程序博客网 > 马小丝的淘宝店

SpringBoot整合shiro框架

来源:互联网 发布:马小丝的淘宝店 编辑:程序博客网 时间:2024/06/05 00:46

1.导入pom依赖

<!-- shiro --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.4.0</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.4.0</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.4.0</version></dependency>


2.编写shiro配置类:
package com.springboot.shiro;import java.util.LinkedHashMap;  import java.util.Map;    import org.apache.shiro.cache.ehcache.EhCacheManager;  import org.apache.shiro.spring.LifecycleBeanPostProcessor;  import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;  import org.apache.shiro.spring.web.ShiroFilterFactoryBean;  import org.apache.shiro.web.mgt.DefaultWebSecurityManager;  import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;  import org.springframework.context.annotation.Bean;  import org.springframework.context.annotation.Configuration;      @Configuration  public class ShiroConfiguration {        private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();        @Bean(name = "AuthRealm")      public AuthRealm getShiroRealm() {          return new AuthRealm();      }        @Bean(name = "shiroEhcacheManager")      public EhCacheManager getEhCacheManager() {          EhCacheManager em = new EhCacheManager();          em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");          return em;      }        @Bean(name = "lifecycleBeanPostProcessor")      public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {          return new LifecycleBeanPostProcessor();      }        @Bean      public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {          DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();          daap.setProxyTargetClass(true);          return daap;      }        @Bean(name = "securityManager")      public DefaultWebSecurityManager getDefaultWebSecurityManager() {          DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();          dwsm.setRealm(getShiroRealm());        dwsm.setCacheManager(getEhCacheManager());          return dwsm;      }        @Bean      public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() {          AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();          aasa.setSecurityManager(getDefaultWebSecurityManager());          return new AuthorizationAttributeSourceAdvisor();      }        @Bean(name = "shiroFilter")      public ShiroFilterFactoryBean getShiroFilterFactoryBean() {          ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();          shiroFilterFactoryBean                  .setSecurityManager(getDefaultWebSecurityManager());          shiroFilterFactoryBean.setLoginUrl("/tologin");          filterChainDefinitionMap.put("/staticfile/**", "anon");          filterChainDefinitionMap.put("/tologin", "anon");          filterChainDefinitionMap.put("/login", "anon");          filterChainDefinitionMap.put("/**", "authc");          shiroFilterFactoryBean                  .setFilterChainDefinitionMap(filterChainDefinitionMap);          return shiroFilterFactoryBean;      }    }  

3.编写重写的CredentialsMatcher类(如果数据库密码没有加密可以选择不重写,使用默认的CredentialsMatcher)
package com.springboot.shiro;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;import org.apache.shiro.crypto.hash.Md5Hash;import org.springframework.stereotype.Component;@Componentpublic class AuthCredential extends  SimpleCredentialsMatcher{@Overridepublic boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {//需要将token密码进行个加密处理UsernamePasswordToken loginToken = (UsernamePasswordToken)token;String password = String.valueOf(loginToken.getPassword());String hashPassword = password.hashCode()+"";//将密码存入令牌中loginToken.setPassword(hashPassword.toCharArray());//将用户输入的内容和真实数据做匹配return super.doCredentialsMatch(loginToken, info);}}

4.编写realm类
package com.springboot.shiro;import java.util.List;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.CredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.springboot.chen.service.UserpService;import com.springboot.people.pojo.Userp;public class AuthRealm extends AuthorizingRealm{@Autowiredprivate CredentialsMatcher cm;@Autowiredprivate UserpService UserpService;//注入自己重写的CredentialsMatcherpublic void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {super.setCredentialsMatcher(cm);}//权限管理@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {//获取用户真实对象Userp user = (Userp)SecurityUtils.getSubject().getPrincipal();List<String> list = UserpService.findPrivilegeList(user.getUserId());System.err.println("用户权限:"+list);//为权限控制提供真实数据SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();info.addStringPermissions(list);return info;}//登录认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//需要为shiro安全中提供真实的用户数据,需要根据用户名擦和讯user对象UsernamePasswordToken upToken = (UsernamePasswordToken)token;String username = upToken.getUsername();//用户名必须唯一Userp userp = UserpService.findUserByUserName(username); /* * 1.principal表示用户真实的对象 * 2.credentials真实的密码 * 3.realmNamerealm的名称 */AuthenticationInfo info = new SimpleAuthenticationInfo(userp, userp.getPassword(),this.getName());return info;}}

5.配置web.xm
<filter-mapping><filter-name>encodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>    <filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><init-param><!-- spring将过滤器的声明周期交给web容器管理 --><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>


 
 
  
  
阅读全文
                                             
        0        0           
	
				
		









 马小丝的淘宝店
    		马小丝的淘宝店



原创粉丝点击



		

热门IT博客


中等收入陷阱 书籍知乎中等收入陷阱 书籍知乎




风冷 直冷 知乎风冷 直冷 知乎




阿里云网站备案拍照




淘宝助理软下载安装




制造业上市公司数据




黑米软件作者 判刑




淘宝网折叠床




发改委大数据专项2016




芜湖淘宝客服招聘




java并发编程好的书籍




mac笔记本配置交换机




创建usb虚拟打印机端口




手机 端口号怎么查看




什么听歌识曲软件好




linux查看crontab任务




知行小学在大连排名




生石花淘宝推荐




五大流氓卖军火知乎




淘宝客阿里云建站教程




js什么是递归算法



		

热门问题
    老师的惩罚
    人脸识别
    我在镇武司摸鱼那些年
    重生之率土为王
    我在大康的咸鱼生活
    盘龙之生命进化
    天生仙种
    凡人之先天五行
    春回大明朝
    姑娘不必设防,我是瞎子
    网球大师赛
    网球英语
    网球拍
    丘的网球
    网球英文
    网球排名
    打网球
    网球少年
    网球拍牌子
    体育网球
    新网球
    网球频道
    网球教学
    网球图片
    网球吧网
    网球的英文
    网球的英语
    网球培训班
    atp网球
    泰摩网球
    网球发球
    儿童网球
    网球教程
    网球怎么打
    网球时
    网球网
    单人网球
    武汉网球公开赛对阵表
    网球运动员大坂直美个人简历
    武汉网球公开赛
    上海网球大师赛
    武汉网球公开赛赛程
    上海大师赛网球
    网球比赛规则
    梅德韦杰夫网球
    网球双飞物语
    网球计分规则
    网球之上帝的右手
    武汉网球公开赛2019赛程表
    上海网球大师赛赛程
    网球规则与打法


	










程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里