dp-boot shiro1.10.1 升级
时间: 2023-09-02 22:05:49 浏览: 169
对于dp-boot项目,升级Shiro 1.10.1的步骤如下:
1. 在pom.xml文件中升级Shiro依赖版本到1.10.1:
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.10.1</version>
</dependency>
```
2. 修改Shiro配置文件,将Shiro.ini改为Shiro.yml格式,并做相应的修改:
```yaml
shiro:
# realm配置
realms:
- name: jdbcRealm
# ...
# filter配置
filters:
anon: org.apache.shiro.web.filter.authc.AnonymousFilter
authc: org.apache.shiro.web.filter.authc.FormAuthenticationFilter
perms: org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
roles: org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
# filterChain配置
filterChainDefinitions:
'/login': anon
'/logout': logout
'/register': anon
'/static/**': anon
'/admin/**': authc, roles[admin]
'/user/**': authc, roles[user]
'/api/**': authc, perms[api:access]
```
3. 修改Shiro配置类,使用Yaml配置方式:
```java
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("anon", new AnonymousFilter());
filters.put("authc", new FormAuthenticationFilter());
filters.put("perms", new PermissionsAuthorizationFilter());
filters.put("roles", new RolesAuthorizationFilter());
filterFactoryBean.setFilters(filters);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/register", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/admin/**", "authc, roles[admin]");
filterChainDefinitionMap.put("/user/**", "authc, roles[user]");
filterChainDefinitionMap.put("/api/**", "authc, perms[api:access]");
filterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return filterFactoryBean;
}
@Bean
public SecurityManager securityManager(Realm realm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
@Bean
public Realm realm() {
JdbcRealm jdbcRealm = new JdbcRealm();
jdbcRealm.setDataSource(dataSource());
jdbcRealm.setAuthenticationQuery("SELECT password FROM users WHERE username = ?");
jdbcRealm.setUserRolesQuery("SELECT role_name FROM user_roles WHERE username = ?");
return jdbcRealm;
}
@Bean
public DataSource dataSource() {
// ...
}
// ...
}
```
4. 修改ShiroRealm类,将doGetAuthenticationInfo和doGetAuthorizationInfo方法的返回值类型改为SimpleAuthenticationInfo和SimpleAuthorizationInfo:
```java
public class ShiroRealm extends JdbcRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
String password = getPasswordForUser(username);
if (password == null) {
throw new UnknownAccountException("No account found for user [" + username + "]");
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<String> roles = getRolesForUser(username);
info.setRoles(roles);
return info;
}
// ...
}
```
5. 测试项目运行是否正常。
阅读全文