前言:
網上有很多springboot 與 shiro 整合的資料,有些確實寫得很好, 對學習shiro和springboot 都有很大的幫助。 有些朋友比較省事, 直接轉發或者復制粘貼。但是沒有經過自己鍵盤敲打過的代碼, 不是自己的代碼。所以, 我這里就來記錄一個簡潔版的。 不牽涉db的。 廢話不多說, 開始。
一. jar包引入
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.4.0</version>
<exclusions>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- 由於前面的包里面不包含這個,所以要單獨引入, 如果不引入, shiro的權限注解不起作用 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
二. MyShiroRealm
public class MyShiroRealm extends AuthorizingRealm { //角色權限和對應權限添加 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { //獲取登錄用戶名 String name = (String) principalCollection.getPrimaryPrincipal(); //添加角色和權限 SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); //添加角色 simpleAuthorizationInfo.addRole("admin"); //添加權限 simpleAuthorizationInfo.addStringPermission("create"); return simpleAuthorizationInfo; } //用戶認證 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken atoken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) atoken; String name = token.getUsername(); if (name == null) { return null; }//這里驗證authenticationToken和simpleAuthenticationInfo的信息 SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, "123456", getName()); return simpleAuthenticationInfo; } }
這里由於沒有連接數據庫, 所以一些動態的地方, 直接寫死。
三. 配置文件
@Configuration public class ShiroConfiguration { //將自己的驗證方式加入容器 @Bean public MyShiroRealm myShiroRealm() { MyShiroRealm myShiroRealm = new MyShiroRealm(); return myShiroRealm; } //權限管理,配置主要是Realm的管理認證 @Bean public org.apache.shiro.mgt.SecurityManager securityManager(CacheManager cacheManager, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setSessionManager(sessionManager); securityManager.setRealm(myShiroRealm()); securityManager.setCacheManager(cacheManager); return securityManager; } //Filter工廠,設置對應的過濾條件和跳轉條件 @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map<String,String> map = new HashMap<String, String>(); //登出 map.put("/logout","logout"); map.put("/doLogin", "anon");//對所有用戶認證 map.put("/**","authc"); //登錄 shiroFilterFactoryBean.setLoginUrl("/login"); //首頁 shiroFilterFactoryBean.setSuccessUrl("/index"); //錯誤頁面,認證不通過跳轉 shiroFilterFactoryBean.setUnauthorizedUrl("/error"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; } //加入注解的使用,不加入這個注解不生效 @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } @Bean public CacheManager cacheManager(){ return new EhCacheManager(); } @Bean public SessionDAO sessionDAO(){ return new EnterpriseCacheSessionDAO(); } @Bean public SessionManager sessionManager(SessionDAO sessionDAO){ DefaultWebSessionManager manager = new DefaultWebSessionManager(); manager.setSessionDAO(sessionDAO); manager.setGlobalSessionTimeout(3600000); manager.setSessionValidationInterval(3600000); return manager; } }
四. 控制器
@RestController public class LoginController { @GetMapping("/login") public String login(){ return "need login"; } /登錄 @GetMapping("/doLogin") public String doLogin(String uid, String pwd){ //添加用戶認證信息 Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(uid,pwd); try{ //進行驗證,這里可以捕獲異常,然后返回對應信息 subject.login(token); } catch(Exception e){ return "login failed"; } return "login success"; } @RequestMapping(value = "/index") public String index(){ return "index"; } //登出 @RequestMapping(value = "/logout") public String logout(){ return "logout"; } //錯誤頁面展示 @GetMapping("/error") public String error(){ return "error ok!"; } @RequiresRoles("admin") @RequiresPermissions("create") @RequestMapping(value = "/create") public String create(){ return "Create success!"; } @RequiresPermissions("detail") @RequestMapping(value = "/detail") public String detail(){ return "uid"; } }
到這里, 代碼就敲完了。
application.yml里面, 只要兩行代碼:
server:
port: 8080
五. 結果檢驗
1. 訪問頁面: http://localhost:8080/doLogin?uid=abc&pwd=123456
2. 訪問: http://localhost:8080/create
3. 訪問: http://localhost:8080/detail
