一、搭建一个SpringBoot 项目。
二、导入shiro 相关坐标:
-
<dependency>
-
<groupId>org.apache.shiro</groupId>
-
<artifactId>shiro-spring</artifactId>
-
<version>1.7.1</version>
-
</dependency>
三、与启动类同目录创建config 包:
实现抽象类AuthorizingRealm 中的方法:
-
package com.itmao.config;
-
-
import org.apache.shiro.authc.AuthenticationException;
-
import org.apache.shiro.authc.AuthenticationInfo;
-
import org.apache.shiro.authc.AuthenticationToken;
-
import org.apache.shiro.authz.AuthorizationInfo;
-
import org.apache.shiro.realm.AuthorizingRealm;
-
import org.apache.shiro.subject.PrincipalCollection;
-
-
//from fhadmin.cn
-
public class UserRealm extends AuthorizingRealm {
-
@Override
-
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-
System.out.println("执行了doGetAuthorizationInfo方法");
-
return null;
-
}
-
-
@Override
-
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
-
return null;
-
}
-
}
编写配置类:
-
package com.itmao.config;
-
-
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-
import org.springframework.beans.factory.annotation.Qualifier;
-
import org.springframework.context.annotation.Bean;
-
import org.springframework.context.annotation.Configuration;
-
-
import java.util.LinkedHashMap;
-
import java.util.Map;
-
-
//from fhadmin.cn
-
@Configuration
-
public class ShiroConfig {
-
-
// ShiroFilterFactoryBean
-
@Bean
-
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
-
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
-
-
// 设置安全管理器
-
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
-
-
// 设置shiro内置过滤器
-
Map<String,String> filterMap = new LinkedHashMap<>();
-
/*
-
map 中value 的意义
-
* anon: 无需认证就可以访问资源;
-
* authc:必须认证后才能访问资源;
-
* user:必须拥有“记住我”功能才能访问资源;
-
* perms:拥有对某个资源的权限才能访问资源;
-
* role:拥有某个角色权限才能访问资源
-
* **/
-
filterMap.put("/user/*","authc");
-
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
-
-
// 设置登录页面url
-
shiroFilterFactoryBean.setLoginUrl("/toLogin");
-
return shiroFilterFactoryBean;
-
}
-
-
// DefaultWebSecurityManager
-
@Bean
-
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getUserRealm") UserRealm userRealm){
-
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
-
-
// 关联UserRealm
-
defaultWebSecurityManager.setRealm(userRealm);
-
return defaultWebSecurityManager;
-
}
-
-
// 创建 realm 对象,需要自定义类
-
@Bean
-
public UserRealm getUserRealm() {
-
return new UserRealm();
-
}
-
}
四、编写测试页面和页面跳转的Controller。
上面设置user 目录下所有资源的访问均需认证后才可访问,未认证访问时,会自动跳转到登录页面,即表示登录拦截成功。
阅读(660) | 评论(0) | 转发(0) |