添加Shiro依赖
org.apache.shiro shiro-spring1.7.1
创建SpringShiroConfig配置类
@Configuration public class SpringShiroConfig { @Bean("securityManager") public SecurityManager newSecurityManager(ShiroUserRealm shiroUserRealm){ DefaultWebSecurityManager sm = new DefaultWebSecurityManager(); sm.setRealm(shiroUserRealm); return sm; } @Bean("shiroFactory") public ShiroFilterFactoryBean newShiroFactory(SecurityManager securityManager){ ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean(); filter.setSecurityManager(securityManager); filter.setLoginUrl("/doLoginUI");//设置登录页面路径 linkedHashMapfilterMap = new linkedHashMap<>(); filterMap.put("/bower_components @Bean("lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor newLifecycleBeanPostProcessor(){ return new LifecycleBeanPostProcessor(); }; @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } }
创建过滤器配置类
@Configuration public class WebFilterConfig { @Bean public FilterRegistrationBeannewFilterRegistration(){ FilterRegistrationBean rBean = new FilterRegistrationBean<>(); //创建过滤器对象 DelegatingFilterProxy filter = new DelegatingFilterProxy("shiroFactory"); rBean.setFilter(filter); //配置过滤器映射路径 rBean.addUrlPatterns(" @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName("MD5"); matcher.setHashIterations(1); super.setCredentialsMatcher(matcher); } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //获取用户提交的身份信息 UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; String username = token.getUsername(); SysUser user = sysUserService.findUserByUserName(username); if (user == null) throw new UnknownAccountException(); if (user.getValid() == 0) throw new LockedAccountException(); ByteSource credentialsSalt = ByteSource.Util.bytes(user.getSalt()); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),credentialsSalt,getName()); return info; } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { //获取登录用户ID SysUser user = (SysUser)principalCollection.getPrimaryPrincipal(); Integer id = user.getId(); List permission = sysUserService.findPermission(id); if (permission == null|| permission.size()==0)throw new AuthorizationException(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setStringPermissions(new HashSet<>(permission)); return info;//返回给授权管理器 } }
登录Demo
@RestController @RequestMapping("user") public class Login { @LogOperation("登录") @RequestMapping("doLogin") public JsonResult doLogin(String username,String password){ //获取subject对象,负责提交用户信息 Subject subject = SecurityUtils.getSubject(); //执行登录,提交用户信息 UsernamePasswordToken token = new UsernamePasswordToken(username,password); //提交给SecurityManager subject.login(token); return new JsonResult("登陆成功"); } }
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)