1.首先引入shiro和springboot整合的依赖：

2.书写shiro配置类

package com.springbootshiro.shiro1.config;

import com.springbootshiro.shiro1.realm.MyRealm;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.DelegatingFilterProxy;
import sun.security.provider.MD5;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    //1.spring容器创建SecurityManager对象
    @Bean
    public DefaultWebSecurityManager securityManager(Realm realm){
        //创建一个SecurityManager对象
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
        securityManager.setRealm(realm);//自定义realm对象
        return securityManager;
    }

    //自定义realm
    @Bean
    public Realm realm(CredentialsMatcher credentialsMatcher){
        MyRealm myRealm=new MyRealm();
        myRealm.setCredentialsMatcher(credentialsMatcher);//设置密码匹配器
        return myRealm;
    }

    //创建一个密码匹配器
    @Bean
    public CredentialsMatcher credentialsMatcher(){
        HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher();
        credentialsMatcher.setHashAlgorithmName("MD5");//指定加密方式  MD5
        credentialsMatcher.setHashIterations(1024);//加密的次数 1024
        return credentialsMatcher;
    }

    //shiro的过滤器工厂
    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/login");
        shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");

        Map<String,String> map=new HashMap<>();
        map.put("/login","anon");
        map.put("/**","authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;

    }

    //注入过滤器组件
    @Bean
    public FilterRegistrationBean<Filter> filter(){
        FilterRegistrationBean registrationBean=new FilterRegistrationBean();
        registrationBean.setName("shiroFilter");
        registrationBean.addUrlPatterns("/*");
        registrationBean.setFilter(new DelegatingFilterProxy());
        return registrationBean;
    }
}

3.书写自定义Realm

package com.springbootshiro.shiro1.realm;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.springbootshiro.shiro1.entry.Account;
import com.springbootshiro.shiro1.mapper.UserMapper;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

public class MyRealm extends AuthorizingRealm {
    @Autowired
    private UserMapper userMapper;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username=authenticationToken.getPrincipal().toString();

        QueryWrapper<Account> wrapper=new QueryWrapper<>();
        wrapper.eq("username",username);
        Account account = userMapper.selectOne(wrapper);

        if (account!=null){
            ByteSource byteSource=ByteSource.Util.bytes(account.getSalt());
            SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,account.getPassword(),byteSource,this.getName());
            return info;
        }
        return null;
    }
}

4.登录控制层
package com.springbootshiro.shiro1.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;


@RestController
@CrossOrigin
public class LoginController {
    @PostMapping("login")
    public String login(String username,String password){
        Subject subject= SecurityUtils.getSubject();
        UsernamePasswordToken token=new UsernamePasswordToken(username,password);
        try{
            subject.login(token);
            return "登陆成功";
        }catch (Exception e){
            return "登录失败";
        }
    }

    @GetMapping("toLogin")
    public String toLogin(){
        return "请先登录";
    }

    public static void main(String[] args) {
        Md5Hash md5Hash=new Md5Hash("123456","yjq",1024);
        System.out.println(md5Hash);
    }
}

简单测试了springboot-shiro的登录，结果如下：