一、引入pom依赖
org.apache.shiro
shiro-spring
1.4.1
二、创建ShiroConfig
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.ShiroFilter;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.linkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
//ShiroFilterFactory
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
//添加shiro的内置过滤器
//登录拦截
Map filterMap = new linkedHashMap<>();
//拦截 填写对应的路径
filterMap.put("/user
//自定义的UserRealm extends AuthorizingRealm
public class UserRealm extends AuthorizingRealm {
@Autowired
UserService userService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermission("0"); //填写权限
//拿到当前登录的这个对象 该对象在认证内return里存入user对象,在此拿到值
Subject subject = SecurityUtils.getSubject();
User currentUser = (User) subject.getPrincipal(); //拿到user对象
//设置用户权限
info.addStringPermission(currentUser.getEmail());
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
//和数据库交互
User user = userService.queryUserByEmail(userToken.getUsername());
if(user == null){ //查无此人
return null;
}
//存入session
Subject currentSubject = SecurityUtils.getSubject();
Session session = currentSubject.getSession();
session.setAttribute("loginUser",user);
//可以加密 MD5加密 MD5盐值加密
//密码认证 shiro去做 密码加密
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}
}
七、线上测试(省略)
