SpringBoot整合Shiro 一：搭建环境

Java项目的安全框架一般使用 shiro 与 spring security

　　具体怎么选择可以参考文章：安全框架 Shiro 和 Spring Security 如何选择

我这里选择使用Shiro

环境搭建

创建SpringBoot项目

导入Maven依赖

<dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-web</artifactId>
 </dependency>
 ​
 <dependency>
     <groupId>org.apache.shiro</groupId>
     <artifactId>shiro-spring</artifactId>
     <version>1.5.1</version>
 </dependency>
 ​
 <dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-thymeleaf</artifactId>
     <version>2.2.5.RELEASE</version>
 </dependency>

创建 Realm 类

　　需要继承 AuthorizingRealm

package com.zy.config;
 ​
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 ​
 public class UserRealm extends AuthorizingRealm {
 ​
     //授权
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
         System.out.println("执行了=>授权doGetAuthorizationInfo");
         return null;
     }
 ​
     //认证
     @Override
     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
         System.out.println("执行了=>认证doGetAuthenticationInfo");
         return null;
     }
 }

Shiro配置类

步骤1

　创建realm对象

//创建realm对象(步骤1)
 @Bean(name = "userRealm")
 public UserRealm userRealm(){
     return new UserRealm();
 }

 

步骤2

　DefaultWebSecurityManager

　　　--> import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

//DefaultWebSecurityManager(步骤2)
 @Bean(name = "defaultWebSecurityManager")
 public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
 ​
     DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
     securityManager.setRealm(userRealm());
     return securityManager;
 ​
 }

步骤3

　ShiroFilterFactoryBean

//ShiroFilterFactoryBean(步骤3)
 @Bean(name = "shiroFilterFactoryBean")
 //@Bean
 public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
     ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
 ​
     bean.setSecurityManager(defaultWebSecurityManager);
     return bean;
 }

ShiroConfig搭建完成

package com.zy.config;
 ​
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 ​
 @Configuration
 public class ShiroConfig {
 ​
     //ShiroFilterFactoryBean(步骤3)
     @Bean(name = "shiroFilterFactoryBean")
     //@Bean
     public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
         ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
 ​
         bean.setSecurityManager(defaultWebSecurityManager);
         return bean;
     }
 ​
     //DefaultWebSecurityManager(步骤2)
     @Bean(name = "defaultWebSecurityManager")
     public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
 ​
         DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
         securityManager.setRealm(userRealm());
         return securityManager;
 ​
     }
 ​
     //创建realm对象(步骤1)
     @Bean(name = "userRealm")
     public UserRealm userRealm(){
         return new UserRealm();
     }
 ​
 }

 

Controller

　首先是index页面

index.html

<!DOCTYPE html>
 <html lang="en" xmlns:th="http://www.thymeleaf.org"
       xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
 <head>
     <meta charset="UTF-8">
     <title>Title</title>
 </head>
 <body>
 ​
 <h1>首页</h1>
 <p th:text="${msg}"></p>
 ​
 <a th:href="@{/user/add}">add</a> | <a th:href="@{/user/update}">update</a>
 ​
 </body>
 </html>

对应Controller

@RequestMapping({"/","/index"})
 public String toIndex(Model model){
     model.addAttribute("msg","HelloShiro");
 ​
     return "index";
 }

 

add页面

add.html

<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title>Title</title>
 </head>
 <body>
 ​
 <h1>add</h1>
 ​
 </body>
 </html>

对应Controller

 @RequestMapping("/user/add")
 public String add(){
 ​
     return "user/add";
 }

 

update页面

update.html

 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title>Title</title>
 </head>
 <body>
 ​
 <h1>update</h1>
 ​
 </body>
 </html>

对应Controller

@RequestMapping("/user/update")
 public String update(){
 ​
     return "user/update";
 }

 

MyController（总）

 package com.zy.controller;
 ​
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 ​
 @Controller
 public class MyController {
 ​
     @RequestMapping({"/","/index"})
     public String toIndex(Model model){
         model.addAttribute("msg","HelloShiro");
 ​
         return "index";
     }
 ​
     @RequestMapping("/user/add")
     public String add(){
 ​
         return "user/add";
     }
 ​
     @RequestMapping("/user/update")
     public String update(){
 ​
         return "user/update";
     }
 }

 

测试

index界面

add界面

update界面

测试成功，搭建完成