1.继承AuthorizingRealm实现认证(doGetAuthenticationInfo)和授权(doGetAuthorizationInfo)2.Shiro配置UserRealm,DefaultWebSecurityManager,ShiroFilterFactoryBean3,ShiroFilterFactoryBean方法配置认证授权登录UsernamePasswordTokentoken=newUsernamePasswordToken(user.getUserPassword(),(.get.get);Subjectsubject=SecurityUtils.getSubject();subject.login(token);注销Subjectsubject=SecurityUtils.getSubject();subject.logout();1.添加Shiro依赖org.apache.shiroshiro-spring1.4.12.创建ShiroConfig@ConfigurationpublicclassShiroConfig{@BeanpublicShiroFilterFactoryBeanshiroFilterFactoryBean(@Qualifier("manager")DefaultWebSecurityManagerdefaultWebSecurityManager){ShiroFilterFactoryBeanbean=newShiroFilterFactoryBean();bean.setSecurityManager(默认WebSecurityManager);LinkedHashMapmap=newLinkedHashMap<>();//添加shiro内置过滤器/*anon:无需认证即可访问authc:必须认证才能访问某个角色只能访问*///perms需要在authc之前进行认证,然后授权//1、权限授权map.put("/user/selectAll","perms[user:user]");map.put("/user/selectOne","perms[user:add]");//2、认证map.put("/user/*","authc");bean.setFilterChainDefinitionMap(地图);//无认证跳转接口bean.setLoginUrl("/user");//无授权跳转接口bean.setUnauthorizedUrl("/selectPerms");返回豆;}@Bean("manager")publicDefaultWebSecurityManagerdefaultWebSecurityManager(@Qualifier("userRealm")UserRealmuserRealm){DefaultWebSecurityManagermanager=新的DefaultWebSecurityManager();manager.setRealm(userRealm);退货经理;}@Bean("userRealm")publicUserRealmuserRealm(){returnnewUserRealm();}}3.Realm授权认证publicclassUserRealmextendsAuthorizingRealm{@AutowiredprivateUserServiceuserService;@OverrideprotectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){System.out.println("Authorization++++++++++++++++++++++++++++++++++");SimpleAuthorizationInfo信息=newSimpleAuthorizationInfo();//获取认证获得的用户信息Subjectsubject=SecurityUtils.getSubject();用户currentUser=(User)subject.getPrincipal();//设置当前用户的权限info.addStringPermission(currentUser.getPerms());返回信息;}@OverrideprotectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokenauthenticationToken)抛出AuthenticationException{System.out.println("认证++++++++++++++++++++++++++++++++");//接口传入的参数authenticationTokennewUsernamePasswordTokenUsernamePasswordTokentoken=(UsernamePasswordToken)authenticationToken;用户user=userService.selectUser(token.getUsername());//用户不存在,报错if(user==null){returnnull;}//用户分配过去SecurityUtils.getSubject().getPrincipal();获取用户user.getPassword()的值,交给框架验证returnnewSimpleAuthenticationInfo(user,user.getPassword(),"");}}4.LogController@RestControllerpublicclassLoginController{//退出当前登录的用户@GetMapping("/loginOut")publicStringloginOut(){Subjectsubject=SecurityUtils.getSubject();主题.注销();返回“注销”;}@PostMapping("/login")publicStringlogin(@RequestBodyUseruser){UsernamePasswordTokentoken=newUsernamePasswordToken(user.getUser(),user.getPassword());Subjectsubject=SecurityUtils.getSubject();尝试{subject.login(token);返回“登录成功”;}catch(Exceptione){返回“登录失败”;}}@GetMapping("/user")publicStringselectUser(){return"认证拦截";}@GetMapping("/selectPerms")publicStringselectPerms(){return"你没有这个权限";}}5.测试接口@RestController@RequestMapping("/user")publicclassUserController{@AutowiredprivateUserServiceuserService;@GetMapping("/selectAll")publicListselectAll(){returnuserService.selectAll();}@GetMapping("/selectOne")publicListselectOne(){返回userService。全选();}}
