springboot集成shiro的示例分析

我们开发时候有时候要把传统spring shiro转成spring boot项目,或者直接集成,name我们要搞清楚一个知识,就是 xml配置和spring bean代码配置的关系,这一点很重要,因为spring boot是没有xml配置文件的(也不绝对,spring boot也是可以引用xml配置的)

引入依赖:

<dependency>

<artifactId>ehcache-core</artifactId>

<groupId>net.sf.ehcache</groupId>

<version>2.5.0</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-ehcache</artifactId>

<version>1.2.2</version>

</dependency>

<dependency>

  <groupId>org.slf4j</groupId>

  <artifactId>slf4j-api</artifactId>

  <version>1.7.25</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-core</artifactId>

<version>1.2.3</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-web</artifactId>

<version>1.2.3</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-spring</artifactId>

<version>1.2.3</version>

</dependency>

如果你出现错误 找不到slf4j,引入依赖

<dependency>

  <groupId>org.slf4j</groupId>

  <artifactId>slf4j-log4j12</artifactId>

  <version>1.7.25</version>

</dependency>

传统xml配置如下:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:context="http://www.springframework.org/schema/context"

xmlns:aop="http://www.springframework.org/schema/aop"

xmlns:tx="http://www.springframework.org/schema/tx"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/context

http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/aop

http://www.springframework.org/schema/aop/spring-aop.xsd

http://www.198bona.com

http://www.springframework.org/schema/tx/spring-tx.xsd">

<context:component-scan base-package="com.len"/>

<!--定义realm-->

<bean id="myRealm" class="com.len.core.shiro.LoginRealm">

<property name="credentialsMatcher" ref="credentialsMatcher"/>

</bean>

<bean id="permissionFilter" class="com.len.core.filter.PermissionFilter"/>

<!--目前去掉自定义拦截验证 由个人处理登录业务-->

<!--<bean id="customAdvicFilter" class="com.len.core.filter.CustomAdvicFilter">

<property name="failureKeyAttribute" value="shiroLoginFailure"/>

</bean>-->

<bean id="verfityCodeFilter" class="com.len.core.filter.VerfityCodeFilter">

<property name="failureKeyAttribute" value="shiroLoginFailure"/>

<property name="jcaptchaParam" value="code"/>

<property name="verfitiCode" value="true"/>

</bean>

<!-- Shiro过滤器 -->

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<property name="securityManager" ref="securityManager"/>

<property name="loginUrl" value="/login"/>

<property name="unauthorizedUrl" value="/goLogin" />

<property name="filters">

<map>

<entry key="per" value-ref="permissionFilter"/>

<entry key="verCode" value-ref="verfityCodeFilter"/>

<!--<entry key="main" value-ref="customAdvicFilter"/>-->

</map>

</property>

<property name="filterChainDefinitions">

<value>

<!-- /** = anon所有url都可以匿名访问 -->

/login = verCode,anon

/getCode = anon

/logout = logout

/plugin/** = anon

<!-- /** = authc 所有url都必须认证通过才可以访问-->

/user/**=per

<!-- /login = main-->

/** = authc

</value>

</property>

</bean>

<!--安全管理器-->

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

<property name="realm" ref="myRealm"/>

<property name="cacheManager" ref="cacheManager" />

<!--<property name="rememberMeManager" ref="rememberMeManager" />-->

</bean>

<!-- 凭证匹配器 -->

<bean id="credentialsMatcher"

class="com.len.core.shiro.RetryLimitCredentialsMatcher">

<constructor-arg index="0" ref="cacheManager"/>

<constructor-arg index="1" value="5"/>

<property name="hashAlgorithmName" value="md5"/>

<property name="hashIterations" value="4"/>

</bean>

<!--缓存-->

<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">

<property name="cacheManagerConfigFile" value="classpath:ehcache/ehcache.xml"/>

</bean>

<!--开启注解-->

<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">

<property name="securityManager" ref="securityManager" />

</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

</beans>

转换成bean 新建类ShiroConfig

@Configuration

public class ShiroConfig {

@Bean

public RetryLimitCredentialsMatcher getRetryLimitCredentialsMatcher(){

RetryLimitCredentialsMatcher rm=new RetryLimitCredentialsMatcher(getCacheManager(),"5");

rm.setHashAlgorithmName("md5");

rm.setHashIterations(4);

return rm;

}

@Bean

public LoginRealm getLoginRealm(){

LoginRealm realm= new LoginRealm();

realm.setCredentialsMatcher(getRetryLimitCredentialsMatcher());

return realm;

}

@Bean

public EhCacheManager getCacheManager(){

EhCacheManager ehCacheManager=new EhCacheManager();

ehCacheManager.setCacheManagerConfigFile("classpath:ehcache/ehcache.xml");

return ehCacheManager;

}

@Bean

public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {

return new LifecycleBeanPostProcessor();

}

@Bean(name="securityManager")

public DefaultWebSecurityManager getDefaultWebSecurityManager(){

DefaultWebSecurityManager dwm=new DefaultWebSecurityManager();

dwm.setRealm(getLoginRealm());

dwm.setCacheManager(getCacheManager());

return dwm;

