导入依赖
Config
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
@Bean(name = "defaultWebSecurityManager")
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
//添加内置过滤器
/**
* anon 无需认证就可以访问
* authc 认证才能访问
* user 有 记住我 功能才能访问
* perms 有资源权限才能访问
* role 有角色权限才能访问
*/
Map<String, String> filterMap = new LinkedHashMap<>();
//设置访问权限
//认证权限
//filterMap.put("/user/*","authc");支持通配符
filterMap.put("/user/add","authc");
filterMap.put("/user/delete","authc");
//只有 user:add 权限才能访问 add 页面
filterMap.put("/user/add","perms[user:add]");
//设置登录请求
bean.setLoginUrl("/toLogin");
//未授权进入此提醒页面
bean.setUnauthorizedUrl("/unauthorized");
bean.setFilterChainDefinitionMap(filterMap);
return bean;
}
public class UserRealm extends AuthorizingRealm {
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权");
//设置当前用户权限
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermission("user:add");
/**
* 得到当前用户
* Subject subject = SecurityUtils.getSubject();
* 拿到 认证 方法中得到的 user 对象
* User user = (User)subject.getPrincipal();
* user 对象中有自己的 权限
* info.addStringPermission(user.getPerms())
*/
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行认证");
//用户名、密码,数据库中取得
//查询数据库返回 user 对象
String name = "root";
String pwd = "123123";
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
if (!token.getUsername().equals(name)){
return null;//抛异常 UnknownAccountException
}
//AuthenticationInfo 是接口,返回该接口的实现类
//shiro做密码认证
return new SimpleAuthenticationInfo("",pwd,"");
// return new SimpleAuthenticationInfo(user,pwd,"");
}
}
Controller
- 获取登录信息,通过 UsernamePasswordToken(username, password) 传递参数。
- subject.login() 进行登录认证。
备注