申明
博客内容,切勿模仿
一、Spring boot继承shiro
1、导包
<!--springboot 整合shiro的包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.6.0</version>
</dependency>
2、shiro配置文件
shiro有三大主要理念 subject, securitymanager, realm
配置文件也就是配置他们三个。
package com.jet5devil.shirospringboot.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
@Configuration
public class ShiroConfig {
// ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(defaultWebSecurityManager);
/**
* anon: 无需认证就可以访问
* authc: 必须认证了才能访问
* user: 必须拥有记住我 功能才能访问
* perms: 拥有对某个资源的权限才能访问
* role: 拥有某个角色权限才能访问
*/
LinkedHashMap<String, String> hashMap = new LinkedHashMap<>();
hashMap.put("/user/*", "authc");
factoryBean.setFilterChainDefinitionMap(hashMap);
// 没有权限就登陆,这里的tologin是跳转到登录界面,login是登录的执行操作
factoryBean.setLoginUrl("/toLogin");
return factoryBean;
}
// DefaultWebSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
// realm
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
这里可能会报错,因为编写了一个UserRealm类,用来执行认证和授权,shiro有一个流程,就会跳转到这里
package com.jet5devil.shirospringboot.config;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了认证方法");
// 认证
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行了授权方法");
String name = "root";
String passwrod = "123123";
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
if (!token.getUsername().equals(name)){
return null;
}
// 授权
return new SimpleAuthenticationInfo("",passwrod,"");
}
}
我知道你们看不懂,因为这个给我 自己看的。
这里有篇文章,我看他字数很多,就贴这里了