Spring Boot如何集成Shiro呢?

下文笔者讲述SpringBoot集成Shiro的方法及示例分享,如下所示

SpringBoot集成Shiro的实现思路

1.引入依赖
2.写入相应的配置类
3.编写SystemRealm类
4.编写相应的application.yml信息

例

引入依赖

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring-boot-web-starter</artifactId>
    <version>1.4.0</version>
</dependency>

配置Shiro

ShiroConfig：

@ConfigurationProperties(prefix = "shiro")
@Configuration
public class ShiroConfig {

    @Autowired
    private ApplicationConfig applicationConfig;

    private list<String> pathDefinitions;

    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
        DefaultShiroFilterChainDefinition chainDefinition = new
                DefaultShiroFilterChainDefinition();

        applicationConfig.getStaticDirs()
                .forEach(s -> chainDefinition.addPathDefinition(s, "anon"));
        this.getPathDefinitions().forEach(d -> {
            String[] defArr = d.split("=");
            chainDefinition
                    .addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1]));
        });

        return chainDefinition;
    }

    @Bean
    public Realm systemRealm() {
        SystemRealm systemRealm = new SystemRealm();
        return systemRealm;
    }

    public List<String> getPathDefinitions() {
        return pathDefinitions;
    }

    public void setPathDefinitions(List<String> pathDefinitions) {
        this.pathDefinitions = pathDefinitions;
    }

}

SystemRealm

public class SystemRealm extends AuthorizingRealm {

    @Autowired
    private SysAdminMapper sysAdminMapper;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray
                ());

        SysAdminDO sysAdminParams = new SysAdminDO();
        sysAdminParams.setAdminLoginName(token.getUsername());
        SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams);

        AuthenticationInfo authInfo = null;
        if (sysAdminDO != null) {
            authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(),
                    getName());
        }
        return authInfo;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        /**
         * 下面为静态示例，根据用户对应权限进行修改
         * 根据用户查询对应的角色、权限
         */
        SysAdminDO sysAdminDO = (SysAdminDO) super.getAvailablePrincipal(principalCollection);
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

        Set<String> roles = new HashSet<>();
        roles.addAll(Arrays.asList("product", "operation"));
        authorizationInfo.setRoles(roles);

        Set<String> permissions = new HashSet<>();
        permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update"));
        authorizationInfo.addStringPermissions(permissions);

        return authorizationInfo;
    }

}

应用配置

application.yml中加入Shiro配置。

shiro:
  loginUrl: /login
  successUrl: /
  unauthorizedUrl: /error
  pathDefinitions:
    - /login/submit = anon
    - /logout = logout
    - /test = authc, roles[product], perms[operation:update]
    - /** = authc
 

loginUrl：没有认证的将会跳到登录页面
successUrl：认证成功跳转的页面
unauthorizedUrl：认证失败跳转的页面
pathDefinitions：用来定义路径授权规则