一、shiro整合springboot之jsp页面的权限控制

1、引入shiro依赖

<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-starter</artifactId> <version>1.5.3</version> </dependency>

2、创建shiro配置类和自定义realm

package com.yzs.demo.config; import com.yzs.demo.shiro.realm.CustomerRealm; import org.apache.shiro.realm.Realm; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; @Configuration public class ShiroConfig { //创建shiroFilter @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); //给shiroFilter设置安全管理器 shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); //配置系统受限资源 Map<String,String> map = new HashMap<String, String>(); //设置公共访问资源 map.put("/register.jsp","anon"); //设置需要认证资源 map.put("/index.jsp","authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); //设置默认认证界面路径 shiroFilterFactoryBean.setLoginUrl("/login.jsp"); return shiroFilterFactoryBean; } //创建web管理器 @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){ DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(); //给安全管理器设置realm defaultWebSecurityManager.setRealm(realm); return defaultWebSecurityManager; } //创建自定义realm @Bean public Realm getRealm(){ CustomerRealm customerRealm = new CustomerRealm(); return customerRealm; } }

自定义realm

package com.yzs.demo.shiro.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class CustomerRealm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { return null; } }

3、创建数据库表

一共需要创建5张表。

二、shiro整合springboot之thymeleaf权限控制

1、引入扩展依赖

<dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency>

2、页面中引入命名空间

<html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">

3、控制标签示例

<!--获取身份信息--> <p shiro:principal=""></p>

4、加入shiro的方言配置（用于处理页面shiro标签不起作用）

@Configuration public class ShiroConfig { @Bean(name="shiroDialect") public ShiroDialect shiroDialect(){ return new ShiroDialect(); } }

三、shiro整合之缓存使用

1、使用默认Ehcache实现缓存

引入依赖

<!--shiro和ehcache依赖--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.4.2</version> </dependency>

在shiro配置类中配置缓存

package com.yzs.demo.config; import com.yzs.demo.shiro.realm.CustomerRealm; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.realm.Realm; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; @Configuration public class ShiroConfig { //创建shiroFilter @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); //给shiroFilter设置安全管理器 shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); //配置系统受限资源 Map<String,String> map = new HashMap<String, String>(); map.put("/register.jsp","anon"); map.put("/user/register","anon"); map.put("/user/login","anon"); map.put("/**","authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); //设置默认认证界面路径 shiroFilterFactoryBean.setLoginUrl("/login.jsp"); return shiroFilterFactoryBean; } //创建web管理器 @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){ DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(); //给安全管理器设置realm defaultWebSecurityManager.setRealm(realm); return defaultWebSecurityManager; } //创建自定义realm @Bean public Realm getRealm(){ CustomerRealm customerRealm = new CustomerRealm(); HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5"); hashedCredentialsMatcher.setHashIterations(1024); customerRealm.setCredentialsMatcher(hashedCredentialsMatcher); //设置缓存 customerRealm.setCacheManager(new EhCacheManager()); //开启全局缓存 customerRealm.setCachingEnabled(true); //开启认证缓存 设置认证缓存名字 customerRealm.setAuthenticationCachingEnabled(true); customerRealm.setAuthenticationCacheName("authenticationCache"); //开启授权缓存 设置授权缓存名字 customerRealm.setAuthorizationCachingEnabled(true); customerRealm.setAuthorizationCacheName("authorizationCache"); return customerRealm; } }