zmzmmf 2020-04-23
Java项目的安全框架一般使用 shiro 与 spring security
具体怎么选择可以参考文章:安全框架 Shiro 和 Spring Security 如何选择
我这里选择使用Shiro
创建SpringBoot项目
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> ? <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.5.1</version> </dependency> ? <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> <version>2.2.5.RELEASE</version> </dependency>
需要继承 AuthorizingRealm
package com.zy.config; ? import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; ? public class UserRealm extends AuthorizingRealm { ? //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("执行了=>授权doGetAuthorizationInfo"); return null; } ? //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("执行了=>认证doGetAuthenticationInfo"); return null; } }
创建realm对象
//创建realm对象(步骤1) @Bean(name = "userRealm") public UserRealm userRealm(){ return new UserRealm(); }
DefaultWebSecurityManager
--> import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
//DefaultWebSecurityManager(步骤2) @Bean(name = "defaultWebSecurityManager") public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ ? DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager(); securityManager.setRealm(userRealm()); return securityManager; ? }
ShiroFilterFactoryBean
//ShiroFilterFactoryBean(步骤3) @Bean(name = "shiroFilterFactoryBean") //@Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean(); ? bean.setSecurityManager(defaultWebSecurityManager); return bean; }
package com.zy.config; ? import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; ? @Configuration public class ShiroConfig { ? //ShiroFilterFactoryBean(步骤3) @Bean(name = "shiroFilterFactoryBean") //@Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean(); ? bean.setSecurityManager(defaultWebSecurityManager); return bean; } ? //DefaultWebSecurityManager(步骤2) @Bean(name = "defaultWebSecurityManager") public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ ? DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager(); securityManager.setRealm(userRealm()); return securityManager; ? } ? //创建realm对象(步骤1) @Bean(name = "userRealm") public UserRealm userRealm(){ return new UserRealm(); } ? }
index.html
<!DOCTYPE html> <html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> ? <h1>首页</h1> <p th:text="${msg}"></p> ? <a th:href="@{/user/add}">add</a> | <a th:href="@{/user/update}">update</a> ? </body> </html>
对应Controller
@RequestMapping({"/","/index"}) public String toIndex(Model model){ model.addAttribute("msg","HelloShiro"); ? return "index"; }
add.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> ? <h1>add</h1> ? </body> </html>
对应Controller
@RequestMapping("/user/add") public String add(){ ? return "user/add"; }
update.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> ? <h1>update</h1> ? </body> </html>
对应Controller
@RequestMapping("/user/update") public String update(){ ? return "user/update"; }
package com.zy.controller; ? import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; ? @Controller public class MyController { ? @RequestMapping({"/","/index"}) public String toIndex(Model model){ model.addAttribute("msg","HelloShiro"); ? return "index"; } ? @RequestMapping("/user/add") public String add(){ ? return "user/add"; } ? @RequestMapping("/user/update") public String update(){ ? return "user/update"; } }
测试成功,搭建完成