基本配置
需要配置3个bean
- ShiroFilterFactoryBean
- SecurityManager
- Realm
ShiroFilterFactoryBean
概述:这个bean主要配置Shiro的Filter,将SecurityManager配置以及拦截规则配置
SecurityManager
概述:这个bean主要配置安全管理器
Realm
概述:配置一个Realm
案例:
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
factoryBean.setLoginUrl("/"); // 用户未登录时访问的URL
factoryBean.setUnauthorizedUrl("/unauthorizedUrl"); // 权限不够时跳转的URL
Map<String ,String> filter = new HashMap<>(); // 设置一个map,来设置shiro控制器
filter.put("/","anon"); // 无需登录即可访问的URL
filter.put("/admin/**","authc"); // 需要登录才能访问的URL
factoryBean.setFilterChainDefinitionMap(filter);
return factoryBean;
}
@Bean
public SecurityManager getSecurityManager(Realm realm){
// 创建安全管理器
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(realm);
return manager;
}
@Bean
public CustomRealm customRealm() {
/ /这是一个自定义Realm
CustomRealm customRealm = new CustomRealm();
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashIterations(1);
matcher.setHashAlgorithmName("md5");
customRealm.setCredentialsMatcher(matcher);
return customRealm;
}
使用注解方式的过滤器
概述:当我们使用注解方式配置过滤器时,需要添加如下两个bean
- DefaultAdvisorAutoProxyCreator
- AuthorizationAttributeSourceAdvisor
案例:
@Bean
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
return defaultAdvisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
