SpringBoot 整合 Shiro框架 簡單配置
SpringBoot整合Shiro框架
pom.xml新增
<!-- shiro框架-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
配置ShiroConfig
package com.popeyeFund.start.tool;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* Shiro配置類
* 1.配置ShiroFilterFactory 2.配置SecurityManager
* @author zhengkai
*
*/
@Configuration
public class ShiroConfig {
/**
* 配置shiro過濾器
* @author zhengkai
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
//1.定義shiroFactoryBean
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
//2.設定securityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
//3.LinkedHashMap是有序的,進行順序攔截器配置
Map<String,String> filterChainMap = new LinkedHashMap<String,String>();
//4.配置logout過濾器
filterChainMap.put("/logout", "logout");
//5. authc必須通過認證才可以訪問 anon不需要認證就能直接訪問
filterChainMap.put("/fundInfo/info","anon");
filterChainMap.put("/front/user/find","authc");
filterChainMap.put("/front/user/addcard", "authc");
filterChainMap.put("/front/user/cardsave", "authc");
filterChainMap.put("/front/user/toSecurity", "authc");
filterChainMap.put("/front/user/toModifyPwd", "authc");
filterChainMap.put("/front/user/info", "authc");
filterChainMap.put("/fundInfo/yieldInfo", "authc");
//filterChainMap.put("/index","authc");
//6.設定預設登入的url
shiroFilterFactoryBean.setLoginUrl("/fundInfo/info");
//7.設定成功之後要跳轉的連結
//shiroFilterFactoryBean.setSuccessUrl("/fundInfo/info");
//8.設定未授權介面
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
//9.設定shiroFilterFactoryBean的FilterChainDefinitionMap
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainMap);
return shiroFilterFactoryBean;
}
/**
* 配置安全管理器
* @author zhengkai
*/
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//新增重寫的Realm。重點!!
@Bean
public MyRealm myShiroRealm() {
MyRealm myShiroRealm = new MyRealm();
// myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return myShiroRealm;
}
//配置加密方式和加密次數
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");//雜湊演算法:這裡使用MD5演算法;
hashedCredentialsMatcher.setHashIterations(1024);//雜湊的次數,比如雜湊兩次,相當於md5(md5(""));
return hashedCredentialsMatcher;
}
}
重寫Realm
package com.popeyeFund.start.tool;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import com.popeyeFund.start.bean.User;
import com.popeyeFund.start.service.UserService;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class MyRealm extends AuthorizingRealm {
/**
* 為當前subject授權
* @param principalCollection
* @return AuthorizationInfo
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 認證登陸subject身份
* @param authenticationToken
* @return AuthenticationInfo
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
Object principal = username;
Object credentials = upToken.getPassword();
String realmName = this.getName();
System.out.println("ShiroRealm----->" + principal);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, credentials, realmName);
return info;
}
}