springboot项目中使用shiro实现用户登录以及权限的验证

建立spring boot项目。
目录结构这个样子的

项目的jar包依赖

 
        
        
            org.apache.shiro
            shiro-spring
            1.4.1
        

        
            com.github.theborakompanioni
            thymeleaf-extras-shiro
            2.0.0
        


        
        
        
            org.mybatis.spring.boot
            mybatis-spring-boot-starter
            2.1.0
        


        
            org.springframework.boot
            spring-boot-starter-web
        
        
        
            org.springframework.boot
            spring-boot-starter-jdbc
        

        
        
            mysql
            mysql-connector-java
            runtime
        

        
            com.alibaba
            druid
            1.1.6
        

        

        
        
            org.thymeleaf
            thymeleaf-spring5
        

        
            org.thymeleaf.extras
            thymeleaf-extras-java8time
        


        
            org.springframework.boot
            spring-boot-starter-test
            test
        

    

配置文件.properties

#整合mybatis
mybatis.type-aliases-package=com.zheng.pojo
mybatis.mapper-locations=classpath:mybatis/mapper
        Map filterMap = new linkedHashMap<>();
        //授权，正常的情况下，没有授权会跳转到未授权页面
//        filterMap.put("/admin/*","authc");//admin请求下的都需要认证
        filterMap.put("/admin/add", "perms[user:add]");
        filterMap.put("/admin/update", "perms[user:update]");

        bean.setFilterChainDefinitionMap(filterMap);
        //如果没有认证、设置登录的请求
        bean.setLoginUrl("/toLogin");
        //如果没有授权，跳转到未收取页面
        bean.setUnauthorizedUrl("/ungrant");
        return bean;

    }

    //DefaultWebSecurityManager
    @Bean(name = "securitymanager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
        DefaultWebSecurityManager securitymanager = new DefaultWebSecurityManager();
        //关联UserRealm
        securitymanager.setRealm(userRealm);
        return securitymanager;


    }

    //创建realm对象，需要自定义安装
    @Bean
    public UserRealm userRealm() {

        return new UserRealm();
    }


    //整合ShiroDialect:用来整合shiro thymeleaf
    @Bean
    public ShiroDialect getShiroDialect() {
        return new ShiroDialect();
    }


}

授权和认证

package com.zheng.config;

import com.zheng.pojo.User;
import com.zheng.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;


//自定义的UserRealm

public class UserRealm extends AuthorizingRealm {

    @Autowired
    UserService userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        System.out.println("执行了授权");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//        info.addStringPermission("user:update");

        //拿到当前的登录对象
        Subject subject = SecurityUtils.getSubject();
        User user = (User)subject.getPrincipal();

        //设置当前用户的权限
        info.addStringPermission(user.getPerm());

        return info;

    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        // 第一种方式
        // 获取用户输入的账号和密码(一般只需要获取账号就可以)
        System.out.println("执行了认证");
        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
        //连接真实的数据库

        User user = userService.login(userToken.getUsername());

        //1、思路：在用户表中新增加一个权限字段、然后再次查询数据库获得该用户所具有的权限（该权限为要给集合？？？？？？
        if(user == null){
            //没有这个人
            return null;
        }
        //密码认证
        return  new SimpleAuthenticationInfo(user,user.getPassword(),"");

    }
}

关键解说：