Version: Next
SpirngBoot整合Shiro
基本环境搭建
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
导入模板引擎——freemarker
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
导入Druid依赖
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.21</version>
</dependency>
application.yaml添加freemarker基本设置、设置数据源设置
spring:
freemarker:
cache: false # 缓存配置 开发阶段应该配置为false 因为经常会改
suffix: .ftl # 模版后缀名 默认为ftl / 还是用ftl吧,html没freemarker语法提示
charset: UTF-8 # 文件编码
template-loader-path: classpath:/templates/
datasource:
username: root
password: root
#?serverTimezone=UTC解决时区的报错
url: jdbc:mysql://localhost:3306/test?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
driver-class-name: com.mysql.jdbc.Driver
type: com.alibaba.druid.pool.DruidDataSource # 配置使用Druid数据源
#Spring Boot 默认是不注入这些属性值的,需要自己绑定
#druid 数据源专有配置
initialSize: 5
minIdle: 5
maxActive: 20
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
#配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入
#如果允许时报错 java.lang.ClassNotFoundException: org.apache.log4j.Priority
#则导入 log4j 依赖即可,Maven 地址:ttps://mvnrepository.com/artifact/log4j/log4j
filters: stat,wall,log4j
maxPoolPreparedStatementPerConnectionSize: 20
useGlobalDataSourceStat: true
connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
- Controller
@Controller
public class HelloController {
@RequestMapping({"/index", "/"})
public String toIndex(Model model) {
model.addAttribute("msg", "Hello shiro _ freemarker");
return "index";
}
}
index.ftl
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
首页<br>
${msg}
</body>
</html>
整合Shiro
编写配置类
三大要素:
ShiroFilterFactoryBean(Subject)DefaultWebSecurityManager- 创建realm对象
写的时候,倒着写,先从3开始
- 自定义Realm
- 继承
AuthorizingRealm,重写方法AuthorizationInfo——授权AuthenticationInfo——认证
- 继承
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了<<授权>>方法");
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行了<<认证>>方法");
return null;
}
}
- 配置类
- Shiro配置类是一个Spring配置类
- 在里面注册刚才自定义的
UserRealm的Bean - 创建
DefaultWebSecurityManager- 注入
userRealm对象
- 注入
- 创建
ShiroFilterFactoryBean- 注入
DefaultWebSecurityManager
- 注入
@Configuration
public class ShiroConfig {
//注入自定义realm,方法名即Bean名
@Bean
public UserRealm userRealm() {
return new UserRealm();
}
//DefaultWebSecurityManager
@Bean
public DefaultSecurityManager defaultSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
//关联Realm
defaultSecurityManager.setRealm(userRealm);
return defaultSecurityManager;
}
//shiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultSecurityManager defaultSecurityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultSecurityManager);
return shiroFilterFactoryBean;
}
}