Shiro集成web环境[Springboot]
1.shiro官网查找依赖的jar,其中shiro-ehcache做授权缓存时使用,另外还需要导入ehcache的jar包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.ehcache/ehcache -->
<dependency>
<groupId>org.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>3.6.3</version>
</dependency>
过滤器依赖的层级关系:
2.配置shrio的核心过滤器
@Configuration
public class ShiroFilter {
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//shiro会对所有资源进行控制,默认不拦截 需要配置
Map<String,String> map = new HashMap<>();
//多个过滤器 AnonymousFilter 匿名过滤器 简称anon
// FormAuthenticationFilter 认证过滤器 简称authc
map.put("/**","authc");
//多个过滤器组成过滤器链
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//设置认证页面路径
shiroFilterFactoryBean.setLoginUrl("/main/login.jsp");
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager getSecurityManager(){
//web环境下securityManage的实现类为DefaultWebSecurityManager
SecurityManager securityManager = new DefaultWebSecurityManager();
return securityManager;
}
}
其中shiro过滤器中的SecurityManager 属性必须设置,否则报错如下:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getShiroFilterFactoryBean': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanInitializationException: SecurityManager property must be set.
注入方式:
- new SecurityManager 后set赋值给ShiroFilter 不推荐
- 自动注入,自动注入前应该考虑该类是否由spring工厂管理?没有管理 交由spring工厂管理
- 自动注入只在一个方法中使用 无需自动注入,java配置形式提供了方法形参的注入,该形参是基于类型的注入,凡是由spring工厂管理的类,所需的方法形参类型都可以由spring工厂提供
如图关系:
测试1:设置认证过滤器,访问index.jsp 无法到达且视图解析指向login.jsp 说明该请求没有经过认证
测试2:设置匿名过滤器,访问index.jsp可到到
Shiro过滤器
| 过滤器简称 | 对应的java类 |
|---|---|
| anon | org.apache.shiro.web.filter.authc.AnonymousFilter |
| authc | org.apache.shiro.web.filter.authc.FormAuthenticationFilter |
| authcBasic | org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter |
| perms | org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter |
| port | org.apache.shiro.web.filter.authz.PortFilter |
| rest | org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter |
| roles | org.apache.shiro.web.filter.authz.RolesAuthorizationFilter |
| ssl | org.apache.shiro.web.filter.authz.SslFilter |
| user | org.apache.shiro.web.filter.authc.UserFilter |
| logout | org.apache.shiro.web.filter.authc.LogoutFilter |