springboot整合shiro

项目启动后输入：http://localhost/ 
该项目中, 增加了对url的拦截URLPermissionsFilter， 
用admin/123456,拥有index权限reports未任何权限, lance/123456尚未分配任何权限. 

1.Pom依赖 

Xml代码  

1. <shiro.version>1.2.5</shiro.version>  
2. <dependency>  
3.     <groupId>org.apache.shiro</groupId>  
4.     <artifactId>shiro-core</artifactId>  
5.     <version>${shiro.version}</version>  
6. </dependency>  
7. <dependency>  
8.     <groupId>org.apache.shiro</groupId>  
9.     <artifactId>shiro-web</artifactId>  
10.     <version>${shiro.version}</version>  
11. </dependency>  
12. <dependency>  
13.     <groupId>org.apache.shiro</groupId>  
14.     <artifactId>shiro-ehcache</artifactId>  
15.     <version>${shiro.version}</version>  
16. </dependency>  
17. <dependency>  
18.     <groupId>org.apache.shiro</groupId>  
19.     <artifactId>shiro-spring</artifactId>  
20.     <version>${shiro.version}</version>  
21. </dependency>  
22. <parent>  
23.     <groupId>org.springframework.boot</groupId>  
24.     <artifactId>spring-boot-starter-parent</artifactId>  
25.     <version>1.3.5.RELEASE</version>  
26. </parent>  

2.Shiro配置 

Java代码  

1. @Configuration  
2. public class ShiroConfig {  
3.   
4.     /** 
5.      * FilterRegistrationBean 
6.      * @return 
7.      */  
8.     @Bean  
9.     public FilterRegistrationBean filterRegistrationBean() {  
10.         FilterRegistrationBean filterRegistration = new FilterRegistrationBean();  
11.         filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));   
12.         filterRegistration.setEnabled(true);  
13.         filterRegistration.addUrlPatterns("/*");   
14.         filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);  
15.         return filterRegistration;  
16.     }  
17.   
18.     /**  
19.      * @see org.apache.shiro.spring.web.ShiroFilterFactoryBean  
20.      * @return  
21.      */  
22.     @Bean(name = "shiroFilter")  
23.     public ShiroFilterFactoryBean shiroFilter(){  
24.         ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();  
25.         bean.setSecurityManager(securityManager());  
26.         bean.setLoginUrl("/login");  
27.         bean.setUnauthorizedUrl("/unauthor");  
28.   
29.         Map<String, Filter>filters = Maps.newHashMap();  
30.         filters.put("perms", urlPermissionsFilter());  
31.         filters.put("anon", new AnonymousFilter());  
32.         bean.setFilters(filters);  
33.   
34.         Map<String, String> chains = Maps.newHashMap();  
35.         chains.put("/login", "anon");  
36.         chains.put("/unauthor", "anon");  
37.         chains.put("/logout", "logout");  
38.         chains.put("/base/**", "anon");  
39.         chains.put("/css/**", "anon");  
40.         chains.put("/layer/**", "anon");  
41.         chains.put("/**", "authc,perms");  
42.         bean.setFilterChainDefinitionMap(chains);  
43.         return bean;  
44.     }  
45.   
46.     /**  
47.      * @see org.apache.shiro.mgt.SecurityManager  
48.      * @return  
49.      */  
50.     @Bean(name="securityManager")  
51.     public DefaultWebSecurityManager securityManager() {  
52.         DefaultWebSecurityManager manager = new DefaultWebSecurityManager();  
53.         manager.setRealm(userRealm());  
54.         manager.setCacheManager(cacheManager());  
55.         manager.setSessionManager(defaultWebSessionManager());  
56.         return manager;  
57.     }  
58.   
59.     /** 
60.      * @see DefaultWebSessionManager 
61.      * @return 
62.      */  
63.     @Bean(name="sessionManager")  
64.     public DefaultWebSessionManager defaultWebSessionManager() {  
65.         DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();  
66.         sessionManager.setCacheManager(cacheManager());  
67.         sessionManager.setGlobalSessionTimeout(1800000);  
68.         sessionManager.setDeleteInvalidSessions(true);  
69.         sessionManager.setSessionValidationSchedulerEnabled(true);  
70.         sessionManager.setDeleteInvalidSessions(true);  
71.         return sessionManager;  
72.     }  
73.   
74.     /** 
75.      * @see UserRealm--->AuthorizingRealm 
76.      * @return 
77.      */  
78.     @Bean  
79.     @DependsOn(value="lifecycleBeanPostProcessor")  
80.     public UserRealm userRealm() {  
81.         UserRealm userRealm = new UserRealm();  
82.         userRealm.setCacheManager(cacheManager());  
83.         return userRealm;  
84.     }  
85.   
86.     @Bean  
87.     public URLPermissionsFilter urlPermissionsFilter() {  
88.         return new URLPermissionsFilter();  
89.     }  
90.   
91.     @Bean  
92.     public EhCacheManager cacheManager() {  
93.         EhCacheManager cacheManager = new EhCacheManager();  
94.         cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");  
95.         return cacheManager;  
96.     }  
97.   
98.     @Bean  
99.     public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {  
100.         return new LifecycleBeanPostProcessor();  
101.     }  
102. }  

3.完整项目参考 
https://github.com/leelance/spring-boot-all/tree/master/spring-boot-shiro