06 Spring Boot 整合Shrio
整合Shrio
整合方法
-
导入依赖
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.5.3</version> </dependency> -
创建
UserRealm类,继承AuthorizingRealmpublic class UserRealm extends AuthorizingRealm { //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { return null; } } -
创建
ShiroConfig类配置shrio@Component public class ShiroConfig { //第三步:创建ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); //过滤 Map<String, String> filterChainDefinitionMap = new LinkedHashMap(); //filterChainDefinitionMap.put("/user/add", "anon"); //filterChainDefinitionMap.put("/user/update", "authc"); filterChainDefinitionMap.put("/user/*", "authc");//可使用通配符* shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); shiroFilterFactoryBean.setLoginUrl("/toLogin"); return shiroFilterFactoryBean; } //第二步:创建DefaultWebSecurityManager对象 @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } //第一步:创建Realm对象 @Bean public UserRealm userRealm(){ return new UserRealm(); } }
shiro使用方法
基本配置
-
获取当前subject
Subject subject = SecurityUtils.getSubject(); -
建立令牌
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password); -
try catch判断登录是否成功try { subject.login(usernamePasswordToken); //未异常,登陆成功 return "index"; } catch (UnknownAccountException e) { //用户名不存在 e.printStackTrace(); model.addAttribute("msg", "用户名不存在"); return "toLogin"; } catch (IncorrectCredentialsException e) { //密码错误 e.printStackTrace(); model.addAttribute("msg", "密码错误"); return "toLogin"; } -
在
UserRealm类中进行认证@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("AuthenticationInfo=>执行"); String userName = "admin"; String password = "123456"; UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; if(!token.getUsername().equals(userName)) { return null; } //可将用户信息对象存入第一个参数内 return new SimpleAuthenticationInfo("",password, ""); }
角色授权
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//建立授权对象
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//获取当前用户对象
Subject subject = SecurityUtils.getSubject();
//获取用户信息
Blogger blogger = (Blogger) subject.getPrincipal();
//判断是否为root用户
//真实项目中通过判断数据库字段权限类型
String user = blogger.getUserName().equals("root")?"user:add":"user:update";
//添加权限
simpleAuthorizationInfo.addStringPermission(user);
return simpleAuthorizationInfo;
}
Shiro整合thymeleaf
-
添加maven依赖
<dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency> -
添加命名空间
xmlns:shiro="http://www.pollix.at/thymeleaf/shiro" -
在ShiroConfig中配置Bean
@Bean(name = "shiroDialect") public ShiroDialect shiroDialect(){ return new ShiroDialect(); }
浙公网安备 33010602011771号