springboot-shiro

快速上手，先熟悉下几个常用的方法

 Factory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        SecurityManager securityManager = factory.getInstance();
 SecurityUtils.setSecurityManager(securityManager);

 Subject currentUser = SecurityUtils.getSubject();
  Session session = currentUser.getSession();

UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.getPrincipal())

currentUser.hasRole("schwartz")
currentUser.isPermitted("winnebago:drive:eagle5"))
currentUser.logout();

springboot 整合shiro关键的有两个地方。
1、自定义的Realm，实现用户认证、授权功能。
2、配置ShiroConfig 注入UserRealm，ShiroFilterFactoryBean 中设置安全管理器和过滤器。

package com.example.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.linkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    //ShiroFilterFactoryBean
    @Bean(name = "shiroFilterFactoryBean")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

        //设置过滤器
        Map filterMap =new linkedHashMap<>();

        filterMap.put("/user/add","perms[user:add]");//需要授权user:add,才能访问
        filterMap.put("/user/edit","perms[user:edit]");//需要授权user:add,才能访问
        filterMap.put("/user/*","authc");//请求必须要认证
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);

        // login
        shiroFilterFactoryBean.setLoginUrl("/toLogin");
        return shiroFilterFactoryBean;
    }

    //创建DefaultWdbSecurityManager
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联userRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    //创建 UserRealm
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }
}

package com.example.config;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

//1、自定义的Realm，实现用户认证、授权功能
public class UserRealm extends AuthorizingRealm {

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.printf("执行了授权 doGetAuthorizationInfo");
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addStringPermission("user:add");//正式项目，这里需要从数据库获取

        return simpleAuthorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.printf("执行了认证 doGetAuthenticationInfo");
        String name ="root" ;
        String password = "123456";
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        if(!token.getUsername().equals(name)){
            return null; //验证用户名
        }
        return new SimpleAuthenticationInfo("",password,"");
    }
}

完整代码（github）

springboot-shiro

Java相关栏目本月热门文章