前言
前置知识学习中,主要是学学shiro怎么用,这里简单搭建一个springboot+shiro的项目。
环境搭建
通过IDEA New Project中的Spring Initializr新建一个项目,依赖部分勾选Spring Web及模板引擎Thymeleaf。
下载依赖的时候遇到一些问题,插件装不上:
Cannot resolve plugin org.springframework.boot:spring-boot-maven-plugin:2.5.5
看看缺失的插件,然后在pom文件中加上对应的版本号:
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.5.5</version>
</plugin>
</plugins>
</build>
新建好控制器类,正常启动后加入shiro依赖:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.8.0</version>
</dependency>
shiro
主要看看身份认证和访问控制的功能。
首先要创建一个配置类,在config包下新建一个MyShiroConfig类:
package com.example.shiro.Config;
import com.example.shiro.Realm.MyRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class MyShiroConfig {
@Bean
public ShiroFilterFactoryBean myShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
map.put("/shiro", "authc");
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
@Bean
public DefaultWebSecurityManager myDefaultWebSecurityManager(Realm realm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
@Bean
public Realm myRealm() {
return new MyRealm();
}
}
和一个自定义的认证类:
package com.example.shiro.Realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
return null;
}
}
看起来控制访问已经实现了,接下来实现身份认证。
稍微修改一下Realm,加上密码认证方式就成:
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String username = (String) authenticationToken.getPrincipal();
if (username.equals("Twings")) {
return new SimpleAuthenticationInfo(username, "123456", getName());
}
return null;
}
不过看起来这个版本shiro的认证信息用session保存了,而不是加密之后存放在cookie中。
后记
这些Bean注入到哪里去了,还有Shiro在spring boot中具体的工作原理后面再看。
参考
https://blog.csdn.net/Yearingforthefuture/article/details/117384035