---spring boot2.0 整合 shiro1.4 手記----------------
1.---pom.xml添加依賴----------------------------------
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
2.---建立ShiroConfig類--------------------------------
2.1.建立shiroFilter Bean--->設置securityManager並且把請求規則加入Filter過濾鏈中
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager);
Map<String,String> filterMap=new LinkedHashMap<>();
filterMap.put("/news","perms[news]");
filterMap.put("/admin","roles[admin]");
filterMap.put("/index","anon");
filterMap.put("/**","authc");
bean.setFilterChainDefinitionMap(filterMap);
bean.setLoginUrl("/login");
bean.setSuccessUrl("/news");
bean.setUnauthorizedUrl("/unauth");
return bean;
}
2.2.//給SecurityManager設置需要管理的Realm,可以有多個Realm
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(new MyRealm());
return securityManager;
}
3.---實現自定義Realm重寫登錄驗證方法和授權訪問方法--------------------------------------------
public class MyRealm extends AuthorizingRealm {
@Override //登錄認證處理方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;
UserDao userDao=new UserDao();
SysUser user=new SysUser();
if(!token.getUsername().equals("")){
user =(SysUser) userDao.findByName(token.getUsername());
}
if(!user.getUsername().equals(token.getUsername())){
return null;
}
else {
SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(
user.getUsername(), //這個參數是給login回傳的信息。不是類對象什么的。
user.getPassword(),
getName());
return simpleAuthenticationInfo;
}
}
@Override //權限驗證處理方法
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 這個值是認證方法中的SimpleAuthenticationInfo對象的第一個參數的值即user.getUsername()
String username=(String) principalCollection.getPrimaryPrincipal();
System.out.print(username+">>>執行了授權方法\n");
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("admin"); //可以根據username查詢數據庫改用戶所有角色,可以根據username查詢數據庫改用戶所有資源權限
simpleAuthorizationInfo.addStringPermission("news");
return simpleAuthorizationInfo;
}
}
4.---controller中實現------------------------------------------------------------
@RequestMapping(value = "/login",method = RequestMethod.POST)
@ResponseBody
public String login(@RequestBody SysUser sysUser){
String name=sysUser.getUsername();
String pwd=sysUser.getPassword();
//包裝用戶名和密碼以備后邊其他類使用
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(name,pwd);
Subject subject = SecurityUtils.getSubject();
//shiro通過try catch 捕獲異常判斷login過程中的各種狀況。
try {
subject.login(usernamePasswordToken);
return "news2";
}
catch (UnknownAccountException e){
return "賬戶不正確";
}
catch (IncorrectCredentialsException e){
return "密碼不正確";
}
catch (Exception e){
System.out.print(e.toString()+"\n");
return e.toString();
}
}