帮我springboot整合shiro
时间: 2023-06-21 13:08:48 浏览: 51
好的,下面是Spring Boot整合Shiro的步骤:
1. 添加Shiro和Spring Boot的依赖:
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.3</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
```
2. 创建Shiro配置类,并添加Shiro的注解支持:
```java
@Configuration
public class ShiroConfig {
// Shiro自动配置
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/register", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm());
return securityManager;
}
@Bean
public UserRealm userRealm() {
return new UserRealm();
}
@Bean
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
}
```
3. 创建Shiro Realm类,用于认证和授权:
```java
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
User user = userService.getUserByUsername(username);
if (user == null) {
throw new UnknownAccountException();
}
return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
}
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
User user = (User) principalCollection.getPrimaryPrincipal();
List<Role> roles = userService.getRolesByUserId(user.getId());
Set<String> roleNames = roles.stream().map(Role::getName).collect(Collectors.toSet());
authorizationInfo.setRoles(roleNames);
List<Permission> permissions = userService.getPermissionsByUserId(user.getId());
Set<String> permissionNames = permissions.stream().map(Permission::getName).collect(Collectors.toSet());
authorizationInfo.setStringPermissions(permissionNames);
return authorizationInfo;
}
}
```
4. 在Controller中使用Shiro注解进行访问控制:
```java
@Controller
public class UserController {
@RequiresPermissions("user:list")
@GetMapping("/users")
public String userList(Model model) {
List<User> users = userService.getAllUsers();
model.addAttribute("users", users);
return "user/list";
}
@RequiresPermissions("user:add")
@GetMapping("/users/new")
public String newUser(Model model) {
model.addAttribute("user", new User());
return "user/new";
}
@RequiresPermissions("user:add")
@PostMapping("/users")
public String createUser(@ModelAttribute("user") User user) {
userService.saveUser(user);
return "redirect:/users";
}
@RequiresPermissions("user:delete")
@PostMapping("/users/{id}/delete")
public String deleteUser(@PathVariable("id") Long id) {
userService.deleteUser(id);
return "redirect:/users";
}
}
```
以上就是Spring Boot整合Shiro的基本步骤,你可以根据自己的需要进行修改和扩展。