Spring Boot integrates Shiro permission verification framework for reference:
Shiro.apache.org/spring-boot…
Introduction of depend on
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web-starter</artifactId> The < version > 1.4.0 < / version > < / dependency >Copy the code
Configure Shiro
ShiroConfig:
@ConfigurationProperties(prefix = "shiro")
@Configuration
public class ShiroConfig {
@Autowired
private ApplicationConfig applicationConfig;
private List<String> pathDefinitions;
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new
DefaultShiroFilterChainDefinition();
applicationConfig.getStaticDirs()
.forEach(s -> chainDefinition.addPathDefinition(s, "anon"));
this.getPathDefinitions().forEach(d -> {
String[] defArr = d.split("=");
chainDefinition
.addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1]));
});
return chainDefinition;
}
@Bean
public Realm systemRealm() {
SystemRealm systemRealm = new SystemRealm();
return systemRealm;
}
public List<String> getPathDefinitions() {
return pathDefinitions;
}
public void setPathDefinitions(List<String> pathDefinitions) {
this.pathDefinitions = pathDefinitions;
}
}
Copy the code
ApplicationConfig: The configuration in application.yml is injected.
SystemRealm:
public class SystemRealm extends AuthorizingRealm { @Autowired private SysAdminMapper sysAdminMapper; @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray ()); SysAdminDO sysAdminParams = new SysAdminDO(); sysAdminParams.setAdminLoginName(token.getUsername()); SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams); AuthenticationInfo authInfo = null; if (sysAdminDO ! = null) { authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(), getName()); } return authInfo; } Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection PrincipalCollection) {/** * According to the corresponding permission to modify the user corresponding roles, permissions, * * according to user's query/SysAdminDO SysAdminDO = (SysAdminDO) super. GetAvailablePrincipal (principalCollection); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); Set<String> roles = new HashSet<>(); roles.addAll(Arrays.asList("product", "operation")); authorizationInfo.setRoles(roles); Set<String> permissions = new HashSet<>(); permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update")); authorizationInfo.addStringPermissions(permissions); return authorizationInfo; }}Copy the code
Application configuration
Add Shiro configuration to application.yml.
shiro:
loginUrl: /login
successUrl: /
unauthorizedUrl: /error
pathDefinitions:
- /login/submit = anon
- /logout = logout
- /test = authc, roles[product], perms[operation:update]
- /** = authc
Copy the code
LoginUrl: Those without authentication will jump to the login page.
SuccessUrl: Indicates the page to which authentication succeeds.
UnauthorizedUrl: indicates the page to which the authentication fails.
PathDefinitions: Defines path authorization rules.
More parameters refer to the official website definition:
Shiro.apache.org/spring-boot…
Login Service Class
@Override public SysAdminDO login(LoginForm form) { UsernamePasswordToken token = new UsernamePasswordToken(form.getLoginName(), form.getLoginPassword()); token.setRememberMe(true); Subject currentUser = getSubject(); try { currentUser.login(token); } catch (Exception e) {logger.error(" login failed: ", e); } return (SysAdminDO) currentUser.getPrincipal(); }Copy the code
Built-in filter
Anno, Authc, etc.
org.apache.shiro.web.filter.mgt.DefaultFilter
Copy the code
Official website definition:
Shiro.apache.org/web.html#de…
Shiro reference Manual hd version, please reply qq group in the public account menu, in the group file technology tutorial folder download.
Recommended reading
Dry goods: 2TB architect four-stage video tutorial
Interview: the most complete Java multithreaded interview questions and answers
Interview: the most comprehensive ali advanced Java interview questions in history
Interview: The most complete Spring interview questions in history
Tutorial: The most complete Spring Boot complete video tutorial
Books: 15 must-read books for advanced Java architects
Tools: Recommended an online creation flow chart, mind mapping software
Share Java dry goods, high concurrency programming, hot technology tutorials, microservices and distributed technology, architecture design, blockchain technology, artificial intelligence, big data, Java interview questions, and cutting-edge hot news.