SpringBoot 2.0 整合shiro1.4 手记

Posted 阿强是小兵

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringBoot 2.0 整合shiro1.4 手记相关的知识,希望对你有一定的参考价值。


---spring boot2.0 整合 shiro1.4 手记----------------

1.---pom.xml添加依赖----------------------------------

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>

2.---建立ShiroConfig类--------------------------------

2.1.建立shiroFilter Bean--->设置securityManager并且把请求规则加入Filter过滤链中

@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){

ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();

bean.setSecurityManager(securityManager);

Map<String,String> filterMap=new LinkedHashMap<>();

filterMap.put("/news","perms[news]");

filterMap.put("/admin","roles[admin]");

filterMap.put("/index","anon");

filterMap.put("/**","authc");


bean.setFilterChainDefinitionMap(filterMap);

bean.setLoginUrl("/login");

bean.setSuccessUrl("/news");

bean.setUnauthorizedUrl("/unauth");

return bean;
}

2.2.//给SecurityManager设置需要管理的Realm,可以有多个Realm

@Bean
public SecurityManager securityManager(){

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

securityManager.setRealm(new MyRealm());

return securityManager;
}

3.---实现自定义Realm重写登录验证方法和授权访问方法--------------------------------------------

public class MyRealm extends AuthorizingRealm {


@Override //登录认证处理方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;

UserDao userDao=new UserDao();

SysUser user=new SysUser();

if(!token.getUsername().equals("")){

user =(SysUser) userDao.findByName(token.getUsername());
}

if(!user.getUsername().equals(token.getUsername())){

return null;
}
else {

SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(
user.getUsername(), //这个参数是给login回传的信息。不是类对象什么的。
user.getPassword(),
getName());
return simpleAuthenticationInfo;
}


}

@Override //权限验证处理方法
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

// 这个值是认证方法中的SimpleAuthenticationInfo对象的第一个参数的值即user.getUsername()
String username=(String) principalCollection.getPrimaryPrincipal();

System.out.print(username+">>>执行了授权方法\\n");

SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();

simpleAuthorizationInfo.addRole("admin"); //可以根据username查询数据库改用户所有角色,可以根据username查询数据库改用户所有资源权限


simpleAuthorizationInfo.addStringPermission("news");

return simpleAuthorizationInfo;
}
}


4.---controller中实现------------------------------------------------------------

@RequestMapping(value = "/login",method = RequestMethod.POST)
@ResponseBody
public String login(@RequestBody SysUser sysUser){

String name=sysUser.getUsername();
String pwd=sysUser.getPassword();
//包装用户名和密码以备后边其他类使用
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(name,pwd);

Subject subject = SecurityUtils.getSubject();

//shiro通过try catch 捕获异常判断login过程中的各种状况。
try {

subject.login(usernamePasswordToken);

return "news2";
}
catch (UnknownAccountException e){

return "账户不正确";
}
catch (IncorrectCredentialsException e){

return "密码不正确";
}
catch (Exception e){
System.out.print(e.toString()+"\\n");
return e.toString();
}

}

 

参考:https://www.cnblogs.com/boonya/p/7521754.html

以上是关于SpringBoot 2.0 整合shiro1.4 手记的主要内容,如果未能解决你的问题,请参考以下文章

springboot 2.0 整合 RestTemplate

springboot 2.0 整合 同时支持jsp+html跳转

Kafka在SpringBoot 2.0中的整合

SpringBoot 2.0 + Apache Dubbo 2.7.3 最新版整合方案

spring boot 2.0 整合 elasticsearch NoNodeAvailableException

SpingBoot:整合Elasticsearch7.2.0