Shiro
原生整合Shiro
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
自定义核心组件Realm
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
if (!username.equals("zpf")) {
throw new UnknownAccountException("账户不存在!");
}
return new SimpleAuthenticationInfo(username, "123", getName());
}
}
在Realm中实现简单的认证操作,用户名是zpf,密码是123,满足条件就登陆成功。
配置Shiro
package com.example.demo.config;
import com.example.demo.MyRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
// 提供一个 Realm 的实例
@Bean
MyRealm myRealm(){
return new MyRealm();
}
// 在 SecurityManager 中配置 Realm
@Bean
SecurityManager securityManager(){
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(myRealm());
return manager;
}
// 在 ShiroFilterFactoryBean 中指定路径拦截规则等,配置登录和测试接口
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean(){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
bean.setLoginUrl("/login"); //指定登录页面
bean.setSuccessUrl("/index");//指定登录成功页面
bean.setUnauthorizedUrl("/unauthorizedurl");
Map<String , String> map = new LinkedHashMap<>();
map.put("/doLogin","anon");//配置路径拦截规则
map.put("/**","authc");
bean.setFilterChainDefinitionMap(map);
return bean;
}
}
controller层
package com.example.demo.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class LoginController {
@PostMapping("/doLogin")
public void doLogin(String username,String password){
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username,password));
System.out.println("成功");
}catch (AuthenticationException e){
e.printStackTrace();
System.out.println("失败");
}
}
@GetMapping("/hello")
public String hello(){
return "hello";
}
@GetMapping("/login")
public String login(){
return "please login!";
}
}
这个时候启动项目,我们如果直接访问/hello,因为没登陆的原因,会自动跳转到login接口提示登陆,现在调用doLogin传入username和password完成登陆,这时候再访问/hello就可以显示hello,成功访问到了。