SpringBoot是最近比较火的变态版spring系列框架,但是本文这里不是讲解springboot相关方知识的博文,如果有兴趣,博主会抽空整理写一篇。至于Shiro的相关理论知识以及实战(SSM),博主在之前的博文有详细介绍。
1.实战-Shiro安全框架(一)认证
2.实战-Shiro安全框架(二)权限控制
要实现Shiro与SpringBoot的整合,最核心的就是要将shiro的配置文件(xml)改写为springboot的Java配置方式,再配上相应的注解以及依赖,即可轻松简单完成转型,实现与springboot完美整合。
先总结一下:在springboot中整合shiro,在shiro的配置类只需配置三样东西--SecurityManager、ShiroFilter、Realms,其他的配置,springboot会自动帮我们配置。博主这里把所有配置都写出来了,方便我们理解。
第一步 引入shiro、web、mybatis等依赖
<!-- 导入web支持:SpringMVC开发支持,Servlet相关的程序 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- shiro与spring整合依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<!-- 导入mybatis相关的依赖 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.9</version>
</dependency>
<!-- mysql -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- SpringBoot的Mybatis启动器 -->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>
第二步 编写shiro配置类 --ShiroConfig.class
shiro的配置文件也好,配置类也好,里面的核心所在就是security manager 以及 shiro filter的配置
2.1配置cacheManager(需要开启缓存才配置)
这里博主强调一下,我们配置的cacheManager是shiro下自带的,而不是独立整合第三方的ehcache
将我们之前的ehcache.xml放在src/main/resources目录(classpath路径)下,然后添加以下依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.2.2</version>
</dependency>
@Bean(value = "cacheManager")
public EhCacheManager cacheManager(){
EhCacheManager cacheManager = new EhCacheManager();
cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
return cacheManager;
}
---------------------------------------------------------------------------------------------------------------------------------------------------------
这里博主顺便提一下如果我们的springboot项目想要独立整合EhCache缓存的话,是很非常简单的事。只需要在工程中加入我们之前的ehcache.xml配置文件并在pom.xml中增加ehcache依赖,框架只要发现该文件,就会创建EhCache的缓存管理器。
ehcache.xml放在src/main/resources目录下,如果不是的话,我们可以再在application.properties文件中使用spring.cache.ehcache.config属性来指定
spring.cache.ehcache.config=classpath:config/yourehcache.xml
然后添加以下依赖
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-core</artifactId>
<version>2.4.8</version>
</dependency>
-------------------------------------------------------------------------------------------------------------------------------------------------------
2.2配置authenticator(springboot会自动配置,可不配)
@Bean(value = "authenticator")
public ModularRealmAuthenticator authenticator() {
ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
return authenticator;
}
2.3配置realms
@Bean(value = "realms")
public List<Realm> realms() {
List<Realm> realms = new ArrayList<>();
UserRealm realm = new UserRealm();
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("MD5");
credentialsMatcher.setHashIterations(1024);
realm.setCredentialsMatcher(credentialsMatcher);
realms.add(realm);
return realms;
}
2.4配置securityManager
@Bean(value = "securityManager")
public DefaultWebSecurityManager securityManager(
//根据上面是否配置缓存来决定是否配置给securityManager
@Qualifier("cacheManager") EhCacheManager cacheManager,
// @Qualifier("authenticator") ModularRealmAuthenticator authenticator,
@Qualifier("realms") List<Realm> realms) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setCacheManager(cacheManager);
//springboot自动配置,可不配置
//securityManager.setAuthenticator(authenticator);
securityManager.setRealms(realms);
return securityManager;
}
2.5配置shiroFilter
@Bean
public ShiroFilterFactoryBean shiroFilter(
@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl("/showLogin.action");
shiroFilter.setSuccessUrl("/list.action");
shiroFilter.setUnauthorizedUrl("/unauthorized.action");
HashMap<String,String> map = new LinkedHashMap();
map.put("/showLogin.action","anon");
map.put("/logout.action","logout");
map.put("/user.action","roles[user]");
map.put("/admin.action","roles[admin]");
map.put("/**","authc");
shiroFilter.setFilterChainDefinitionMap(map);
return shiroFilter;
}
2.6配置 LifecycleBeanPostProcessor,并启用 IOC 容器中使用 shiro 的注解(springboot会自动配置,可不配)
@Bean(value = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
LifecycleBeanPostProcessor lifecycleBeanPostProcessor =
new LifecycleBeanPostProcessor();
return lifecycleBeanPostProcessor;
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator =
new DefaultAdvisorAutoProxyCreator();
return defaultAdvisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
@Qualifier("securityManager") DefaultWebSecurityManager securityManager
) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
先总结一下:在springboot中整合shiro,在shiro的配置类只需配置三样东西--SecurityManager、ShiroFilter、Realms,其他的配置,springboot会自动帮我们配置。博主这里把所有配置都写出来了,方便我们理解。
至此,整个shiro的Java配置类配置完毕,其他代码不用改,跟之前一样。最后在在application.properties文件中添加
spring.datasource.driverClassName=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/test
spring.datasource.username=root
spring.datasource.password=root
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
mybatis.type-aliases-package=com.yzj.po
编写springboot启动类
注意:springboot默认会自动扫描springboot启动类所在包及其子包的所有目录,所以它的位置很关键。但是,如果我们不想受这个限制,我们可以再springboot启动类的添加一个扫描注解来指定扫描那些包(目录)
@SpringBootApplication
@MapperScan("com.yzj.mapper")
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
shiro已经完美整合到springboot中。
由于Spring boot使用的内嵌的tomcat,而内嵌的tamcat是不支持jsp页面的,所有需要导入额外的包才能解决。最后的最后,我还们还需要添加tomcat以及jsp的依赖。
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</dependency>
//由于Spring boot使用的内嵌的tomcat,而内嵌的tamcat是不支持jsp页面的,所有需要导入额外的包才能解决。
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
————————————————
版权声明:本文为CSDN博主「啊杰eboy」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/China_eboy/article/details/83650411