一、搭建一个SpringBoot 项目。
二、导入shiro 相关坐标:
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version> </dependency>
三、与启动类同目录创建config 包:
实现抽象类AuthorizingRealm 中的方法:
package com.itmao.config; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; //from fhadmin.cn public class UserRealm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("执行了doGetAuthorizationInfo方法"); return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { return null; } }
编写配置类:
package com.itmao.config; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; //from fhadmin.cn @Configuration public class ShiroConfig { // ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); // 设置安全管理器 shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); // 设置shiro内置过滤器 Map<String,String> filterMap = new LinkedHashMap<>(); /* map 中value 的意义 * anon: 无需认证就可以访问资源; * authc:必须认证后才能访问资源; * user:必须拥有“记住我”功能才能访问资源; * perms:拥有对某个资源的权限才能访问资源; * role:拥有某个角色权限才能访问资源 * **/ filterMap.put("/user/*","authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); // 设置登录页面url shiroFilterFactoryBean.setLoginUrl("/toLogin"); return shiroFilterFactoryBean; } // DefaultWebSecurityManager @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getUserRealm") UserRealm userRealm){ DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(); // 关联UserRealm defaultWebSecurityManager.setRealm(userRealm); return defaultWebSecurityManager; } // 创建 realm 对象,需要自定义类 @Bean public UserRealm getUserRealm() { return new UserRealm(); } }
四、编写测试页面和页面跳转的Controller。
上面设置user 目录下所有资源的访问均需认证后才可访问,未认证访问时,会自动跳转到登录页面,即表示登录拦截成功。