1.shiro实现登陆拦截
package com.liu.config; import at.pollux.thymeleaf.shiro.dialect.ShiroDialect; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager ){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); //设置安全管理器 bean.setSecurityManager(securityManager); //自定义拦截规则 Map<String, String> filterMap = new LinkedHashMap<>(); /** * anon:无需认证就可以访问 * authc:必须认证了才能访问 * user:必须拥有了 记住我 功能才能用 * perms:拥有了对某个资源的权限才能访问 * role:拥有某个角色权限才能访问 */ // filterChainDefinitionMap.put("/user/**","authc"); filterMap.put("/user/add","perms[user-add]"); filterMap.put("/user/update","perms[user-update]"); bean.setFilterChainDefinitionMap(filterMap); //设置登陆的请求 bean.setLoginUrl("/toLogin"); //设置未授权页面 bean.setUnauthorizedUrl("/noauth"); return bean; } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager SecurityManager = new DefaultWebSecurityManager(); //关联自定义的realmm SecurityManager.setRealm(userRealm); return SecurityManager; } @Bean //自定义realm public UserRealm userRealm(){ return new UserRealm(); } //整合shiroDialog 整合shiro+thymeleaf @Bean public ShiroDialect shiroDialect(){ return new ShiroDialect(); } }
2.shiro实现用户认证和请求授权
package com.liu.config; import com.liu.mapper.UserMapper; import com.liu.pojo.User; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; //认证===》授权===》过滤 public class UserRealm extends AuthorizingRealm { @Autowired private UserMapper userMapper; @Override//授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //获得当前登陆用户 Subject subject = SecurityUtils.getSubject(); User user = (User) subject.getPrincipal();//从认证中SimpleAuthenticationInfo添加的user //获得当前的登陆用户的权限 info.addStringPermission(user.getPerms()); return info; } @Override//认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; //从数据库中取出用户信息 String username = token.getUsername(); //从数据库中取出用户信息 User user = userMapper.getUserByUsername(username); if (!token.getUsername().equals(user.getName())){ return null; } SecurityUtils.getSubject().getSession().setAttribute("loginUser",user); return new SimpleAuthenticationInfo(user,user.getPwd(),this.getName()); } }