spring boot中使用shiro許可權管理框架
阿新 • • 發佈:2019-06-06
使用idea建立spring boot工程
勾選web裡的web依賴 , 因為spring boot裡有spring security這個功能更強大的許可權管理框架
所有沒有包含shiro的依賴
我們在pom.xml裡自己匯入依賴
具體依賴如下:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.5.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.liy</groupId> <artifactId>shiro</artifactId> <version>0.0.1-SNAPSHOT</version> <name>shiro</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
然後我們寫個自定義realm類 , 去驗證一下就行了 ,我們這要測試shiro使用成功就行了 ,就進行下驗證就行了
MyRealm
package com.liy.realm; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class MyRealm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String principal = (String) token.getPrincipal(); if (!"liy".equals(principal)){ throw new UnknownAccountException("賬號不存在"); } return new SimpleAuthenticationInfo(principal,"123",getName()); } }
原先在ssm框架裡整合shiro是在spring配置檔案中去配置 ,而現在我們在spring boot中就寫個shiro的配置類 ,
把原先要在spring容器裡配置的shiro所需要的bean ,在shiro配置類配置即可
ShiroConfig
package com.liy; import com.liy.realm.MyRealm; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { @Bean MyRealm myRealm(){ return new MyRealm(); } @Bean SecurityManager securityManager(){ DefaultWebSecurityManager manager = new DefaultWebSecurityManager(); manager.setRealm(myRealm()); return manager; } @Bean ShiroFilterFactoryBean shiroFilterFactoryBean(){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); bean.setSecurityManager(securityManager()); bean.setLoginUrl("/login"); bean.setSuccessUrl("/index"); bean.setUnauthorizedUrl("/unauthorized"); Map<String, String> map = new LinkedHashMap<>(); map.put("/doLogin","anon"); map.put("/**","authc"); bean.setFilterChainDefinitionMap(map); return bean; } }
然後寫個controller類定義幾個基本的請求介面
package com.liy.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping("/hello")
public String hello(){
return "hello";
}
@PostMapping("/doLogin")
public void doLogin(String name ,String password){
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(name,password));
System.out.println("登陸成功");
}catch (AuthenticationException e){
System.out.println("登陸失敗");
}
}
@GetMapping("/login")
public String login(){
return "please login";
}
}
然後你可以測試先不登入 ,直接請求去訪問 /hello ,看看會不會被跳到 /login裡, 看到/login返回的"please login" 讓你去登陸
然後去訪問 /doLogin 去輸入name = liy , password=123 ,登陸後,看看後臺控制檯是否列印登陸成功
記得這裡是post請求
使用postman這個瀏覽器外掛 ,可以傳送