Springboot整合Shiro的代码实例

这篇文章主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

1、导入依赖

<!--shiro--><dependency>  <groupId>org.apache.shiro</groupId>  <artifactId>shiro-spring</artifactId>  <version>1.4.0</version></dependency>

2、创建ShiroRealm.java文件

（这里按照需求，只做登录认证这块）

package com.hyqfx.manager.shiro;import com.baomidou.mybatisplus.mapper.EntityWrapper;import com.hyqfx.manager.entity.po.SystemAdmin;import com.hyqfx.manager.service.ISystemAdminService;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;public class ShiroRealm extends AuthorizingRealm {  @Autowired  private ISystemAdminService adminService;  //授权  @Override  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {    /*    //获取登录用户名    String name= (String) principalCollection.getPrimaryPrincipal();    //查询用户名称    User user = loginService.findByName(name);    //添加角色和权限    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();    for (Role role:user.getRoles()) {      //添加角色      simpleAuthorizationInfo.addRole(role.getRoleName());      for (Permission permission:role.getPermissions()) {        //添加权限        simpleAuthorizationInfo.addStringPermission(permission.getPermission());      }    }    return simpleAuthorizationInfo;*/    return null;  }  //认证  @Override  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {    //加这一步的目的是在Post请求的时候会先进认证，然后在到请求    if (authenticationToken.getPrincipal() == null) {      return null;    }    //获取用户信息    String name = authenticationToken.getPrincipal().toString();     SystemAdmin admin = adminService.selectOne(new EntityWrapper<SystemAdmin>().eq("username",name));    if (admin == null) {      return null;    } else {      //这里验证authenticationToken和simpleAuthenticationInfo的信息      SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, admin.getPassword().toString(), getName());      return simpleAuthenticationInfo;    }  }}

3、创建ShiroConfiguration.java文件

package com.becl.config;import com.becl.shiro.PasswordMatcher;import com.becl.shiro.ShiroRealm;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import java.util.HashMap;import java.util.Map;@Configurationpublic class ShiroConfiguration {  //将自己的验证方式加入容器  @Bean  public ShiroRealm myShiroRealm() {    ShiroRealm myShiroRealm = new ShiroRealm();    myShiroRealm.setCredentialsMatcher(passwordMatcher());//装配自定义的密码验证方式    return myShiroRealm;  }  // 配置加密方式  // 配置了一下，这货就是验证不过，，改成手动验证算了，以后换加密方式也方便  @Bean  public PasswordMatcher passwordMatcher() {    return new PasswordMatcher();  }  //权限管理，配置主要是Realm的管理认证  @Bean  public SecurityManager securityManager() {    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();    securityManager.setRealm(myShiroRealm());    return securityManager;  }  //Filter工厂，设置对应的过滤条件和跳转条件  @Bean  public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();    shiroFilterFactoryBean.setSecurityManager(securityManager);    Map<String,String> map = new HashMap<String, String>();    //登出    map.put("/logout","logout");    //不需要认证    map.put("/logout","anon");    map.put("/login*","anon");    map.put("/shiroError","anon");    //对所有用户认证    map.put("/**","authc");    //map.put("/**","anon");    //登录    shiroFilterFactoryBean.setLoginUrl("/login");    //首页    shiroFilterFactoryBean.setSuccessUrl("/index");    //错误页面，认证不通过跳转    shiroFilterFactoryBean.setUnauthorizedUrl("/shiroError");    shiroFilterFactoryBean.setFilterChainDefinitionMap(map);    return shiroFilterFactoryBean;  }  //加入注解的使用，不加入这个注解不生效  @Bean  public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {    AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();    authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);    return authorizationAttributeSourceAdvisor;  }}