1.导包
<!--shiro整合spring--> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.0</version> </dependency>
2.搭建基本环境
知识点回顾:
如何声明自定义类是配置类? @Configuration
如何将自定义配置类的方法交给spring托管? @Bean
如何在springioc容器中指定@Bean?@Qualifier(装配指定的@Bean)
2.1创建shiro配置类
2.1.1shiro配置类
@Configuration public class ShiroConfig { //ShiroFilterFactoryBean工厂:3 @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); //设置安全管理器 bean.setSecurityManager(defaultWebSecurityManager); //添加shiro内置过滤器 /* * anon:无需认证就能访问 * authc:必须认证才能访问 * user:必须拥有记住我功能才能使用 * perms:拥有对某个资源的权限才能访问 * role:拥有某个角色权限才能访问 * */ Map<String, String> filterMap=new LinkedHashMap<>(); //这里面的路径是请求路径 filterMap.put("/user/add","authc"); filterMap.put("/user/update","authc"); bean.setFilterChainDefinitionMap(filterMap); //设置登录请求 bean.setLoginUrl("/toLogin"); return bean; } //DefaultWebSecurityManager:2 //@Qualifier作用,绑定指定的spring容器里的bean @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //关联userRealm securityManager.setRealm(userRealm); return securityManager; } //创建 realm 对象,需要自定义类 :1 @Bean(name = "userRealm")//被spring容器接管 public UserRealm userRealm(){ return new UserRealm(); } }
2.1.2自定义UserRealm
package com.king.config; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; //自定义的 UserRealm public class UserRealm extends AuthorizingRealm { //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("执行了=>授权AuthorizationInfo"); return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("执行了=>认证AuthenticationInfo"); return null; } }
2.2测试,Controlelr+View
package com.king.controller; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; @Controller public class MyController { //首页 @RequestMapping({"/","/index"}) public String toIndex(Model model){ model.addAttribute("msg","Hello shiro"); return "index"; } @RequestMapping("user/add") public String add(){ return "user/add"; } @RequestMapping("user/update") public String update(){ return "user/update"; } @RequestMapping("toLogin") public String toLogin(){ return "login"; } }
视图