springboot加shiro配置

ShiroConfig

package com.ys.dha.edunhuang.mark.shiro;

import java.util.LinkedHashMap;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    //创建ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getshirofilterFactotyBean(@Qualifier("SecurityManager")DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shirofilterFactotyBean=new ShiroFilterFactoryBean();
        shirofilterFactotyBean.setSecurityManager(securityManager);
        
        Map<String, String> filerMapper=new LinkedHashMap<String, String>();
//        filerMapper.put("/views/*", "authc"); views下的所有页面登录后访问
//        filerMapper.put("/", "anon");无需登录也能访问
        
//        filerMapper.put("/views","authc");
//        filerMapper.put("/views2","authc");
        //未登录无法访问的方法(页面)
        filerMapper.put("/updatemionct","authc");
        filerMapper.put("/savePolygonControllerViews","authc");
        //未授权无法访问的页面
        filerMapper.put("/annotationviews","perms[user:view]");
        //设置登录页面
        shirofilterFactotyBean.setLoginUrl("/login");
        //设置未授权拦截页面
        shirofilterFactotyBean.setUnauthorizedUrl("/noauth");
        
        shirofilterFactotyBean.setFilterChainDefinitionMap(filerMapper);
        
        return shirofilterFactotyBean;
    }
    
    
    //创建DefaultWebSecurityManager
    @Bean(name="SecurityManager")
    public DefaultWebSecurityManager defaultManger(@Qualifier("userRealm")UserRealm userRealm) {
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
        //关联realm
        securityManager.setRealm(userRealm);
        return securityManager;
        
    }
    
    //创建Realm
    @Bean(name="userRealm")
    public UserRealm getRealm(){
        UserRealm userRealm=new UserRealm();
        userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return new UserRealm();
    }
    
     @Bean
     public HashedCredentialsMatcher hashedCredentialsMatcher(){
         HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
         // 使用md5 算法进行加密
         hashedCredentialsMatcher.setHashAlgorithmName("md5");
         // 设置散列次数： 加密次数(这个地方没有盐值也不会影响密码对比)
         hashedCredentialsMatcher.setHashIterations(3);
         return hashedCredentialsMatcher;
     }
    
    
}

UserRealm

package com.ys.dha.edunhuang.mark.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

import com.ys.dha.edunhuang.mark.pojo.Sysuser;
import com.ys.dha.edunhuang.mark.service.UserService;

public class UserRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;
    
    public UserService getUserService() {
        return userService;
    }

    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        // TODO Auto-generated method stub
        System.out.println("执行授权");
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
//        Subject subject=SecurityUtils.getSubject();
        //拿到User对象
//        Sysuser currentUser = (Sysuser)subject.getPrincipal();
//        //获取当前用户的权限
//        info.addStringPermission(currentUser.getPerms());
//        System.out.println("取到当前用户权限"+currentUser.getPerms());
        info.addStringPermission("user:view");
        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        // TODO Auto-generated method stub
//        String name="root";
//        String password="1234";
        System.out.println("执行认证");
        UsernamePasswordToken usertoken=(UsernamePasswordToken)token;
        //获取到token的usernmae
        String userName=usertoken.getUsername();
        //获取到token的password
        String passWord="";
        if(usertoken.getPassword()!=null) {
            passWord=(new String(usertoken.getPassword())).toUpperCase();
        }
        System.out.println("用户名"+userName+"密码"+passWord);
        Sysuser user=userService.login(usertoken.getUsername());
        //如果user为null返回null提示用户名有误
        if(user==null) {
            System.out.println("用户名有误");
            return null;
        }else {
            return new SimpleAuthenticationInfo(user,user.getPassWord(),"");
        }
        
    }

}

POM

<dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.0</version>
        </dependency>