返回顶部

springboot整合shiro

导入依赖

  • shiro整合spring
    <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-spring-boot-web-starter</artifactId>
   <version>1.7.1</version>
</dependency>

Config

  • shiro配置类

  @Bean
  public UserRealm userRealm(){
      return new UserRealm();
  }

  @Bean(name = "defaultWebSecurityManager")
  public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
      DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
      securityManager.setRealm(userRealm);
      return securityManager;
  }

  @Bean
  public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
      ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
      bean.setSecurityManager(defaultWebSecurityManager);
      //添加内置过滤器
      /**
       * anon  无需认证就可以访问
       * authc  认证才能访问
       * user  有 记住我 功能才能访问
       * perms 有资源权限才能访问
       * role  有角色权限才能访问
       */
      Map<String, String> filterMap = new LinkedHashMap<>();

      //设置访问权限
      //认证权限
      //filterMap.put("/user/*","authc");支持通配符
      filterMap.put("/user/add","authc");
      filterMap.put("/user/delete","authc");

      //只有 user:add 权限才能访问 add 页面
      filterMap.put("/user/add","perms[user:add]");

      //设置登录请求
      bean.setLoginUrl("/toLogin");
      //未授权进入此提醒页面
      bean.setUnauthorizedUrl("/unauthorized");

      bean.setFilterChainDefinitionMap(filterMap);
      return bean;
  }
  • Realm类

public class UserRealm extends AuthorizingRealm {
//    授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行授权");
        //设置当前用户权限
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addStringPermission("user:add");

        /**
         * 得到当前用户
         * Subject subject = SecurityUtils.getSubject();
         * 拿到 认证 方法中得到的 user 对象
         * User user = (User)subject.getPrincipal();
         * user 对象中有自己的 权限
         * info.addStringPermission(user.getPerms())
         */
        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行认证");
        //用户名、密码,数据库中取得
        //查询数据库返回 user 对象
        String name = "root";
        String pwd = "123123";
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        if (!token.getUsername().equals(name)){
            return null;//抛异常 UnknownAccountException
        }

        //AuthenticationInfo 是接口,返回该接口的实现类
        //shiro做密码认证
        return new SimpleAuthenticationInfo("",pwd,"");
//        return new SimpleAuthenticationInfo(user,pwd,"");
    }
}

Controller

  • 获取登录信息,通过 UsernamePasswordToken(username, password) 传递参数。
  • subject.login() 进行登录认证。

备注

  • 添加权限和角色

posted @ 2021-07-14 18:20  凑数的园丁  阅读(42)  评论(0编辑  收藏  举报