给一个springboot项目中使用shiro的例子
时间: 2023-04-10 12:02:51 浏览: 127
当然可以,以下是一个使用 Shiro 的 Spring Boot 项目的示例:
首先,您需要在 pom.xml 文件中添加以下依赖项:
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.2</version>
</dependency>
```
接下来,您需要在 application.properties 文件中配置 Shiro:
```properties
# Shiro 配置
shiro:
# 登录 URL
loginUrl: /login
# 登录成功后跳转的 URL
successUrl: /index
# 未授权 URL
unauthorizedUrl: /unauthorized
# Shiro 过滤器链配置
filterChainDefinitions: /static/**=anon\n/login=anon\n/logout=logout\n/**=authc
```
然后,您需要创建一个 Shiro 配置类:
```java
@Configuration
public class ShiroConfig {
/**
* 创建 Shiro 过滤器工厂
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/index");
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 创建 SecurityManager
*/
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm());
return securityManager;
}
/**
* 创建 Realm
*/
@Bean
public Realm realm() {
return new MyRealm();
}
/**
* 开启 Shiro 注解支持
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
/**
* 开启 Shiro AOP 支持
*/
@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
creator.setProxyTargetClass(true);
return creator;
}
}
```
最后,您需要创建一个 Realm 类来处理身份验证和授权:
```java
public class MyRealm extends AuthorizingRealm {
/**
* 处理授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRole("admin");
authorizationInfo.addStringPermission("user:list");
return authorizationInfo;
}
/**
* 处理身份验证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
String password = new String((char[]) token.getCredentials());
if (!"admin".equals(username)) {
throw new UnknownAccountException("用户名或密码错误");
}
if (!"123456".equals(password)) {
throw new IncorrectCredentialsException("用户名或密码错误");
}
return new SimpleAuthenticationInfo(username, password, getName());
}
}
```
这就是一个简单的使用 Shiro 的 Spring Boot 项目的示例。
阅读全文