目录
shiroConfig
package com.qh.yyxt.config;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* 用来整合shiro框架相关的配置类
*/
@Configuration
public class ShiroConfig {
@Bean
public DefaultWebSessionManager mySessionManager(){
DefaultWebSessionManager defaultSessionManager = new DefaultWebSessionManager();
//将sessionIdUrlRewritingEnabled属性设置成false
defaultSessionManager.setSessionIdUrlRewritingEnabled(false);
return defaultSessionManager;
}
//1.创建shiroFilter,负责拦截所有请求
@Bean
public ShiroFilterFactoryBean getShiroFilerFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//给filter设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//配置系统受限资源、配置系统公共资源
Map<String,String> map = new LinkedHashMap<>();
/**
*可以实现与权限有关的拦截器
* anon:无需认证可以访问
* authc:必须认证才能访问
* user:若使用rememberMe功能可以直接访问
* perms:资源必须得到资源权限才能访问
* role:该资源必须得到角色权限才能访问
*/
//http://localhost:8080/user/register?username=2&pwd=2
map.put("/static/**","anon");
map.put("/user/login","anon");
map.put("/user/register","anon");
map.put("/user/**","authc");
map.put("/user/logout","authc");
map.put("/admin/*","roles[1]");
map.put("/admin2/*","roles[2]");
map.put("/index","authc");
// 默认认证界面路径
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
//2.创建安全管理器
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//给安全管理器设置realm
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//3.创建自定义realm
@Bean("realm")
public Realm getRealm(){
UserRealm userRealm = new UserRealm();
//修改凭证校验匹配器
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("MD5");
credentialsMatcher.setHashIterations(1024);
userRealm.setCredentialsMatcher(credentialsMatcher);
//开器缓存管理
userRealm.setCacheManager(new EhCacheManager());
//开启全局缓存
userRealm.setCachingEnabled(true);
//开启认证缓存
userRealm.setAuthenticationCachingEnabled(true);
userRealm.setAuthenticationCacheName("AuthenticationCache");
//开启授权缓存
userRealm.setAuthorizationCachingEnabled(true);
userRealm.setAuthorizationCacheName("AuthorizationCache");
return userRealm;
}
@Bean
public ShiroDialect getShiroDialect(){
return new ShiroDialect();
}
}
anon设置要在authc前面 而且map是linkedHashmap!!!!!