springboot 与 shiro 整合 (简洁版)
2018-06-17 10:03
579 查看
前言:
网上有很多springboot 与 shiro 整合的资料,有些确实写得很好, 对学习shiro和springboot 都有很大的帮助。 有些朋友比较省事, 直接转发或者复制粘贴。但是没有经过自己键盘敲打过的代码, 不是自己的代码。所以, 我这里就来记录一个简洁版的。 不牵涉db的。 废话不多说, 开始。
一. jar包引入
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <scope>runtime</scope> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-autoconfigure</artifactId> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.4.0</version> <exclusions> <exclusion> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> </exclusion> </exclusions> </dependency> <!-- 由于前面的包里面不包含这个,所以要单独引入, 如果不引入, shiro的权限注解不起作用 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>5.0.7.RELEASE</version> </dependency>
二. MyShiroRealm
public class MyShiroRealm extends AuthorizingRealm {
//角色权限和对应权限添加
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取登录用户名
String name = (String) principalCollection.getPrimaryPrincipal();
//添加角色和权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//添加角色
simpleAuthorizationInfo.addRole("admin");
//添加权限
simpleAuthorizationInfo.addStringPermission("create");
return simpleAuthorizationInfo;
}
//用户认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken atoken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) atoken;
String name = token.getUsername();
if (name == null) {
return null;
}//这里验证authenticationToken和simpleAuthenticationInfo的信息
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, "123456", getName());
return simpleAuthenticationInfo;
}
}
这里由于没有连接数据库, 所以一些动态的地方, 直接写死。
三. 配置文件
@Configuration
public class ShiroConfiguration {
//将自己的验证方式加入容器
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
//权限管理,配置主要是Realm的管理认证
@Bean
public org.apache.shiro.mgt.SecurityManager securityManager(CacheManager cacheManager, SessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setSessionManager(sessionManager);
securityManager.setRealm(myShiroRealm());
securityManager.setCacheManager(cacheManager);
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> map = new HashMap<String, String>();
//登出
map.put("/logout","logout");
map.put("/doLogin", "anon");//对所有用户认证
map.put("/**","authc");
//登录
shiroFilterFactoryBean.setLoginUrl("/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("/index");
//错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
//加入注解的使用,不加入这个注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
@Bean
public CacheManager cacheManager(){
return new EhCacheManager();
}
@Bean
public SessionDAO sessionDAO(){
return new EnterpriseCacheSessionDAO();
}
@Bean
public SessionManager sessionManager(SessionDAO sessionDAO){
DefaultWebSessionManager manager = new DefaultWebSessionManager();
manager.setSessionDAO(sessionDAO);
manager.setGlobalSessionTimeout(3600000);
manager.setSessionValidationInterval(3600000);
return manager;
}
}
四. 控制器
@RestController
public class LoginController {
@GetMapping("/login")
public String login(){
return "need login";
}
/登录
@GetMapping("/doLogin")
public String doLogin(String uid, String pwd){
//添加用户认证信息
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(uid,pwd);
try{
//进行验证,这里可以捕获异常,然后返回对应信息
subject.login(token);
}
catch(Exception e){
return "login failed";
}
return "login success";
}
@RequestMapping(value = "/index")
public String index(){
return "index";
}
//登出
@RequestMapping(value = "/logout")
public String logout(){
return "logout";
}
//错误页面展示
@GetMapping("/error")
public String error(){
return "error ok!";
}
@RequiresRoles("admin")
@RequiresPermissions("create")
@RequestMapping(value = "/create")
public String create(){
return "Create success!";
}
@RequiresPermissions("detail")
@RequestMapping(value = "/detail")
public String detail(){
return "uid";
}
}
到这里, 代码就敲完了。
application.yml里面, 只要两行代码:
server:
port: 8080
五. 结果检验
1. 访问页面: http://localhost:8080/doLogin?uid=abc&pwd=123456
2. 访问: http://localhost:8080/create
3. 访问: http://localhost:8080/detail
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- spring boot整合shiro
- Spring boot+Shiro+ spring MVC+swagger UI +Mybatis+mysql+Vue +Element UI 之四 vue 整合Element UI
- SpringBoot学习:整合shiro(身份认证和权限认证),使用EhCache缓存
- Springboot整合shiro错误记录
- springboot(十四):springboot整合shiro-登录认证和权限管理
- SpringBoot+shiro整合学习之登录认证和权限控制
- springBoot shiro整合
- Spring Boot+Shiro+Redis(redisson)整合时,采用内嵌tomcat启动错误原因分析
- springboot(十四):springboot整合shiro-登录认证和权限管理
- spring boot 框架spring date jpa整合shiro
- springboot整合shiro
- springboot shiro 整合
- Spring Boot+Shiro+Redis(redisson)整合时,采用内嵌tomcat启动错误原因分析
- Spring Boot 整合 Shiro 进行登录认证
- springboot+shiro整合教程
- spring boot整合Shiro实现单点登录的示例代码
- springboot thymeleaf和shiro 整合——按钮可见性
- spring boot 整合shiro 配置类报错问题
- IDEA上搭建maven项目整合springboot+mybatis+shiro