import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
public class MyShiroRealm extends AuthorizingRealm {
//slf4j记录日志,可以不使用
private Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);
@Autowired
private LoginService loginService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
logger.info(“开始授权(doGetAuthorizationInfo)”);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//角色
Set roles = new HashSet<>();
roles.add(“role1”);
authorizationInfo.setRoles(roles);
//权限
Set permissions = new HashSet<>();
permissions.add(“user:list”);
authorizationInfo.setStringPermissions(permissions);
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
logger.info(“开始认证(doGetAuthenticationInfo)”);
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String username = token.getUsername();
String password = new String(token.getPassword());
//查询用户是否存在,这里是用的Mybatis Plus,可以根据自己的方式进行校验
QueryWrapper queryWrapper = new QueryWrapper<>();
queryWrapper.eq(“name”, username);
queryWrapper.eq(“password”, password);
UserPO userPO = loginService.querySingle(queryWrapper);
if (Objects.isNull(userPO)) {
throw new IncorrectCredentialsException(“用户名密码错误!”);
}
return new SimpleAuthenticationInfo(
userPO,
token.getPassword(),
getName()
);
}
}
3.创建shiro配置类
package com.youyou.login.config;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.linkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfiguration {
private static Logger logger = LoggerFactory.getLogger(ShiroConfiguration.class);
private static final String ANON = “anon”;
private static final String AUTHC = “authc”;
@Bean(name = “shiroFilter”)
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
logger.info(“进入shiroFilter…”);
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//设置不需要拦截的路径
Map
//按顺序依次判断,这是一个责任链模式,如果有匹配的拦截,后面就不会匹配了
filterChainDefinitionMap.put("/static
//这里,如果以后再项目中使用的话,直接从数据库中查询
filterChainDefinitionMap.put("/user/list", “authc,perms[user:list]”);
//filterChainDefinitionMap.put("/user/add", “authc,perms[user:add]”);
/初始化所有的权限信息开始结束******/
filterChainDefinitionMap.put("/api/**", AUTHC);
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login");
// 登录成功后要跳转的链接
// shiroFilterFactoryBean.setSuccessUrl("/index");
//未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
//后面这里可以设置缓存的机制
return myShiroRealm;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
@Bean
