Springboot整合Shiro的代码实例

这篇文章主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

1、导入依赖

<!--shiro-->
<dependency>
 <groupId>org.apache.shiro</groupId>
 <artifactId>shiro-spring</artifactId>
 <version>1.4.0</version>
</dependency>

2、创建ShiroRealm.java文件

（这里按照需求，只做登录认证这块）

package com.hyqfx.manager.shiro;

import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.hyqfx.manager.entity.po.SystemAdmin;
import com.hyqfx.manager.service.ISystemAdminService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

public class ShiroRealm extends AuthorizingRealm {

@Autowired
 private ISystemAdminService adminService;

//授权
 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
   /*
   //获取登录用户名
   String name= (String) principalCollection.getPrimaryPrincipal();
   //查询用户名称
   User user = loginService.findByName(name);
   //添加角色和权限
   SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
   for (Role role:user.getRoles()) {
     //添加角色
     simpleAuthorizationInfo.addRole(role.getRoleName());
     for (Permission permission:role.getPermissions()) {
       //添加权限
       simpleAuthorizationInfo.addStringPermission(permission.getPermission());
     }
   }
   return simpleAuthorizationInfo;*/

return null;
 }

//认证
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
   //加这一步的目的是在Post请求的时候会先进认证，然后在到请求
   if (authenticationToken.getPrincipal() == null) {
     return null;
   }
   //获取用户信息
   String name = authenticationToken.getPrincipal().toString();
   SystemAdmin admin = adminService.selectOne(new EntityWrapper<SystemAdmin>().eq("username",name));

if (admin == null) {
     return null;
   } else {
     //这里验证authenticationToken和simpleAuthenticationInfo的信息
     SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, admin.getPassword().toString(), getName());
     return simpleAuthenticationInfo;
   }
 }
}

3、创建ShiroConfiguration.java文件

package com.becl.config;

import com.becl.shiro.PasswordMatcher;
import com.becl.shiro.ShiroRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;

@Configuration
public class ShiroConfiguration {

//将自己的验证方式加入容器
 @Bean
 public ShiroRealm myShiroRealm() {
   ShiroRealm myShiroRealm = new ShiroRealm();
   myShiroRealm.setCredentialsMatcher(passwordMatcher());//装配自定义的密码验证方式
   return myShiroRealm;
 }

// 配置加密方式
 // 配置了一下，这货就是验证不过，，改成手动验证算了，以后换加密方式也方便
 @Bean
 public PasswordMatcher passwordMatcher() {
   return new PasswordMatcher();
 }

//权限管理，配置主要是Realm的管理认证
 @Bean
 public SecurityManager securityManager() {
   DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
   securityManager.setRealm(myShiroRealm());
   return securityManager;
 }

//Filter工厂，设置对应的过滤条件和跳转条件
 @Bean
 public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
   ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
   shiroFilterFactoryBean.setSecurityManager(securityManager);
   Map<String,String> map = new HashMap<String, String>();
   //登出
   map.put("/logout","logout");
   //不需要认证
   map.put("/logout","anon");
   map.put("/login*","anon");
   map.put("/shiroError","anon");
   //对所有用户认证
   map.put("/**","authc");
   //map.put("/**","anon");
   //登录
   shiroFilterFactoryBean.setLoginUrl("/login");
   //首页
   shiroFilterFactoryBean.setSuccessUrl("/index");
   //错误页面，认证不通过跳转
   shiroFilterFactoryBean.setUnauthorizedUrl("/shiroError");
   shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
   return shiroFilterFactoryBean;
 }

//加入注解的使用，不加入这个注解不生效
 @Bean
 public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
   AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
   authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
   return authorizationAttributeSourceAdvisor;
 }

}

4、自定义Shiro的密码比较器

package com.becl.shiro;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.mindrot.jbcrypt.BCrypt;

/**
* 自定义密码比较器
*/
public class PasswordMatcher extends SimpleCredentialsMatcher {

@Override
 public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
   UsernamePasswordToken utoken=(UsernamePasswordToken) token;

//获得用户输入的密码:(可以采用加盐(salt)的方式去检验)
   String inPassword = new String(utoken.getPassword());
   String username = utoken.getUsername();

//获得数据库中的密码
   String dbPassword = (String) info.getCredentials();
   //进行密码的比对
   boolean flag = BCrypt.checkpw(inPassword,dbPassword);
   return flag;
 }
}

来源：https://www.cnblogs.com/lqq7456/p/11750005.html