spring boot集成shiro详细教程(小结)
程序员文章站
2023-12-19 15:13:22
我们开发时候有时候要把传统spring shiro转成spring boot项目,或者直接集成,name我们要搞清楚一个知识,就是 xml配置和spring bean代码配...
我们开发时候有时候要把传统spring shiro转成spring boot项目,或者直接集成,name我们要搞清楚一个知识,就是 xml配置和spring bean代码配置的关系,这一点很重要,因为spring boot是没有xml配置文件的(也不绝对,spring boot也是可以引用xml配置的)
引入依赖:
<dependency> <artifactid>ehcache-core</artifactid> <groupid>net.sf.ehcache</groupid> <version>2.5.0</version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-ehcache</artifactid> <version>1.2.2</version> </dependency> <dependency> <groupid>org.slf4j</groupid> <artifactid>slf4j-api</artifactid> <version>1.7.25</version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-core</artifactid> <version>1.2.3</version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-web</artifactid> <version>1.2.3</version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-spring</artifactid> <version>1.2.3</version> </dependency>
如果你出现错误 找不到slf4j,引入依赖
<dependency> <groupid>org.slf4j</groupid> <artifactid>slf4j-log4j12</artifactid> <version>1.7.25</version> </dependency>
传统xml配置如下:
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"> <context:component-scan base-package="com.len"/> <!--定义realm--> <bean id="myrealm" class="com.len.core.shiro.loginrealm"> <property name="credentialsmatcher" ref="credentialsmatcher"/> </bean> <bean id="permissionfilter" class="com.len.core.filter.permissionfilter"/> <!--目前去掉自定义拦截验证 由个人处理登录业务--> <!--<bean id="customadvicfilter" class="com.len.core.filter.customadvicfilter"> <property name="failurekeyattribute" value="shirologinfailure"/> </bean>--> <bean id="verfitycodefilter" class="com.len.core.filter.verfitycodefilter"> <property name="failurekeyattribute" value="shirologinfailure"/> <property name="jcaptchaparam" value="code"/> <property name="verfiticode" value="true"/> </bean> <!-- shiro过滤器 --> <bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean"> <property name="securitymanager" ref="securitymanager"/> <property name="loginurl" value="/login"/> <property name="unauthorizedurl" value="/gologin" /> <property name="filters"> <map> <entry key="per" value-ref="permissionfilter"/> <entry key="vercode" value-ref="verfitycodefilter"/> <!--<entry key="main" value-ref="customadvicfilter"/>--> </map> </property> <property name="filterchaindefinitions"> <value> <!-- /** = anon所有url都可以匿名访问 --> /login = vercode,anon /getcode = anon /logout = logout /plugin/** = anon <!-- /** = authc 所有url都必须认证通过才可以访问--> /user/**=per <!-- /login = main--> /** = authc </value> </property> </bean> <!--安全管理器--> <bean id="securitymanager" class="org.apache.shiro.web.mgt.defaultwebsecuritymanager"> <property name="realm" ref="myrealm"/> <property name="cachemanager" ref="cachemanager" /> <!--<property name="remembermemanager" ref="remembermemanager" />--> </bean> <!-- 凭证匹配器 --> <bean id="credentialsmatcher" class="com.len.core.shiro.retrylimitcredentialsmatcher"> <constructor-arg index="0" ref="cachemanager"/> <constructor-arg index="1" value="5"/> <property name="hashalgorithmname" value="md5"/> <property name="hashiterations" value="4"/> </bean> <!--缓存--> <bean id="cachemanager" class="org.apache.shiro.cache.ehcache.ehcachemanager"> <property name="cachemanagerconfigfile" value="classpath:ehcache/ehcache.xml"/> </bean> <!--开启注解--> <bean class="org.apache.shiro.spring.security.interceptor.authorizationattributesourceadvisor"> <property name="securitymanager" ref="securitymanager" /> </bean> <bean id="lifecyclebeanpostprocessor" class="org.apache.shiro.spring.lifecyclebeanpostprocessor" /> </beans>
