帮我写一个shiro框架代码
时间: 2023-03-29 07:02:21 浏览: 69
好的,我可以为您提供一个简单的 Shiro 框架代码示例:
首先,您需要在您的项目中添加 Shiro 的依赖,例如:
```
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.7.1</version>
</dependency>
```
然后,您需要创建一个 Shiro 的配置类,例如:
```
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager(Realm realm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
@Bean
public Realm realm() {
return new MyRealm();
}
}
```
在这个配置类中,我们定义了 Shiro 的过滤器工厂和安全管理器,以及一个自定义的 Realm。
接下来,我们需要实现这个自定义的 Realm,例如:
```
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRole("admin");
authorizationInfo.addStringPermission("user:read");
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
String password = new String((char[]) token.getCredentials());
if (!"admin".equals(username)) {
throw new UnknownAccountException();
}
if (!"password".equals(password)) {
throw new IncorrectCredentialsException();
}
return new SimpleAuthenticationInfo(username, password, getName());
}
}
```
在这个自定义的 Realm 中,我们定义了用户的角色和权限,以及用户的认证方式。
最后,我们需要在我们的 Controller 中使用 Shiro,例如:
```
@Controller
public class UserController {
@GetMapping("/user")
@RequiresPermissions("user:read")
public String getUser() {
return "user";
}
@GetMapping("/login")
public String getLogin() {
return "login";
}
@PostMapping("/login")
public String postLogin(String username, String password) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
return "redirect:/user";
} catch (AuthenticationException e) {
return "login";
}
}
@GetMapping("/logout")
public String getLogout() {
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:/login";
}
@GetMapping("/unauthorized")
public String getUnauthorized() {
return "unauthorized";
}
}
```
在这个 Controller 中,我们定义了用户的登录、注销和访问受限页面的方法,并使用了 Shiro 的注解来限制用户的访问权限。
希望这个示例可以帮助您了解如何使用 Shiro 框架。