06 Spring Boot 整合Shrio

整合Shrio

整合方法

1. 导入依赖 <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.5.3</version> </dependency>
2. 创建UserRealm类，继承AuthorizingRealm public class UserRealm extends AuthorizingRealm { //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { return null; } }
3. 创建ShiroConfig类配置shrio @Component public class ShiroConfig { //第三步：创建ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); //过滤 Map<String, String> filterChainDefinitionMap = new LinkedHashMap(); //filterChainDefinitionMap.put("/user/add", "anon"); //filterChainDefinitionMap.put("/user/update", "authc"); filterChainDefinitionMap.put("/user/*", "authc");//可使用通配符* shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); shiroFilterFactoryBean.setLoginUrl("/toLogin"); return shiroFilterFactoryBean; } //第二步：创建DefaultWebSecurityManager对象 @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } //第一步：创建Realm对象 @Bean public UserRealm userRealm(){ return new UserRealm(); } }

shiro使用方法

基本配置

1. 获取当前subject Subject subject = SecurityUtils.getSubject();
2. 建立令牌 UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
3. try catch判断登录是否成功 try { subject.login(usernamePasswordToken); //未异常，登陆成功 return "index"; } catch (UnknownAccountException e) { //用户名不存在 e.printStackTrace(); model.addAttribute("msg", "用户名不存在"); return "toLogin"; } catch (IncorrectCredentialsException e) { //密码错误 e.printStackTrace(); model.addAttribute("msg", "密码错误"); return "toLogin"; }
4. 在UserRealm类中进行认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("AuthenticationInfo=>执行"); String userName = "admin"; String password = "123456"; UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; if(!token.getUsername().equals(userName)) { return null; } //可将用户信息对象存入第一个参数内 return new SimpleAuthenticationInfo("",password, ""); }

角色授权

//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    //建立授权对象
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    //获取当前用户对象
    Subject subject = SecurityUtils.getSubject();
	//获取用户信息
    Blogger blogger = (Blogger) subject.getPrincipal();
    //判断是否为root用户
    //真实项目中通过判断数据库字段权限类型
    String user = blogger.getUserName().equals("root")?"user:add":"user:update";
    //添加权限
    simpleAuthorizationInfo.addStringPermission(user);
	
    return simpleAuthorizationInfo;
}

Shiro整合thymeleaf

1. 添加maven依赖 <dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency>
2. 添加命名空间 xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"
3. 在ShiroConfig中配置Bean @Bean(name = "shiroDialect") public ShiroDialect shiroDialect(){ return new ShiroDialect(); }