在spring-boot中只需做以下配置:

  1. 首先引入依赖:

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-spring-boot-web-starter</artifactId>
        <version>1.9.0</version>
    </dependency>
  1. 配置realm(安全DTO):

    @Component
    public class MyRealm extends AuthorizingRealm {
        @Autowired
        private UserService userService;
    
        //鉴权
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            return null;
        }
    
        //认证
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            String name = token.getPrincipal().toString();
            User user = userService.findByUsername(name);
            if (user != null) {
                AuthenticationInfo info = new SimpleAuthenticationInfo(
                        token.getPrincipal(),//用户名
                        user.getPwd(),//用户密码
                        ByteSource.Util.bytes("salt"),//密码使用MD5加密时指定的盐
                        token.getPrincipal().toString()//这是当前认证信息的 realm 名称
                );
                return info;
            }
            return null;
        }
    }
  1. 配置SecurityManager(配置SecurityManager核心对象和过滤器链):

    @Configuration
    public class ShiroConfig {
    
        @Autowired
        private MyRealm realm;
    
        @Bean
        public DefaultWebSecurityManager defaultWebSecurityManager() {
            DefaultWebSecurityManager defaultWebSecurityManager =
                    new DefaultWebSecurityManager();
            //创建密码加密对象
            HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
            //设置加密对象的属性
            matcher.setHashAlgorithmName("md5");
            matcher.setHashIterations(3);
            //将加密对象  存储到Realm对象中
            realm.setCredentialsMatcher(matcher);
            //将Realm对象 存入 defaultWebSecurityManager对象中
            defaultWebSecurityManager.setRealm(realm);
            //绑定到线程上下文中
            ThreadContext.bind(defaultWebSecurityManager);
            //返回
            return defaultWebSecurityManager;
            
            //设置remember Me 功能
            defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
            
            //按需配置认证策略
            //创建认证对象,并指定认证策略
            //ModularRealmAuthenticator modularRealmAuthenticator=new ModularRealmAuthenticator();
            //这里指定了第三种认证策略,及所有的Realm都要认证成功
            //modularRealmAuthenticator.setAuthenticationStrategy(new AllSuccessfulStrategy());
            //封装Realm集合
            //List<Realm> list=new ArrayList<>();
            //list.add(realm);//有几个就添加几个
            //将Realm集合存入DefaultWebSecurityManager中返回
            //manager.setRealms(list);
        }
        //cokie属性设置
        public SimpleCookie remeberMeCookie(){
            SimpleCookie cookie=new SimpleCookie("remeberMe");
            //设置跨域
            cookie.setPath("/");
            cookie.setHttpOnly(true);
            cookie.setMaxAge(30*24*60*60);
            return cookie;
        }
        //创建Shiro的cookie管理对象
        public CookieRememberMeManager rememberMeManager(){
            CookieRememberMeManager cookieRememberMeManager=new CookieRememberMeManager();
            cookieRememberMeManager.setCookie(remeberMeCookie());
            cookieRememberMeManager.setCipherKey("1234567890987654".getBytes());
            return cookieRememberMeManager;
        }
    
        @Bean
        public DefaultShiroFilterChainDefinition shiroFilterChainDefinition() {
            DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
            //设置不认证可以访问的资源
            definition.addPathDefinition("/myController/userLogin", "anon");
            definition.addPathDefinition("/myController/login", "anon");
            //配置需要拦截的请求范围
            definition.addPathDefinition("/**", "authc");
    
            return definition;
        }
    }
最后修改:2024 年 05 月 17 日
如果觉得我的文章对你有用,请随意赞赏