SpringBoot 整合 Shiro 实现登录拦截

一、搭建一个SpringBoot 项目。

二、导入shiro 相关坐标：

 
        <dependency> 
            <groupId>org.apache.shiro</groupId> 
            <artifactId>shiro-spring</artifactId> 
            <version>1.7.1</version> 
        </dependency>

三、与启动类同目录创建config 包：

实现抽象类AuthorizingRealm 中的方法：

 
package com.itmao.config;
 
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
 
//from fhadmin.cn
public class UserRealm extends AuthorizingRealm {
    @Override 
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("执行了doGetAuthorizationInfo方法");
        return null;
    }
 
    @Override 
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        return null;
    }
}

编写配置类：

 
package com.itmao.config;
 
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
 
import java.util.LinkedHashMap;
import java.util.Map;
 
//from  fhadmin.cn
@Configuration
public class ShiroConfig {
 
    // ShiroFilterFactoryBean 
    @Bean 
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
 
        // 设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
 
        // 设置shiro内置过滤器 
        Map<String,String> filterMap = new LinkedHashMap<>();
        /*
        map 中value 的意义
        * anon: 无需认证就可以访问资源；
        * authc：必须认证后才能访问资源；
        * user：必须拥有“记住我”功能才能访问资源；
        * perms：拥有对某个资源的权限才能访问资源；
        * role：拥有某个角色权限才能访问资源
        * **/
        filterMap.put("/user/*","authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
 
        // 设置登录页面url
        shiroFilterFactoryBean.setLoginUrl("/toLogin");
        return shiroFilterFactoryBean;
    }
 
    // DefaultWebSecurityManager 
    @Bean 
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getUserRealm") UserRealm userRealm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
 
//        关联UserRealm
        defaultWebSecurityManager.setRealm(userRealm);
        return defaultWebSecurityManager;
    }
 
    // 创建 realm 对象，需要自定义类 
    @Bean 
    public UserRealm getUserRealm() {
        return  new UserRealm();
    }
}

四、编写测试页面和页面跳转的Controller。

上面设置user 目录下所有资源的访问均需认证后才可访问，未认证访问时，会自动跳转到登录页面，即表示登录拦截成功。

	<dependency>
	<groupId>org.apache.shiro</groupId>
	<artifactId>shiro-spring</artifactId>
	<version>1.7.1</version>
	</dependency>

	package com.itmao.config;

	import org.apache.shiro.authc.AuthenticationException;
	import org.apache.shiro.authc.AuthenticationInfo;
	import org.apache.shiro.authc.AuthenticationToken;
	import org.apache.shiro.authz.AuthorizationInfo;
	import org.apache.shiro.realm.AuthorizingRealm;
	import org.apache.shiro.subject.PrincipalCollection;

	//from fhadmin.cn
	public class UserRealm extends AuthorizingRealm {
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
	System.out.println("执行了doGetAuthorizationInfo方法");
	return null;
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	return null;
	}
	}

	package com.itmao.config;

	import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
	import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
	import org.springframework.beans.factory.annotation.Qualifier;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;

	import java.util.LinkedHashMap;
	import java.util.Map;

	//from fhadmin.cn
	@Configuration
	public class ShiroConfig {

	// ShiroFilterFactoryBean
	@Bean
	public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

	// 设置安全管理器
	shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

	// 设置shiro内置过滤器
	Map<String,String> filterMap = new LinkedHashMap<>();
	/*
	map 中value 的意义
	* anon: 无需认证就可以访问资源；
	* authc：必须认证后才能访问资源；
	* user：必须拥有“记住我”功能才能访问资源；
	* perms：拥有对某个资源的权限才能访问资源；
	* role：拥有某个角色权限才能访问资源
	* **/
	filterMap.put("/user/*","authc");
	shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);

	// 设置登录页面url
	shiroFilterFactoryBean.setLoginUrl("/toLogin");
	return shiroFilterFactoryBean;
	}

	// DefaultWebSecurityManager
	@Bean
	public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getUserRealm") UserRealm userRealm){
	DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();

	// 关联UserRealm
	defaultWebSecurityManager.setRealm(userRealm);
	return defaultWebSecurityManager;
	}

	// 创建 realm 对象，需要自定义类
	@Bean
	public UserRealm getUserRealm() {
	return new UserRealm();
	}
	}