当前位置: 移动技术网 > IT编程>开发语言>Java > spring boot集成shiro详细教程(小结)

spring boot集成shiro详细教程(小结)

2019年07月19日  | 移动技术网IT编程  | 我要评论

我们开发时候有时候要把传统spring shiro转成spring boot项目,或者直接集成,name我们要搞清楚一个知识,就是 xml配置和spring bean代码配置的关系,这一点很重要,因为spring boot是没有xml配置文件的(也不绝对,spring boot也是可以引用xml配置的)

引入依赖:

  <dependency>
   <artifactid>ehcache-core</artifactid>
   <groupid>net.sf.ehcache</groupid>
   <version>2.5.0</version>
  </dependency>
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-ehcache</artifactid>
   <version>1.2.2</version>
  </dependency>

  <dependency>
     <groupid>org.slf4j</groupid>
     <artifactid>slf4j-api</artifactid>
     <version>1.7.25</version>
  </dependency>  
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-core</artifactid>
   <version>1.2.3</version>
  </dependency>
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-web</artifactid>
   <version>1.2.3</version>
  </dependency>
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-spring</artifactid>
   <version>1.2.3</version>
  </dependency>

如果你出现错误 找不到slf4j,引入依赖

<dependency>
   <groupid>org.slf4j</groupid>
   <artifactid>slf4j-log4j12</artifactid>
   <version>1.7.25</version>
</dependency>

传统xml配置如下:

<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:aop="http://www.springframework.org/schema/aop"
 xmlns:tx="http://www.springframework.org/schema/tx"
 xsi:schemalocation="http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans.xsd
 http://www.springframework.org/schema/context
 http://www.springframework.org/schema/context/spring-context.xsd
 http://www.springframework.org/schema/aop
 http://www.springframework.org/schema/aop/spring-aop.xsd
 http://www.springframework.org/schema/tx
 http://www.springframework.org/schema/tx/spring-tx.xsd">
 <context:component-scan base-package="com.len"/>
 <!--定义realm-->
 <bean id="myrealm" class="com.len.core.shiro.loginrealm">
  <property name="credentialsmatcher" ref="credentialsmatcher"/>
 </bean>
 <bean id="permissionfilter" class="com.len.core.filter.permissionfilter"/>
 <!--目前去掉自定义拦截验证 由个人处理登录业务-->
 <!--<bean id="customadvicfilter" class="com.len.core.filter.customadvicfilter">
  <property name="failurekeyattribute" value="shirologinfailure"/>
 </bean>-->
 <bean id="verfitycodefilter" class="com.len.core.filter.verfitycodefilter">
  <property name="failurekeyattribute" value="shirologinfailure"/>
  <property name="jcaptchaparam" value="code"/>
  <property name="verfiticode" value="true"/>
 </bean>
 <!-- shiro过滤器 -->
 <bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean">
  <property name="securitymanager" ref="securitymanager"/>
 <property name="loginurl" value="/login"/>
  <property name="unauthorizedurl" value="/gologin" />
  <property name="filters">
   <map>
    <entry key="per" value-ref="permissionfilter"/>
    <entry key="vercode" value-ref="verfitycodefilter"/>
    <!--<entry key="main" value-ref="customadvicfilter"/>-->
   </map>
  </property>
  <property name="filterchaindefinitions">
   <value>
    <!-- /** = anon所有url都可以匿名访问 -->
    /login = vercode,anon
    /getcode = anon
    /logout = logout
    /plugin/** = anon
    <!-- /** = authc 所有url都必须认证通过才可以访问-->
    /user/**=per
    <!-- /login = main-->
    /** = authc
   </value>
  </property>
 </bean>

 <!--安全管理器-->
 <bean id="securitymanager" class="org.apache.shiro.web.mgt.defaultwebsecuritymanager">
  <property name="realm" ref="myrealm"/>
  <property name="cachemanager" ref="cachemanager" />
  <!--<property name="remembermemanager" ref="remembermemanager" />-->
 </bean>

 <!-- 凭证匹配器 -->
 <bean id="credentialsmatcher"
  class="com.len.core.shiro.retrylimitcredentialsmatcher">
  <constructor-arg index="0" ref="cachemanager"/>
  <constructor-arg index="1" value="5"/>
  <property name="hashalgorithmname" value="md5"/>
  <property name="hashiterations" value="4"/>
 </bean>
 <!--缓存-->
 <bean id="cachemanager" class="org.apache.shiro.cache.ehcache.ehcachemanager">
  <property name="cachemanagerconfigfile" value="classpath:ehcache/ehcache.xml"/>
 </bean>


