SpringBoot集成Shiro框架

1. 添加依赖

官网上的最新版本

 <dependency>
           <groupId>org.apache.shirogroupId>
           <artifactId>shiro-springartifactId>
           <version>1.7.1version>
       dependency>

2. 配置Shiro，在config中增加Shiro配置类；

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class shiroConfig {
//拦截器
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("manager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilter=new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(defaultWebSecurityManager);
        Map<String,String > filtermap=new LinkedHashMap<>();
//        添加需要拦截的url，需要认证才能访问
//        filtermap.put("/","authc");

        shiroFilter.setFilterChainDefinitionMap(filtermap);
        //认证（登录）界面
         shiroFilter.setLoginUrl("/touserlogin");
         
        return shiroFilter;
   }
//Shiro中的DefaultWebSecurityManager需要一个Realm，把自己的自定义Realm（对用户进行授权和认证）
//加入到securityManager中
    @Bean(name="manager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("UserRealm") UserRealm UserRealm){
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
        securityManager.setRealm(UserRealm);
        return securityManager;
    }

//自定义的Realm对象,在对象内进行授权认证功能
    @Bean(name="UserRealm")
    public UserRealm getblogUserRealm(){
        return new UserRealm();
    }

}

3.## 自定义Realm对象

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.lsp.community.Service.UserService;
import com.lsp.community.pojo.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;

import javax.servlet.http.HttpSession;

public class UserRealm extends AuthorizingRealm {
   @Autowired
   UserService userService;

   @Override
   //授权
   protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection Collection) {
     //这里可以通过数据库获取用户角色权限，然后给用户添加角色权限
      SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
       authorizationInfo.addRole("hello");
       authorizationInfo.addStringPermission("insert");
       SecurityUtils.getSubject().getSession().setAttribute("permissions", "insert");
       return authorizationInfo;
    
   }

   @Override
//认证
   protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken Token) throws AuthenticationException {
   //获得token（令牌）
       UsernamePasswordToken token = (UsernamePasswordToken) Token;
       //验证用户
           String username= token.getUsername();
          QueryWrapper<User> wrapper=new QueryWrapper<>();
           wrapper.eq("username",username);
           User blogUser = userService.getOne(wrapper);
           if (blogUser==null) {
           //用户为空则表示账号错误,返回为空则会抛出UnknownAccountException e，需要在认证时进行捕获
               return null;
           }
           //对密码进行验证，密码不匹配则会抛出IncorrectCredentialsException e
           return new SimpleAuthenticationInfo("",blogUser.getUserpassword(), "");
   }
}

3. 认证页面

    Subject subject= SecurityUtils.getSubject();
        UsernamePasswordToken token =new UsernamePasswordToken(username,password);
        try {
            subject.login(token);
            
        }catch (UnknownAccountException e){
              //账号不存在时，
        }catch (IncorrectCredentialsException ex){
         //密码错误时
        }
        //获取用户角色权限进行判断
        //SecurityUtils.getSubject().hasRole("hello")
        //SecurityUtils.getSubject().isPermitted("insert")

SpringBoot集成Shrio还是很简单的，只需要简单的配置就行了