转换成bean 新建类shiroconfig
@configuration public class shiroconfig { @bean public retrylimitcredentialsmatcher getretrylimitcredentialsmatcher(){ retrylimitcredentialsmatcher rm=new retrylimitcredentialsmatcher(getcachemanager(),"5"); rm.sethashalgorithmname("md5"); rm.sethashiterations(4); return rm; } @bean public loginrealm getloginrealm(){ loginrealm realm= new loginrealm(); realm.setcredentialsmatcher(getretrylimitcredentialsmatcher()); return realm; } @bean public ehcachemanager getcachemanager(){ ehcachemanager ehcachemanager=new ehcachemanager(); ehcachemanager.setcachemanagerconfigfile("classpath:ehcache/ehcache.xml"); return ehcachemanager; } @bean public lifecyclebeanpostprocessor getlifecyclebeanpostprocessor() { return new lifecyclebeanpostprocessor(); } @bean(name="securitymanager") public defaultwebsecuritymanager getdefaultwebsecuritymanager(){ defaultwebsecuritymanager dwm=new defaultwebsecuritymanager(); dwm.setrealm(getloginrealm()); dwm.setcachemanager(getcachemanager()); return dwm; } @bean public permissionfilter getpermissionfilter(){ permissionfilter pf=new permissionfilter(); return pf; } @bean public verfitycodefilter getverfitycodefilter(){ verfitycodefilter vf= new verfitycodefilter(); vf.setfailurekeyattribute("shirologinfailure"); vf.setjcaptchaparam("code"); vf.setverfiticode(true); return vf; } @bean(name = "shirofilter") public shirofilterfactorybean getshirofilterfactorybean(){ shirofilterfactorybean sfb = new shirofilterfactorybean(); sfb.setsecuritymanager(getdefaultwebsecuritymanager()); sfb.setloginurl("/login"); sfb.setunauthorizedurl("/gologin"); map<string, filter> filters=new hashmap<>(); filters.put("per",getpermissionfilter()); filters.put("vercode",getverfitycodefilter()); sfb.setfilters(filters); map<string, string> filtermap = new linkedhashmap<>(); filtermap.put("/login","vercode,anon"); //filtermap.put("/login","anon"); filtermap.put("/getcode","anon"); filtermap.put("/logout","logout"); filtermap.put("/plugin/**","anon"); filtermap.put("/user/**","per"); filtermap.put("/**","authc"); sfb.setfilterchaindefinitionmap(filtermap); return sfb; } @bean public defaultadvisorautoproxycreator advisorautoproxycreator() { defaultadvisorautoproxycreator advisorautoproxycreator = new defaultadvisorautoproxycreator(); advisorautoproxycreator.setproxytargetclass(true); return advisorautoproxycreator; } @bean public authorizationattributesourceadvisor getauthorizationattributesourceadvisor(){ authorizationattributesourceadvisor as=new authorizationattributesourceadvisor(); as.setsecuritymanager(getdefaultwebsecuritymanager()); return as; } @bean public filterregistrationbean delegatingfilterproxy(){ filterregistrationbean filterregistrationbean = new filterregistrationbean(); delegatingfilterproxy proxy = new delegatingfilterproxy(); proxy.settargetfilterlifecycle(true); proxy.settargetbeanname("shirofilter"); filterregistrationbean.setfilter(proxy); return filterregistrationbean; }
其中有个别类是自定义的拦截器和 realm,此时spring 即能注入shiro 也就是 spring boot集成上了 shiro
如果你因为其他配置引起一些失败,可以参考开源项目 lenos快速开发脚手架 spring boot版本,其中有对shiro的集成,可以用来学习
地址:
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
推荐阅读
-
spring boot集成shiro详细教程(小结)
-
spring boot 集成shiro的配置方法
-
spring boot集成shiro详细教程(小结)
-
Spring Boot集成springfox-swagger2构建restful API的方法教程
-
Spring Boot集成Shiro并利用MongoDB做Session存储的方法详解
-
spring boot 1.5.4 集成shiro+cas,实现单点登录和权限控制
-
spring Boot+spring Cloud实现微服务详细教程第二篇
-
Spring boot 入门(四):集成 Shiro 实现登陆认证和权限管理
-
Spring Boot 集成 Apache Shiro
-
Spring Boot集成Shiro