 <!--开启注解-->
 <bean class="org.apache.shiro.spring.security.interceptor.authorizationattributesourceadvisor">
  <property name="securitymanager" ref="securitymanager" />
 </bean>

 <bean id="lifecyclebeanpostprocessor" class="org.apache.shiro.spring.lifecyclebeanpostprocessor" />
</beans>

转换成bean 新建类shiroconfig

@configuration
public class shiroconfig {
 @bean
 public retrylimitcredentialsmatcher getretrylimitcredentialsmatcher(){
  retrylimitcredentialsmatcher rm=new retrylimitcredentialsmatcher(getcachemanager(),"5");
  rm.sethashalgorithmname("md5");
  rm.sethashiterations(4);
  return rm;

 }
 @bean
 public loginrealm getloginrealm(){
  loginrealm realm= new loginrealm();
  realm.setcredentialsmatcher(getretrylimitcredentialsmatcher());
  return realm;
 }

 @bean
 public ehcachemanager getcachemanager(){
  ehcachemanager ehcachemanager=new ehcachemanager();
  ehcachemanager.setcachemanagerconfigfile("classpath:ehcache/ehcache.xml");
  return ehcachemanager;
 }

 @bean
 public lifecyclebeanpostprocessor getlifecyclebeanpostprocessor() {
  return new lifecyclebeanpostprocessor();
 }

 @bean(name="securitymanager")
 public defaultwebsecuritymanager getdefaultwebsecuritymanager(){
  defaultwebsecuritymanager dwm=new defaultwebsecuritymanager();
  dwm.setrealm(getloginrealm());
  dwm.setcachemanager(getcachemanager());
  return dwm;
 }

 @bean
 public permissionfilter getpermissionfilter(){
  permissionfilter pf=new permissionfilter();
  return pf;
 }

 @bean
 public verfitycodefilter getverfitycodefilter(){
  verfitycodefilter vf= new verfitycodefilter();
  vf.setfailurekeyattribute("shirologinfailure");
  vf.setjcaptchaparam("code");
  vf.setverfiticode(true);
  return vf;
 }

 @bean(name = "shirofilter")
 public shirofilterfactorybean getshirofilterfactorybean(){
  shirofilterfactorybean sfb = new shirofilterfactorybean();
  sfb.setsecuritymanager(getdefaultwebsecuritymanager());
  sfb.setloginurl("/login");
  sfb.setunauthorizedurl("/gologin");
  map<string, filter> filters=new hashmap<>();
  filters.put("per",getpermissionfilter());
  filters.put("vercode",getverfitycodefilter());
  sfb.setfilters(filters);
  map<string, string> filtermap = new linkedhashmap<>();
  filtermap.put("/login","vercode,anon");
  //filtermap.put("/login","anon");
  filtermap.put("/getcode","anon");
  filtermap.put("/logout","logout");
  filtermap.put("/plugin/**","anon");
  filtermap.put("/user/**","per");
  filtermap.put("/**","authc");
  sfb.setfilterchaindefinitionmap(filtermap);
  return sfb;
 }

 @bean
 public defaultadvisorautoproxycreator advisorautoproxycreator() {
  defaultadvisorautoproxycreator advisorautoproxycreator = new defaultadvisorautoproxycreator();
  advisorautoproxycreator.setproxytargetclass(true);
  return advisorautoproxycreator;
 }

 @bean
 public authorizationattributesourceadvisor getauthorizationattributesourceadvisor(){
  authorizationattributesourceadvisor as=new authorizationattributesourceadvisor();
  as.setsecuritymanager(getdefaultwebsecuritymanager());
  return as;
 }

 @bean
 public filterregistrationbean delegatingfilterproxy(){
  filterregistrationbean filterregistrationbean = new filterregistrationbean();
  delegatingfilterproxy proxy = new delegatingfilterproxy();
  proxy.settargetfilterlifecycle(true);
  proxy.settargetbeanname("shirofilter");
  filterregistrationbean.setfilter(proxy);
  return filterregistrationbean;
 }

其中有个别类是自定义的拦截器和 realm,此时spring 即能注入shiro 也就是 spring boot集成上了 shiro

如果你因为其他配置引起一些失败,可以参考开源项目 lenos快速开发脚手架 spring boot版本,其中有对shiro的集成,可以用来学习

地址:

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。

您可能感兴趣的文章:

如对本文有疑问, 点击进行留言回复!!

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网