# springboot-shiro-2020 **Repository Path**: chillyCUI/springboot-shiro-2020 ## Basic Information - **Project Name**: springboot-shiro-2020 - **Description**: springboot shiro thymeleaf - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-09-08 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # springboot-shiro-2020 #### 介绍 springboot 整合 shiro 、thymeleaf 1. Spring Boot与Shiro整合实现用户认证 2. Spring Boot与Shiro整合实现用户授权 Apache Shiro 体系结构 ![shiro架构](https://images.gitee.com/uploads/images/2020/0908/124324_8a6ea61d_7603591.png "屏幕截图.png") 1、Authentication 认证 ---- 用户登录 2、Authorization 授权 --- 用户具有哪些权限 3、Cryptography 安全数据加密 4、Session Management 会话管理 5、Web Integration web系统集成 6、Interations 集成其它应用,spring、缓存框架 用户授权实现: shiroFilterFactoryBean( WebSecurityManager(Realm) ) 用户认证登录实现:public class UserRealm extends AuthorizingRealm public abstract class AuthorizingRealm extends AuthenticatingRealm ``` @Configuration public class ShiroConfig { /** * 创建ShiroFilterFactoryBean */ @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); //设置安全管理器 shiroFilterFactoryBean.setSecurityManager(securityManager); //添加Shiro内置过滤器 /** * Shiro内置过滤器,可以实现权限相关的拦截器 * 常用的过滤器: * anon: 无需认证(登录)可以访问 * authc: 必须认证才可以访问 * user: 如果使用rememberMe的功能可以直接访问 * perms: 该资源必须得到资源权限才可以访问 * role: 该资源必须得到角色权限才可以访问 */ Map filterMap = new LinkedHashMap(); /*filterMap.put("/add", "authc"); filterMap.put("/update", "authc");*/ filterMap.put("/testThymeleaf", "anon"); //放行login.html页面 filterMap.put("/login", "anon"); //授权过滤器 //注意:当前授权拦截后,shiro会自动跳转到未授权页面 filterMap.put("/add", "perms[user:add]"); filterMap.put("/update", "perms[user:update]"); filterMap.put("/*", "authc"); //修改调整的登录页面 shiroFilterFactoryBean.setLoginUrl("/toLogin"); //设置未授权提示页面 shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); return shiroFilterFactoryBean; } /** * 创建DefaultWebSecurityManager */ @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //关联realm securityManager.setRealm(userRealm); return securityManager; } /** * 创建Realm */ @Bean(name = "userRealm") public UserRealm getRealm() { return new UserRealm(); } } ``` ``` public class UserRealm extends AuthorizingRealm{ /** * 执行授权逻辑 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) { System.out.println("执行授权逻辑"); //给资源进行授权 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //添加资源的授权字符串 //info.addStringPermission("user:add"); //到数据库查询当前登录用户的授权字符串 //获取当前登录用户 Subject subject = SecurityUtils.getSubject(); User user = (User)subject.getPrincipal(); User dbUser = userSerivce.findById(user.getId()); info.addStringPermission(dbUser.getPerms()); return info; } @Autowired private UserService userSerivce; /** * 执行认证逻辑 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { System.out.println("执行认证逻辑"); //编写shiro判断逻辑,判断用户名和密码 //1.判断用户名 UsernamePasswordToken token = (UsernamePasswordToken)arg0; User user = userSerivce.findByName(token.getUsername()); if(user==null){ //用户名不存在 return null;//shiro底层会抛出UnKnowAccountException } //2.判断密码 return new SimpleAuthenticationInfo(user,user.getPassword(),""); } } ```