咱们也就不多哔哔,直接开始
我先放我自己写的项目结构
第一步: 想啥了,肯定是先创建一个springboot的项目
第二步:配置pom文件
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<!-- 注解工具,更加方便的使用log -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
第三步:登录控制器
这是登录ajax跳的方法,就照着图片上敲就行了
第四步:创建用户认证授权方法类
public class CustomRealm extends AuthorizingRealm {
@Autowired
private LoginService loginService;
@Override //这边是权限认证
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String name = (String) principals.getPrimaryPrincipal();
UserInfo userInfo = new UserInfo(0,name,"","",null);
UserInfo user = loginService.getUserByName(userInfo);
//添加角色和权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
for (Role role : user.getRoles()) {
//添加角色
simpleAuthorizationInfo.addRole(role.getRoleName());
//添加权限
for (Permissions permissions : role.getPermissions()) {
simpleAuthorizationInfo.addStringPermission(permissions.getPermissionsName());
}
}
return simpleAuthorizationInfo;
}
@Override //这里是登录认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//加这一步的目的是在Post请求的时候会先进认证,然后在到请求
if (authenticationToken.getPrincipal() == null) {
return null;
}
//获取用户信息
String name = authenticationToken.getPrincipal().toString();
UserInfo userInfo = new UserInfo(0,name,"","",null);
UserInfo user = loginService.getUserByName(userInfo);
if (user == null) {
//这里返回后会报出对应异常
return null;
} else {
//这里验证authenticationToken和simpleAuthenticationInfo的信息
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, user.getUserpwd().toString(), getName());
return simpleAuthenticationInfo;
}
}
}
第五步:shiro配置类
@Configuration
public class ShiroConfig {
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
//将自己的验证方式加入容器
@Bean
public CustomRealm myShiroRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
//权限管理,配置主要是Realm的管理认证
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
//登出
//map.put("/logout", "logout");
/**
* anon 匿名用户可以访问
* user:认证用户可访问
* perms:对应权限可访问
* role:对应角色可访问
*/
/**
* 配置statics下面静态文件可以访问
*/
map.put("/statics/**", "anon");
map.put("/login", "anon");
/**
* 对所有请求认证,这一步必须放在后面,不然会有问题
*/
map.put("/**", "authc");
//登录
shiroFilterFactoryBean.setLoginUrl("/");
//登录成功之后,允许跳首页的控制器方法
shiroFilterFactoryBean.setSuccessUrl("/index");
//错误页面,认证不通过跳转
//shiroFilterFactoryBean.setUnauthorizedUrl("/error");
//添加配置
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
//加入注解的使用,不加入这个注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
第六步:异常类
@ControllerAdvice
@Slf4j
public class MyExceptionHandler {
@ExceptionHandler
public String ErrorHandler(AuthorizationException e) {
log.error("没有通过权限验证!", e);
return "my_error";
}
}
按着我的一步一步的照着敲就可以了,我也是第一次学习shiro,所以写的比较糟糕
所以我这边放出我学习的链接,这里面作者讲的很详细,而且还有附带demo
springboot整合shiro