Spring Boot整合Shiro許可權驗證框架，可參考：

https://shiro.apache.org/spring-boot.html

引入依賴

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring-boot-web-starter</artifactId>
    <version>1.4.0</version>
</dependency>

配置Shiro

ShiroConfig：

@ConfigurationProperties(prefix = "shiro")
@Configuration
public class ShiroConfig {

	@Autowired
	private ApplicationConfig applicationConfig;

	private List<String> pathDefinitions;

	@Bean
	public ShiroFilterChainDefinition shiroFilterChainDefinition() {
		DefaultShiroFilterChainDefinition chainDefinition = new
				DefaultShiroFilterChainDefinition();

		applicationConfig.getStaticDirs()
				.forEach(s -> chainDefinition.addPathDefinition(s, "anon"));
		this.getPathDefinitions().forEach(d -> {
			String[] defArr = d.split("=");
			chainDefinition
					.addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1]));
		});

		return chainDefinition;
	}

	@Bean
	public Realm systemRealm() {
		SystemRealm systemRealm = new SystemRealm();
		return systemRealm;
	}

	public List<String> getPathDefinitions() {
		return pathDefinitions;
	}

	public void setPathDefinitions(List<String> pathDefinitions) {
		this.pathDefinitions = pathDefinitions;
	}

}
 

ApplicationConfig：注入的是application.yml中的配置，略。

SystemRealm：

public class SystemRealm extends AuthorizingRealm {

	@Autowired
	private SysAdminMapper sysAdminMapper;

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
			throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
		token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray
				());

		SysAdminDO sysAdminParams = new SysAdminDO();
		sysAdminParams.setAdminLoginName(token.getUsername());
		SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams);

		AuthenticationInfo authInfo = null;
		if (sysAdminDO != null) {
			authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(),
					getName());
		}
		return authInfo;
	}

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
		/**
		 * 下面為靜態示例，根據使用者對應許可權進行修改
		 * 根據使用者查詢對應的角色、許可權
		 */
		SysAdminDO sysAdminDO = (SysAdminDO) super.getAvailablePrincipal(principalCollection);
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

		Set<String> roles = new HashSet<>();
		roles.addAll(Arrays.asList("product", "operation"));
		authorizationInfo.setRoles(roles);

		Set<String> permissions = new HashSet<>();
		permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update"));
		authorizationInfo.addStringPermissions(permissions);

		return authorizationInfo;
	}

}
 

應用配置

application.yml中加入Shiro配置。

shiro:
  loginUrl: /login
  successUrl: /
  unauthorizedUrl: /error
  pathDefinitions:
    - /login/submit = anon
    - /logout = logout
    - /test = authc, roles[product], perms[operation:update]
    - /** = authc

loginUrl：沒有認證的將會跳到登入頁面。

successUrl：認證成功跳轉的頁面。

unauthorizedUrl

pathDefinitions：用來定義路徑授權規則。

更多引數參考官網定義：

https://shiro.apache.org/spring-boot.html#configuration-properties

登入服務類

@Override
public SysAdminDO login(LoginForm form) {
	UsernamePasswordToken token = new UsernamePasswordToken(form.getLoginName(),
			form.getLoginPassword());
	token.setRememberMe(true);
	Subject currentUser = getSubject();
	try {
		currentUser.login(token);
	} catch (Exception e) {
		logger.error("登入驗證失敗：", e);
	}
	return (SysAdminDO) currentUser.getPrincipal();
}

自帶的過濾器

anno, authc等更多定義參考類：

org.apache.shiro.web.filter.mgt.DefaultFilter

官網定義：

http://shiro.apache.org/web.html#default-filters

關注公眾號Java技術棧回覆"面試"獲取我整理的2020最全面試題及答案。

推薦去我的部落格閱讀更多：

1.Java JVM、集合、多執行緒、新特性系列教程

2.Spring MVC、Spring Boot、Spring Cloud 系列教程

3.Maven、Git、Eclipse、Intellij IDEA 系列工具教程

4.Java、後端、架構、阿里巴巴等大廠最新面試題

覺得不錯，別忘了點贊+轉發哦！