引用
项目启动后输入:http://localhost/
该项目中, 增加了对url的拦截URLPermissionsFilter,
用admin/123456,拥有index权限reports未任何权限, lance/123456尚未分配任何权限.
1.Pom依赖
Xml代码
- <shiro.version>1.2.5</shiro.version>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- <version>${shiro.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-web</artifactId>
- <version>${shiro.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-ehcache</artifactId>
- <version>${shiro.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-spring</artifactId>
- <version>${shiro.version}</version>
- </dependency>
- <parent>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-parent</artifactId>
- <version>1.3.5.RELEASE</version>
- </parent>
<shiro.version>1.2.5</shiro.version>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.5.RELEASE</version>
</parent>
2.Shiro配置
Java代码
- @Configuration
- public class ShiroConfig {
- /**
- * FilterRegistrationBean
- * @return
- */
- @Bean
- public FilterRegistrationBean filterRegistrationBean() {
- FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
- filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
- filterRegistration.setEnabled(true);
- filterRegistration.addUrlPatterns("/*");
- filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
- return filterRegistration;
- }
- /**
- * @see org.apache.shiro.spring.web.ShiroFilterFactoryBean
- * @return
- */
- @Bean(name = "shiroFilter")
- public ShiroFilterFactoryBean shiroFilter(){
- ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
- bean.setSecurityManager(securityManager());
- bean.setLoginUrl("/login");
- bean.setUnauthorizedUrl("/unauthor");
- Map<String, Filter>filters = Maps.newHashMap();
- filters.put("perms", urlPermissionsFilter());
- filters.put("anon", new AnonymousFilter());
- bean.setFilters(filters);
- Map<String, String> chains = Maps.newHashMap();
- chains.put("/login", "anon");
- chains.put("/unauthor", "anon");
- chains.put("/logout", "logout");
- chains.put("/base/**", "anon");
- chains.put("/css/**", "anon");
- chains.put("/layer/**", "anon");
- chains.put("/**", "authc,perms");
- bean.setFilterChainDefinitionMap(chains);
- return bean;
- }
- /**
- * @see org.apache.shiro.mgt.SecurityManager
- * @return
- */
- @Bean(name="securityManager")
- public DefaultWebSecurityManager securityManager() {
- DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
- manager.setRealm(userRealm());
- manager.setCacheManager(cacheManager());
- manager.setSessionManager(defaultWebSessionManager());
- return manager;
- }
- /**
- * @see DefaultWebSessionManager
- * @return
- */
- @Bean(name="sessionManager")
- public DefaultWebSessionManager defaultWebSessionManager() {
- DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
- sessionManager.setCacheManager(cacheManager());
- sessionManager.setGlobalSessionTimeout(1800000);
- sessionManager.setDeleteInvalidSessions(true);
- sessionManager.setSessionValidationSchedulerEnabled(true);
- sessionManager.setDeleteInvalidSessions(true);
- return sessionManager;
- }
- /**
- * @see UserRealm--->AuthorizingRealm
- * @return
- */
- @Bean
- @DependsOn(value="lifecycleBeanPostProcessor")
- public UserRealm userRealm() {
- UserRealm userRealm = new UserRealm();
- userRealm.setCacheManager(cacheManager());
- return userRealm;
- }
- @Bean
- public URLPermissionsFilter urlPermissionsFilter() {
- return new URLPermissionsFilter();
- }
- @Bean
- public EhCacheManager cacheManager() {
- EhCacheManager cacheManager = new EhCacheManager();
- cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
- return cacheManager;
- }
- @Bean
- public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
- return new LifecycleBeanPostProcessor();
- }
- }
@Configuration
public class ShiroConfig {
/**
* FilterRegistrationBean
* @return
*/
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
return filterRegistration;
}
/**
* @see org.apache.shiro.spring.web.ShiroFilterFactoryBean
* @return
*/
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager());
bean.setLoginUrl("/login");
bean.setUnauthorizedUrl("/unauthor");
Map<String, Filter>filters = Maps.newHashMap();
filters.put("perms", urlPermissionsFilter());
filters.put("anon", new AnonymousFilter());
bean.setFilters(filters);
Map<String, String> chains = Maps.newHashMap();
chains.put("/login", "anon");
chains.put("/unauthor", "anon");
chains.put("/logout", "logout");
chains.put("/base/**", "anon");
chains.put("/css/**", "anon");
chains.put("/layer/**", "anon");
chains.put("/**", "authc,perms");
bean.setFilterChainDefinitionMap(chains);
return bean;
}
/**
* @see org.apache.shiro.mgt.SecurityManager
* @return
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(userRealm());
manager.setCacheManager(cacheManager());
manager.setSessionManager(defaultWebSessionManager());
return manager;
}
/**
* @see DefaultWebSessionManager
* @return
*/
@Bean(name="sessionManager")
public DefaultWebSessionManager defaultWebSessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setCacheManager(cacheManager());
sessionManager.setGlobalSessionTimeout(1800000);
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionValidationSchedulerEnabled(true);
sessionManager.setDeleteInvalidSessions(true);
return sessionManager;
}
/**
* @see UserRealm--->AuthorizingRealm
* @return
*/
@Bean
@DependsOn(value="lifecycleBeanPostProcessor")
public UserRealm userRealm() {
UserRealm userRealm = new UserRealm();
userRealm.setCacheManager(cacheManager());
return userRealm;
}
@Bean
public URLPermissionsFilter urlPermissionsFilter() {
return new URLPermissionsFilter();
}
@Bean
public EhCacheManager cacheManager() {
EhCacheManager cacheManager = new EhCacheManager();
cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
return cacheManager;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
3.完整项目参考
https://github.com/leelance/spring-boot-all/tree/master/spring-boot-shiro