---spring boot2.0 整合 shiro1.4 手记----------------
1.---pom.xml添加依赖----------------------------------
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
2.---建立ShiroConfig类--------------------------------
2.1.建立shiroFilter Bean--->设置securityManager并且把请求规则加入Filter过滤链中
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager);
Map<String,String> filterMap=new LinkedHashMap<>();
filterMap.put("/news","perms[news]");
filterMap.put("/admin","roles[admin]");
filterMap.put("/index","anon");
filterMap.put("/**","authc");
bean.setFilterChainDefinitionMap(filterMap);
bean.setLoginUrl("/login");
bean.setSuccessUrl("/news");
bean.setUnauthorizedUrl("/unauth");
return bean;
}
2.2.//给SecurityManager设置需要管理的Realm,可以有多个Realm
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(new MyRealm());
return securityManager;
}
3.---实现自定义Realm重写登录验证方法和授权访问方法--------------------------------------------
public class MyRealm extends AuthorizingRealm {
@Override //登录认证处理方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;
UserDao userDao=new UserDao();
SysUser user=new SysUser();
if(!token.getUsername().equals("")){
user =(SysUser) userDao.findByName(token.getUsername());
}
if(!user.getUsername().equals(token.getUsername())){
return null;
}
else {
SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(
user.getUsername(), //这个参数是给login回传的信息。不是类对象什么的。
user.getPassword(),
getName());
return simpleAuthenticationInfo;
}
}
@Override //权限验证处理方法
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 这个值是认证方法中的SimpleAuthenticationInfo对象的第一个参数的值即user.getUsername()
String username=(String) principalCollection.getPrimaryPrincipal();
System.out.print(username+">>>执行了授权方法\n");
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("admin"); //可以根据username查询数据库改用户所有角色,可以根据username查询数据库改用户所有资源权限
simpleAuthorizationInfo.addStringPermission("news");
return simpleAuthorizationInfo;
}
}
4.---controller中实现------------------------------------------------------------
@RequestMapping(value = "/login",method = RequestMethod.POST)
@ResponseBody
public String login(@RequestBody SysUser sysUser){
String name=sysUser.getUsername();
String pwd=sysUser.getPassword();
//包装用户名和密码以备后边其他类使用
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(name,pwd);
Subject subject = SecurityUtils.getSubject();
//shiro通过try catch 捕获异常判断login过程中的各种状况。
try {
subject.login(usernamePasswordToken);
return "news2";
}
catch (UnknownAccountException e){
return "账户不正确";
}
catch (IncorrectCredentialsException e){
return "密码不正确";
}
catch (Exception e){
System.out.print(e.toString()+"\n");
return e.toString();
}
}