SpringBoot整合shiro框架
来源:互联网 发布:马小丝的淘宝店 编辑:程序博客网 时间:2024/06/05 00:46
1.导入pom依赖
<!-- shiro --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.4.0</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.4.0</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.4.0</version></dependency>
2.编写shiro配置类:
package com.springboot.shiro;import java.util.LinkedHashMap; import java.util.Map; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ShiroConfiguration { private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); @Bean(name = "AuthRealm") public AuthRealm getShiroRealm() { return new AuthRealm(); } @Bean(name = "shiroEhcacheManager") public EhCacheManager getEhCacheManager() { EhCacheManager em = new EhCacheManager(); em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml"); return em; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator(); daap.setProxyTargetClass(true); return daap; } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager() { DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager(); dwsm.setRealm(getShiroRealm()); dwsm.setCacheManager(getEhCacheManager()); return dwsm; } @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(getDefaultWebSecurityManager()); return new AuthorizationAttributeSourceAdvisor(); } @Bean(name = "shiroFilter") public ShiroFilterFactoryBean getShiroFilterFactoryBean() { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean .setSecurityManager(getDefaultWebSecurityManager()); shiroFilterFactoryBean.setLoginUrl("/tologin"); filterChainDefinitionMap.put("/staticfile/**", "anon"); filterChainDefinitionMap.put("/tologin", "anon"); filterChainDefinitionMap.put("/login", "anon"); filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean .setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } }
3.编写重写的CredentialsMatcher类(如果数据库密码没有加密可以选择不重写,使用默认的CredentialsMatcher)
package com.springboot.shiro;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;import org.apache.shiro.crypto.hash.Md5Hash;import org.springframework.stereotype.Component;@Componentpublic class AuthCredential extends SimpleCredentialsMatcher{@Overridepublic boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {//需要将token密码进行个加密处理UsernamePasswordToken loginToken = (UsernamePasswordToken)token;String password = String.valueOf(loginToken.getPassword());String hashPassword = password.hashCode()+"";//将密码存入令牌中loginToken.setPassword(hashPassword.toCharArray());//将用户输入的内容和真实数据做匹配return super.doCredentialsMatch(loginToken, info);}}
4.编写realm类
package com.springboot.shiro;import java.util.List;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.CredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.springboot.chen.service.UserpService;import com.springboot.people.pojo.Userp;public class AuthRealm extends AuthorizingRealm{@Autowiredprivate CredentialsMatcher cm;@Autowiredprivate UserpService UserpService;//注入自己重写的CredentialsMatcherpublic void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {super.setCredentialsMatcher(cm);}//权限管理@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {//获取用户真实对象Userp user = (Userp)SecurityUtils.getSubject().getPrincipal();List<String> list = UserpService.findPrivilegeList(user.getUserId());System.err.println("用户权限:"+list);//为权限控制提供真实数据SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();info.addStringPermissions(list);return info;}//登录认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//需要为shiro安全中提供真实的用户数据,需要根据用户名擦和讯user对象UsernamePasswordToken upToken = (UsernamePasswordToken)token;String username = upToken.getUsername();//用户名必须唯一Userp userp = UserpService.findUserByUserName(username); /* * 1.principal表示用户真实的对象 * 2.credentials真实的密码 * 3.realmNamerealm的名称 */AuthenticationInfo info = new SimpleAuthenticationInfo(userp, userp.getPassword(),this.getName());return info;}}
5.配置web.xm<filter-mapping><filter-name>encodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping> <filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><init-param><!-- spring将过滤器的声明周期交给web容器管理 --><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
阅读全文
0 0
- SpringBoot整合shiro框架
- springboot shiro 整合
- springboot shiro 整合
- springboot整合shiro
- SpringBoot整合Shiro
- springboot 整合shiro
- springboot+mybatis+shiro框架
- 整合Shiro框架
- 快速搭建springboot框架以及整合ssm+shiro+安装Rabbitmq和Erlang、Mysql下载与配置
- springboot+security框架整合
- Springboot + shiro 整合之Url拦截设置
- Shiro 与 Spring框架整合
- 与spring整合shiro框架
- SpringMVC整合Shiro权限框架
- SpringMVC整合Shiro权限框架
- SpringMVC整合Shiro权限框架
- SpringMVC整合Shiro权限框架
- SpringMVC整合Shiro权限框架
- 2017 ACM-ICPC 亚洲区(西安赛区)网络赛 G Xor lca+暴力
- C/C++之回调函数
- j2EE 部分
- 7.动态sql
- 数据库专题讲解/持续更新中
- SpringBoot整合shiro框架
- Standard 1.1.x VM与Standard VM的区别
- mysql xtrabackup备份恢复单表
- Java设计模式之策略模式
- 读java编程建议--笔记三
- 11_Workoutlogger ---ReactJS and Flux: Learn By Building 10 Projects
- 练习5
- eclipse报错"错误: 找不到或无法加载主类 jdk1.7"解决方案
- c语言中的指针