springBoot shiro
Posted -mzh
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了springBoot shiro相关的知识,希望对你有一定的参考价值。
@Configuration
public class ShiroConfig
/**
* 过滤器默认权限表 anon=anon, authc=authc, authcBasic=authcBasic, logout=logout,
* noSessionCreation=noSessionCreation, perms=perms, port=port,
* rest=rest, roles=roles, ssl=ssl, user=user
* <p>
* anon, authc, authcBasic, user 是第一组认证过滤器
* perms, port, rest, roles, ssl 是第二组授权过滤器
* <p>
* user 和 authc 的不同:当应用开启了rememberMe时, 用户下次访问时可以是一个user, 但绝不会是authc,
* 因为authc是需要重新认证的, user表示用户不一定已通过认证, 只要曾被Shiro记住过登录状态的用户就可以正常发起请求,比如rememberMe
* 以前的一个用户登录时开启了rememberMe, 然后他关闭浏览器, 下次再访问时他就是一个user, 而不会authc
*
* @param securityManager 初始化 ShiroFilterFactoryBean 的时候需要注入 SecurityManager
*/
@Autowired
private SessionDAO sessionDao;
@Bean
public FilterRegistrationBean filterRegistrationBean()
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
return filterRegistration;
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager)
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// setLoginUrl 如果不设置值,默认会自动寻找Web工程根目录下的"/login.jsp"页面 或 "/login" 映射
shiroFilterFactoryBean.setLoginUrl("/jf/login");
shiroFilterFactoryBean.setSuccessUrl("/jf?login");
// 设置无权限时跳转的 url;
shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");
Map<String, javax.servlet.Filter> map = new HashMap();
CasFilter casFilter = new CasFilter();
casFilter.setFailureUrl("/jf/login");
FormAuthenticationFilter formAuthenticationFilter = new FormAuthenticationFilter();
map.put("cas",casFilter);
map.put("authc",formAuthenticationFilter);
shiroFilterFactoryBean.setFilters(map);
// 设置拦截器
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
//游客,开发权限
filterChainDefinitionMap.put("/jf/sad/**", "anon");
filterChainDefinitionMap.put("/jf/lt/**", "anon");
filterChainDefinitionMap.put("/jf/gq/**", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/lt/**", "anon");
filterChainDefinitionMap.put("/userfiles/**", "anon");
filterChainDefinitionMap.put("/include/**", "anon");
filterChainDefinitionMap.put("/ajax/**", "anon");
//测试使用
filterChainDefinitionMap.put("/ceshi/**", "anon");
//用户,需要角色权限 “user”
// filterChainDefinitionMap.put("/jf/**", "roles[user]");
// filterChainDefinitionMap.put("/jf/cas", "roles[cas]");
// filterChainDefinitionMap.put("/act/editor/**", "roles[user]");
// filterChainDefinitionMap.put("/act/rest/service/**", "roles[user]");
// filterChainDefinitionMap.put("/ReportServer/**", "roles[user]");
// filterChainDefinitionMap.put("/jf/login", "authc");
filterChainDefinitionMap.put("/act/editor/**", "user");
filterChainDefinitionMap.put("/act/rest/service/**", "user");
filterChainDefinitionMap.put("/ReportServer/**", "user");
filterChainDefinitionMap.put("/jf/cas", "cas");
filterChainDefinitionMap.put("/jf/login", "authc");
filterChainDefinitionMap.put("/*", "user");
filterChainDefinitionMap.put("/jf/**", "user");
//管理员,需要角色权限 “admin”
// filterChainDefinitionMap.put("/admin/**", "roles[admin]");
//开放登陆接口
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/test/**", "anon");
filterChainDefinitionMap.put("/act/rest/service/editor/**", "perms[act:model:edit]");
filterChainDefinitionMap.put("/act/rest/service/model/**", "perms[act:model:edit]");
//其余接口一律拦截
//主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截
// filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
System.out.println("Shiro拦截器工厂类注入成功");
return shiroFilterFactoryBean;
// 缓存配置
@Bean
public EhCacheManager cacheManager()
EhCacheManager ehCacheManager = new EhCacheManager();
EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean(); //使用内存缓存
ehCacheManager.setCacheManager(CacheManager.create());
cacheManager.setShared(true);
return ehCacheManager;
@Bean(name = "sessionManager")
public DefaultWebSessionManager sessionManager()
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
// 设置session过期时间3600s
sessionManager.setGlobalSessionTimeout(Long.valueOf(Global.getConfig("session.sessionTimeout")));
sessionManager.setSessionValidationInterval(Long.valueOf(Global.getConfig("session.sessionTimeoutClean")));
sessionManager.setSessionValidationSchedulerEnabled(true);
SimpleCookie simpleCookie = new SimpleCookie();
simpleCookie.setName("cciinet.erp.session.id");
sessionManager.setSessionIdCookie(simpleCookie);
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionDAO(sessionDao);
return sessionManager;
/**
* 注入 securityManager
*/
@Bean
public SecurityManager securityManager(SystemAuthorizingRealm customRealm, EhCacheManager shiroCacheManager/*, SessionManager sessionManager*/)
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm.
/* sessionManager.setGlobalSessionTimeout(Long.valueOf(Global.getConfig("session.sessionTimeout")));
sessionManager.setSessionValidationInterval(Long.valueOf(Global.getConfig("session.sessionTimeoutClean")));
sessionManager.setSessionValidationSchedulerEnabled(true);*/
/* SimpleCookie simpleCookie = new SimpleCookie();
simpleCookie.setName("cciinet.erp.session.id");
sessionManager.setSessionIdCookie(simpleCookie);
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionDAO(sessionDao);*/
securityManager.setRealm(customRealm);
securityManager.setCacheManager(shiroCacheManager);
// securityManager.setSessionManager(sessionManager);
securityManager.setRememberMeManager(null);
SecurityUtils.setSecurityManager(securityManager);
return securityManager;
以上是关于springBoot shiro的主要内容,如果未能解决你的问题,请参考以下文章
SpringBoot入门到精通-SpringBoot自定义starter
最全面的SpringBoot教程——SpringBoot概述