spring-boot集成shiro
程序员文章站
2022-06-07 19:15:17
...
引用
项目启动后输入:http://localhost/
该项目中, 增加了对url的拦截URLPermissionsFilter,
用admin/123456,拥有index权限reports未任何权限, lance/123456尚未分配任何权限.
1.Pom依赖
<shiro.version>1.2.5</shiro.version> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.3.5.RELEASE</version> </parent>
2.Shiro配置
@Configuration public class ShiroConfig { /** * FilterRegistrationBean * @return */ @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter")); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.setDispatcherTypes(DispatcherType.REQUEST); return filterRegistration; } /** * @see org.apache.shiro.spring.web.ShiroFilterFactoryBean * @return */ @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter(){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); bean.setSecurityManager(securityManager()); bean.setLoginUrl("/login"); bean.setUnauthorizedUrl("/unauthor"); Map<String, Filter>filters = Maps.newHashMap(); filters.put("perms", urlPermissionsFilter()); filters.put("anon", new AnonymousFilter()); bean.setFilters(filters); Map<String, String> chains = Maps.newHashMap(); chains.put("/login", "anon"); chains.put("/unauthor", "anon"); chains.put("/logout", "logout"); chains.put("/base/**", "anon"); chains.put("/css/**", "anon"); chains.put("/layer/**", "anon"); chains.put("/**", "authc,perms"); bean.setFilterChainDefinitionMap(chains); return bean; } /** * @see org.apache.shiro.mgt.SecurityManager * @return */ @Bean(name="securityManager") public DefaultWebSecurityManager securityManager() { DefaultWebSecurityManager manager = new DefaultWebSecurityManager(); manager.setRealm(userRealm()); manager.setCacheManager(cacheManager()); manager.setSessionManager(defaultWebSessionManager()); return manager; } /** * @see DefaultWebSessionManager * @return */ @Bean(name="sessionManager") public DefaultWebSessionManager defaultWebSessionManager() { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setCacheManager(cacheManager()); sessionManager.setGlobalSessionTimeout(1800000); sessionManager.setDeleteInvalidSessions(true); sessionManager.setSessionValidationSchedulerEnabled(true); sessionManager.setDeleteInvalidSessions(true); return sessionManager; } /** * @see UserRealm--->AuthorizingRealm * @return */ @Bean @DependsOn(value="lifecycleBeanPostProcessor") public UserRealm userRealm() { UserRealm userRealm = new UserRealm(); userRealm.setCacheManager(cacheManager()); return userRealm; } @Bean public URLPermissionsFilter urlPermissionsFilter() { return new URLPermissionsFilter(); } @Bean public EhCacheManager cacheManager() { EhCacheManager cacheManager = new EhCacheManager(); cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml"); return cacheManager; } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } }
3.完整项目参考
https://github.com/leelance/spring-boot-all/tree/master/spring-boot-shiro