1.导入spring-shiro的依赖
<!--spring-shiro整合包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.0</version>
</dependency>
<!--德鲁伊连接池-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.17</version>
</dependency>
<!--mysql连接-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.6</version>
</dependency>
<!--lg4j日志-->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!--mybatis-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.0</version>
</dependency>
<!--lombok-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.20</version>
</dependency>
<!--shiro-thymleaf整合包-->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>2.编写shiroConfig类
@Configuration
public class ShiroConfig {
//Subject--------ShiroFilterFacyory
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("SecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//设置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
//添加shiro的内置过滤器
/*
anon:无需认证就可以访问
authc:必须认证了才能访问
user:必须拥有 记住我 功能才能用
perms:拥有对某个资源的权限才能访问
role:拥有某个角色才能访问
*/
Map<String,String> filterMap = new LinkedHashMap<>();
//拦截/add 与 /update 请求,权限设置:必须认证了才能访问
filterMap.put("/add","perms[user:add]");
filterMap.put("/update","perms[user:update]");
bean.setFilterChainDefinitionMap(filterMap);
//未认证发出/toLogin请求跳转到对应页面
bean.setLoginUrl("/toLogin");
//权限不足跳转,发出/noauth请求跳转到对应页面
bean.setUnauthorizedUrl("/noauth");
return bean;
}
//SecurityManager----------DefaultWebSecurityManager
@Bean(name = "SecurityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联realm对象
securityManager.setRealm(userRealm);
return securityManager;
}
//创建realm对象,需要自定义类------真实对象
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
//实现前端页面模块按照权限来显示
@Bean
public ShiroDialect getShiroDialect(){
return new ShiroDialect();
}
}3.创建真实对象
//定义的UserRealm
public class UserRealm extends AuthorizingRealm {
@Autowired
UserService userService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
//从Principal中拿出user
User currentUser = (User) subject.getPrincipal();
//通过User取出perms字段赋值给info
info.addStringPermission(currentUser.getPerms());
System.out.println("执行了=======授权doGetAuthorizationInfo");
//return info
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行了=======授权doGetAuthenticationInfo");
UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
//连接真实的数据库
User user = userService.queryUserByName(userToken.getUsername());
if (user==null){
return null;
}
//把当前登录的用户信息放到session
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
session.setAttribute("loginUser",user);
//密码认证,shiro框架做 将user放入principal
return new SimpleAuthenticationInfo(user,user.getPasswd(),"");
}
}
