springboot整合shiro

一共三步骤,实现简单登陆拦截

1 ===> 国际惯例导入依赖

<dependency>
	  <groupId>org.apache.shiro</groupId>
	  <artifactId>shiro-spring</artifactId>
	  <version>1.3.2</version>
</dependency>

2===>配置两个类

shiroFilter

import org.apache.shiro.mgt.SecurityManager;//只给你这个,其他的都导入shiro的就行了
@Bean(name = "shiroFilter")
	public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		shiroFilterFactoryBean.setSecurityManager(securityManager);// 安全管理器
		shiroFilterFactoryBean.setLoginUrl("/login.html"); // 未认证,跳转的页面
		shiroFilterFactoryBean.setSuccessUrl("/admin/index.html");// 成功跳转的页面
		shiroFilterFactoryBean.setUnauthorizedUrl("/notRole.html");// 认证后无权限页面
		// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
		Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();// Url过滤器的权限规则
		filterChainDefinitionMap.put("/js/**", "anon");
		filterChainDefinitionMap.put("/image/**", "anon");
		filterChainDefinitionMap.put("/plugins/**", "anon");
		filterChainDefinitionMap.put("/css/**", "anon");
		filterChainDefinitionMap.put("/login.html", "anon");
        //👇是你的登陆方法名称路径,千万别拦截了,要不然你会一脸懵逼,发现怎么点按钮都木的用
		filterChainDefinitionMap.put("/Lg/Login", "anon");
	// 主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截 剩余的都需要认证
		filterChainDefinitionMap.put("/**", "authc");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		return shiroFilterFactoryBean;

	}

	@Bean
	public SecurityManager securityManager() {
		DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
		defaultSecurityManager.setRealm(customRealm());
		return defaultSecurityManager;
	}

	@Bean
	public CustomRealm customRealm() {
		CustomRealm customRealm = new CustomRealm();
		return customRealm;
	}
//下面这些东西我也不晓得有啥用,但是百度上都有,那我也不敢删啊
	@Bean
	public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
		return new LifecycleBeanPostProcessor();
	}

	/**
	 * * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),
	 * 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 *
	 * 配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选)
	 * 和AuthorizationAttributeSourceAdvisor)即可实现此功能 * @return
	 */
	@Bean
	@DependsOn({ "lifecycleBeanPostProcessor" })
	public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
		advisorAutoProxyCreator.setProxyTargetClass(true);
		return advisorAutoProxyCreator;
	}

	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
		return authorizationAttributeSourceAdvisor;
	}

CustomRealm 名字自定义,随便你,爱咋取咋取

public class CustomRealm extends AuthorizingRealm{
	
	@Autowired AdminInfoServiceImpl adminInfoServiceImpl;

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		System.out.println("授权中.......");
		
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		System.out.println("认证中....................");
		这里将会是subject.login(token);的方法的实现
	}
}

3===>登陆方法编写

@RestController
@RequestMapping("/Lg")
public class LoginController {
	@RequestMapping(value = "Login", method = RequestMethod.POST)
	public Result login(@RequestBody AdminInfo info) {
		Subject subject = SecurityUtils.getSubject();
		// 在认证提交前准备 token(令牌)
		UsernamePasswordToken token = new UsernamePasswordToken(info.getUserName(), info.getPassWord());
		try {
			subject.login(token);
		} catch (UnknownAccountException uae) {
			return Result.erroReuslt("登陆失败");
		} catch (IncorrectCredentialsException ice) {
			return Result.erroReuslt("登陆失败");
		} catch (LockedAccountException lae) {
			return Result.erroReuslt("登陆失败");
		} catch (ExcessiveAttemptsException eae) {
			return Result.erroReuslt("登陆失败");
		}
		if (subject.isAuthenticated()) {
			return Result.successReuslt("登陆成功!",null);
		} else {
			token.clear();
			return Result.erroReuslt("失败");
		}
	}
}

这样子就可以实现你的登陆权限校验了,一个简单的demo就做完了~然后你在以后都要输入密码登陆了~不能直接写页面地址了:rofl::rofl::rofl: