("执行了=>认证doGetAuthenticationInfo"); return null; } }
Shiro配置类
步骤1
创建realm对象
//创建realm对象(步骤1) @Bean(name = "userRealm") public UserRealm userRealm(){ return new UserRealm(); }
步骤2
DefaultWebSecurityManager
--> import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
//DefaultWebSecurityManager(步骤2) @Bean(name = "defaultWebSecurityManager") public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager(); securityManager.setRealm(userRealm()); return securityManager; }
步骤3
ShiroFilterFactoryBean
//ShiroFilterFactoryBean(步骤3) @Bean(name = "shiroFilterFactoryBean") //@Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean(); bean.setSecurityManager(defaultWebSecurityManager); return bean; }
ShiroConfig搭建完成
package com.zy.config; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ShiroConfig { //ShiroFilterFactoryBean(步骤3) @Bean(name = "shiroFilterFactoryBean") //@Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean(); bean.setSecurityManager(defaultWebSecurityManager); return bean; } //DefaultWebSecurityManager(步骤2) @Bean(name = "defaultWebSecurityManager") public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager(); securityManager.setRealm(userRealm()); return securityManager; } //创建realm对象(步骤1) @Bean(name = "userRealm") public UserRealm userRealm(){ return new UserRealm(); } }
Controller
首先是index页面
index.html
<!DOCTYPE html> <html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>首页</h1> <p th:text="${msg}"></p> <a th:href="@{/user/add}">add</a> | <a th:href="@{/user/update}">update</a> </body> </html>
对应Controller
@RequestMapping({"/","/index"}) public String toIndex(Model model){ model.addAttribute("msg","HelloShiro"); return "index"; }
add页面
add.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>add</h1> </body> </html>
对应Controller
@RequestMapping("/user/add") public String add(){ return "user/add"; }
update页面
update.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>update</h1> </body> </html>
对应Controller
@RequestMapping("/user/update") public String update(){ return "user/update"; }
MyController(总)
package com.zy.controller; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; @Controller public class MyController { @RequestMapping({"/","/index"}) public String toIndex(Model model){ model.addAttribute("msg","HelloShiro"); return "index"; } @RequestMapping("/user/add") public String add(){ return "user/add"; } @RequestMapping("/user/update") public String update(){ return "user/update"; } }
测试
index界面
add界面
update界面
测试成功,搭建完成