本文最后更新于:星期四, 三月 19日 2020, 11:40 晚上
导入依赖
<!--shiro 整合 spring-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.1</version>
</dependency>
Security.java
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
// 三大核心
//3 ShiroFileterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("webSecurityManager") DefaultWebSecurityManager webSecurityManager){// 需要 SecurityManager
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
// 设置安全管理器
bean.setSecurityManager(webSecurityManager);
// 添加过滤器
/*
anno:无需认证
authc: 必须认证
user: 必须拥有 记住我功能 才能用
perms: 拥有对某个资源的权限才能访问
role: 拥有某个角色权限才能访问
*/
Map<String, String> filterChainDefinitionMap = new HashMap<>();
// 设置资源的访问权限 请求路径 和 权限级别
/*filterChainDefinitionMap.put("/user/m1","authc");
filterChainDefinitionMap.put("/user/m2","authc");*/
filterChainDefinitionMap.put("/user/*","authc");
// 设置没有权限时 跳转到的登陆页面
bean.setLoginUrl("/tologin");
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return bean;
}
//2 DefaultWebSecutityManager
@Bean(name = "webSecurityManager") // 需要 UserRealm
public DefaultWebSecurityManager getdefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
//1 创建 realm 对象 需要自定义
@Bean
public UserRealm userRealm(){return new UserRealm();
}
}
class UserRealm extends AuthorizingRealm {
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println(" 执行授权 doGetAuthorizationInfo");
return null;
}
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println(" 执行授权 doGetAuthenticationInfo");
return null;
}
}