}

@Bean

public PermissionFilter getPermissionFilter(){

PermissionFilter pf=new PermissionFilter();

return pf;

}

@Bean

public VerfityCodeFilter getVerfityCodeFilter(){

VerfityCodeFilter vf= new VerfityCodeFilter();

vf.setFailureKeyAttribute("shiroLoginFailure");

vf.setJcaptchaParam("code");

vf.setVerfitiCode(true);

return vf;

}

@Bean(name = "shiroFilter")

public ShiroFilterFactoryBean getShiroFilterFactoryBean(){

ShiroFilterFactoryBean sfb = new ShiroFilterFactoryBean();

sfb.setSecurityManager(getDefaultWebSecurityManager());

sfb.setLoginUrl("/login");

sfb.setUnauthorizedUrl("/goLogin");

Map<String, Filter> filters=new HashMap<>();

filters.put("per",getPermissionFilter());

filters.put("verCode",getVerfityCodeFilter());

sfb.setFilters(filters);

Map<String, String> filterMap = new LinkedHashMap<>();

filterMap.put("/login","verCode,anon");

//filterMap.put("/login","anon");

filterMap.put("/getCode","anon");

filterMap.put("/logout","logout");

filterMap.put("/plugin/**","anon");

filterMap.put("/user/**","per");

filterMap.put("/**","authc");

sfb.setFilterChainDefinitionMap(filterMap);

return sfb;

}

@Bean

public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {

DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();

advisorAutoProxyCreator.setProxyTargetClass(true);

return advisorAutoProxyCreator;

}

@Bean

public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(){

AuthorizationAttributeSourceAdvisor as=new AuthorizationAttributeSourceAdvisor();

as.setSecurityManager(getDefaultWebSecurityManager());

return as;

}

@Bean

public FilterRegistrationBean delegatingFilterProxy(){

FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();

DelegatingFilterProxy proxy = new DelegatingFilterProxy();

proxy.setTargetFilterLifecycle(true);

proxy.setTargetBeanName("shiroFilter");

filterRegistrationBean.setFilter(proxy);

return filterRegistrationBean;

}

其中有个别类是自定义的拦截器和 realm,此时spring 即能注入shiro 也就是 spring boot集成上了 shiro

如果你因为其他配置引起一些失败,可以参考开源项目 lenos快速开发脚手架 spring boot版本,其中有对shiro的集成。

(0)

相关推荐

  • spring boot 整合 shiro 权限框架

    spring boot 整合 shiro 权限框架

  • Spring整合MyBatis

    Spring整合MyBatis

  • 搜索引擎springboot集成(elasticSearch)

    各位小伙伴们,今天是今年的最后一天,这是我今年的最后一篇博客,在这里祝大家新年快乐!本次讲的是近几年比较流行的search搜索引擎,本文写的比较粗略,希望大家看了会有所收获,如若写错,请在评论区指出, ...

  • Spring Boot 极简集成 Shiro

    程序员涨点薪吧 今天1. 前言Apache Shiro是一个功能强大且易于使用的Java安全框架,提供了认证,授权,加密,和会话管理. Shiro有三大核心组件:Subject:即当前用户,在权限管理 ...

  • 高中英语写作必备表述,4大主题(示例分析 仿写)

    教育部提出,高考要体现"一点四面"的基本原则."一点"就是要在高考当中体现立德树人,"四面"是指要在高考当中体现核心价值.传统文化.依法治国 ...

  • dubbo实战之二:与SpringBoot集成

    欢迎访问我的GitHub https://github.com/zq2599/blog_demos 内容:所有原创文章分类汇总及配套源码,涉及Java.Docker.Kubernetes.DevOPS ...

  • 人体动态与关节间的运动示例分析!

    人体动态与关节间的运动示例分析!

  • LM324集成芯片内部电路分析与典型应用.doc

    摘 要:通过查阅芯片手册和运放电路应用的相关资料,对LM324芯片的内部电路进行了分析.本文主要论述LM324芯片内部电路工作原理,分解各功能单元,对相关单元电路进行定性分析,设计通信专业中常用的简单 ...

  • AIoT是什么?AIoT示例分析

    什么是IoT? 它是一个不同于Internet的网络,主要工作就是将所有能行使独立功能的普通物体实现互联互通,做的就是"连接". 在IoT场景下,工厂内的人们端坐电脑前就能够看到摄 ...

  • SpringBoot整合Shiro权限框架实战

    什么是ACL和RBAC ACL Access Control list:访问控制列表 优点:简单易用,开发便捷 缺点:用户和权限直接挂钩,导致在授予时的复杂性,比较分散,不便于管理 例子:常见的文件系 ...

  • SpringBoot集成Redis

    根据学生 id 查询学生的功能,先从 redis 缓存中查找,如果找不到,再从数据库中查找,然后放到 redis 缓存中 一.通过 MyBatis 逆向工程生成实体 bean 和数据持久层 具体过程看 ...