在spring中整合shiro可以通过在xml文件中进行配置,但是在SpringBoot中,我们可以通过@Configuration注解写一个配置类来对shiro进行配置
SpringBoot集成shiro需要的依赖
<!-- 引入shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<!--shrio和thymeleaf集成的扩展依赖,为了能在页面上使用xsln:shrio的标签 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
Shiro配置文件
@Configuration
@EnableConfigurationProperties(ShiroProperties.class)
public class ShiroAutoConfiguration {
@Autowired
private ShiroProperties shiroProperties;
/**
* 创建凭证匹配器
*/
@Bean
public HashedCredentialsMatcher credentialsMatcher(){
HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(shiroProperties.getHashAlgorithmName());
credentialsMatcher.setHashIterations(shiroProperties.getHashIterations());
return credentialsMatcher;
}
/**
* 创建realm
*/
@Bean
public UserRealm userRealm(CredentialsMatcher credentialsMatcher){
UserRealm userRealm=new UserRealm();
//注入凭证匹配器
userRealm.setCredentialsMatcher(credentialsMatcher);
return userRealm;
}
/**
* 声明安全管理器
*/
@Bean("securityManager")
public SecurityManager securityManager(UserRealm userRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
/**
* 配置过滤器 Shiro 的Web过滤器 id必须和web.xml里面的shiroFilter的 targetBeanName的值一样
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
//注入安全管理器
bean.setSecurityManager(securityManager);
//注入登陆页面
bean.setLoginUrl(shiroProperties.getLoginUrl());
//注入未授权的页面地址
bean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
//注入过滤器
Map<String, String> filterChainDefinition=new HashMap<>();
//注入放行地址
if(shiroProperties.getAnonUrls()!=null&&shiroProperties.getAnonUrls().length>0){
String[] anonUrls = shiroProperties.getAnonUrls();
for (String anonUrl : anonUrls) {
filterChainDefinition.put(anonUrl,"anon");
}
}
//注入登出的地址
if(shiroProperties.getLogoutUrl()!=null){
filterChainDefinition.put(shiroProperties.getLogoutUrl(),"logout");
}
//注拦截的地址
String[] authcUrls = shiroProperties.getAuthcUrls();
if(authcUrls!=null&&authcUrls.length>0){
for (String authcUrl : authcUrls) {
filterChainDefinition.put(authcUrl,"authc");
}
}
bean.setFilterChainDefinitionMap(filterChainDefinition);
//创建自定义filter
ShiroLoginFilter filter=new ShiroLoginFilter();
Map<String,Filter> map=new HashMap<>();
map.put("authc",filter);
bean.setFilters(map);
return bean;
}
/**
* 注册shiro的委托过滤器,相当于之前在web.xml里面配置的
*/
@Bean
public FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBeanDelegatingFilterProxy(){
FilterRegistrationBean<DelegatingFilterProxy> bean=new FilterRegistrationBean<>();
//创建过滤器
DelegatingFilterProxy proxy=new DelegatingFilterProxy();
bean.setFilter(proxy);
bean.addInitParameter("targetFilterLifecycle","true");
bean.addInitParameter("targetBeanName","shiroFilter");
// bean.addUrlPatterns();
List<String> servletNames=new ArrayList<>();
servletNames.add(DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME);
bean.setServletNames(servletNames);
return bean;
}
/*加入注解的使用,不加入这个注解不生效--开始*/
/**
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
/*加入注解的使用,不加入这个注解不生效--结束*/
/**
* 这里是为了能在html页面引用shiro标签,上面两个函数必须添加,不然会报错
*/
@Bean(name = "shiroDialect")
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
}
使用一个类封装shiro的基本信息
@ConfigurationProperties(prefix = "shiro") // 读取yml文件中关于shiro的配置
@Data
public class ShiroProperties {
private String hashAlgorithmName="md5";
private Integer hashIterations=2;
private String loginUrl;
private String unauthorizedUrl;
private String [] anonUrls;
private String logoutUrl;
private String [] authcUrls;
}
关于使用@ConfigurationProperties(prefix = “shiro”)获取yml文件的值的说明
yml文件中Shiro的配置
#shiro的配置
shiro:
hash-algorithm-name: md5
hash-iterations: 2
# 用户访问未对其授权的资源时,所显示的连接
unauthorized-url: /unauthorized.html
# 过虑器链,拦截的是请求而不是资源,从上向下顺序执行,一般将/**放在最下边
# 无需认证即可访问的路径
anon-urls:
- /index.html*
- /login.html*
- /login/toLogin*
- /login/login*
# 要求登录时的链接(登录页面地址),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面
login-url:
- /index.html
# 如果用户访问user/logout就使用Shiro注销session
logout-url:
- /login/logout*
# 所有url都不可以匿名访问 必须放到最后面
authc-urls:
- /**
html页面中引入shiro标签库
<html xmlns:th="http://www.thymeleaf.org"
xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">