SpringBoot整合Shiro

项目源码：http://download.csdn.net/download/a295277302/9943725

添加Shiro依赖文件

<dependency>  <groupId>org.apache.shiro</groupId>  <artifactId>shiro-spring</artifactId>  <version>1.4.0</version></dependency>

添加ShiroConfiguration

@Configurationpublic class ShiroConfiguration {    @Bean(name = "sessionManager")    public SessionManager sessionManager(){        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();        //设置session过期时间为1小时(单位：毫秒)，默认为30分钟        sessionManager.setGlobalSessionTimeout(60 * 60 * 1000);        sessionManager.setSessionValidationSchedulerEnabled(true);        return sessionManager;    }    @Bean(name = "securityManager")    public SecurityManager securityManager(ShiroRealm shiroRealm, SessionManager sessionManager) {        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();        securityManager.setRealm(shiroRealm);        securityManager.setSessionManager(sessionManager);        return securityManager;    }    @Bean    public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();        shiroFilter.setSecurityManager(securityManager);        shiroFilter.setLoginUrl("/auth.html");        shiroFilter.setUnauthorizedUrl("/403.html");        Map<String, String> filterMap = new LinkedHashMap<>();        //开放swagger资源 start        filterMap.put("/v2/api-docs", "anon");        filterMap.put("/webjars/**", "anon");        filterMap.put("/swagger-resources/**", "anon");        filterMap.put("/swagger-ui.html", "anon");        //开放swagger资源 end        filterMap.put("/api/**", "anon");        filterMap.put("/assets/**", "anon");        filterMap.put("/fonts/**", "anon");        filterMap.put("/maps/**", "anon");        filterMap.put("/api/_devops_/init", "anon");        filterMap.put("/configuration/ui", "anon");        filterMap.put("/configuration/security", "anon");        filterMap.put("/scripts/**", "anon");        filterMap.put("/styles/**", "anon");        filterMap.put("/auth.html", "anon");        filterMap.put("/index.html", "anon");        filterMap.put("/**", "authc");        shiroFilter.setFilterChainDefinitionMap(filterMap);        return shiroFilter;    }    @Bean(name = "lifecycleBeanPostProcessor")    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {        return new LifecycleBeanPostProcessor();    }    @Bean    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {        DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();        proxyCreator.setProxyTargetClass(true);        return proxyCreator;    }    @Bean    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();        advisor.setSecurityManager(securityManager);        return advisor;    }}

添加自己的Realm

ShiroRealm
@Componentpublic class ShiroRealm extends AuthorizingRealm {    @Autowired    private UserService userService;    @Autowired    private MenuService menuService;    /**     * @Author : oukingtim     * @Description : 授权(验证权限时调用)     */    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {        User user = (User)principalCollection.getPrimaryPrincipal();        String userId = user.getId();        //用户权限列表        Set<String> permsSet = menuService.getPermissions(userId);        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();        info.setStringPermissions(permsSet);        return info;    }    /**     * @Author : oukingtim     * @Description : 认证(登录时调用)     */    @Override    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {        String username = (String) authenticationToken.getPrincipal();        String password = new String((char[]) authenticationToken.getCredentials());        //查询用户信息        User user = userService.findByUserName(username);////        //账号不存在        if(user == null) {            throw new UnknownAccountException("用户名不正确");        }////        //密码错误        if(!password.equals(user.getPassword())) {            throw new IncorrectCredentialsException("密码不正确");        }////        //账号禁用        if("0".equals(user.getStatus())){            throw new LockedAccountException("用户已被禁用,请联系管理员");        }        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());        return info;    }}
测试LoginController
@RestController@RequestMapping("/api")@Api(value = "api",description = "用户登陆Controller")public class LoginController {    @Autowired    private UserService userService;    @Autowired    private MenuService menuService;    @RequestMapping(value = "/login",method = RequestMethod.POST)    @ApiOperation(value = "用户登录",notes = "根据用户名密码判断用户")    @ApiImplicitParam(value = "Map",required = true,dataType = "Map")    public ResultResponse login(@RequestBody Map<String, String> map) {        UsernamePasswordToken token = null;        try {            String password = map.get("password");            String username = map.get("username");            Subject subject = ShiroUtils.getSubject();            //sha256加密            password = new Sha256Hash(password).toHex();            token = new UsernamePasswordToken(username, password);            subject.login(token);        } catch (UnknownAccountException e) {            return ResultResponse.error(e.getMessage());        } catch (IncorrectCredentialsException e) {            return ResultResponse.error(e.getMessage());        } catch (LockedAccountException e) {            return ResultResponse.error(e.getMessage());        }        return ResultResponse.ok();    }    @RequestMapping(value = "/logout",method = RequestMethod.GET)    @ApiOperation(value = "用户退出",notes = "用户退出")    public ResultResponse logout() {        ShiroUtils.logout();        return ResultResponse.ok();    }    //test    @RequestMapping(value = "/getCurrentUser",method = RequestMethod.GET)    @ApiOperation(value = "当前用户",notes = "当前用户")    public User getCurrentUser() {        User user = ShiroUtils.getUser();        if(user == null){            user = new User();            user.setId("asdasdsa");        }        return user;    }}