SpringBoot整合Shiro
SpringBoot整合Shiro
拦截器介绍
https://www.jianshu.com/p/54b573c7b4db
https://blog.csdn.net/fenglixiong123/article/details/77119857
一、整合Shiro
1、pom.xml
shiro-spring
shiro-web
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.5.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.lc</groupId>
<artifactId>springboot-shiro</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springboot-shiro</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2、Realm配置
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String username = (String) authenticationToken.getPrincipal();
if ("lc".equals(username)) {
return new SimpleAuthenticationInfo(username, "123", getName());
}
return null;
}
}
3、shiro配置
@Configuration
public class ShrioConfig {
@Bean
Realm realm() {
TextConfigurationRealm realm =new TextConfigurationRealm();
// 设置用户和角色
realm.setUserDefinitions("lc=123,user \n admin=123,admin");
// 设置角色权限
realm.setRoleDefinitions("admin=read,write \n user=read");
return realm;
}
@Bean
ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition definition=new DefaultShiroFilterChainDefinition();
definition.addPathDefinition("/doLogin", "anon");
definition.addPathDefinition("/**", "authc");
return definition;
}
}
4、controller
@RestController
public class LoginController {
@GetMapping("/hello")
public String hello() {
return "hello shiro";
}
@GetMapping("/login")
public String login() {
return "please login!";
}
@PostMapping("/doLogin")
public void doLogin(String username,String password) {
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username, password));
System.out.println("登录成功!");
} catch (AuthenticationException e) {
System.out.println();
System.out.println("登录失败!"+e.getMessage());
}
}
}
二、spring-boot-starter 整合shrio
1、pom.xml
shiro-spring-boot-web-starter
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.5.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.lc</groupId>
<artifactId>springbootstarter-shiro</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springbootstarter-shiro</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2、yaml配置
shiro:
enabled: true
unauthorizedUrl: /unauthorizedUrl
web:
enabled: true
successUrl: /success
loginUrl: /login
# 就是每次请求是否支持把sessionid放在cookie中或者通过url携带sessionid
# sessionManager:
# 是否允许通过url实现会话跟踪
# sessionIdUrlRewritingEnabled: true
# 是否允许放在cookie中
# sessionIdCookieEnabled: true
3、shiro配置
@Configuration
public class ShrioConfig {
@Bean
Realm realm() {
TextConfigurationRealm realm =new TextConfigurationRealm();
// 设置用户和角色
realm.setUserDefinitions("lc=123,user \n admin=123,admin");
// 设置角色权限
realm.setRoleDefinitions("admin=read,write \n user=read");
return realm;
}
@Bean
ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition definition=new DefaultShiroFilterChainDefinition();
definition.addPathDefinition("/doLogin", "anon");
definition.addPathDefinition("/**", "authc");
return definition;
}
}
4、controller配置
@RestController
public class LoginController {
@GetMapping("/hello")
public String hello() {
return "hello shiro";
}
@GetMapping("/login")
public String login() {
return "please login!";
}
@PostMapping("/doLogin")
public void doLogin(String username,String password) {
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username, password));
System.out.println("登录成功!");
} catch (AuthenticationException e) {
System.out.println();
System.out.println("登录失败!"+e.getMessage());
}
}
}