Spring boot 整合shiro
1:引入shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.6.0</version>
</dependency>
2.编写realm的规范,也就是授权与认证的规则
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("授权");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
User user= (User) subject.getPrincipal();//拿到认证时候 存储的user对象
info.addStringPermission(user.getPerms());//把用户的实际权限放入
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("认证");
UsernamePasswordToken usernamePasswordToken= (UsernamePasswordToken) authenticationToken;
User user=userService.queryUserByName(usernamePasswordToken.getUsername());
if (user==null){//数据库里没有这个人
return null;
}
return new SimpleAuthenticationInfo(user,user.getPwd(),"");//使用简单的认证传递过去,可以使用其他的MD5,与MD5颜值加密
}
}
3:编写shiro的config文件
@Configuration
public class ShiroConfig {
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("bean") DefaultWebSecurityManager manager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//设置安全管理器
bean.setSecurityManager(manager);
Map<String, String> map = new LinkedHashMap<>();
map.put("user/add","user:add");//这里就是 用户权限字段里的值 ,从UserRealme中拿
map.put("user/update","uers:update");
bean.setFilterChainDefinitionMap(map);
return bean;
}
//安全管理器
@Bean(name = "bean")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
这是错误
4:可以直接运行了
浙公网安备 33010602011771号