@Configuration
public class ShiroConfig {

    //將自己的驗證方式加入容器
    @Bean
    public ShiroRealm myShiroRealm() {
        ShiroRealm myShiroRealm = new ShiroRealm();
        return myShiroRealm;
    }

    //許可權管理，配置主要是Realm的管理認證
    @Bean
    public DefaultSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }

    //Filter工廠，設定對應的過濾條件和跳轉條件
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String,String> map = new HashMap<String, String>();
        map.put("/js/**","anon");
        map.put("/login/**","anon");
        map.put("/logout","logout");
        map.put("/**","authc");
        //歡迎頁
        Map<String, Filter> successUrlMap = new LinkedHashMap<>();
        successUrlMap.put("authc",new SuccessUrlFilter());
        shiroFilterFactoryBean.setFilters(successUrlMap);
        shiroFilterFactoryBean.setSuccessUrl("/index/page");
        //登入頁
        shiroFilterFactoryBean.setLoginUrl("/login/page");
        //錯誤頁面，認證不通過跳轉
        shiroFilterFactoryBean.setUnauthorizedUrl("/error");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;
    }

    //加入註解的使用，不加入這個註解不生效
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}
 

public class ShiroRealm extends AuthorizingRealm {

    @Lazy
    @Autowired
    private IUserService iUserService;

    /**
     * 角色許可權和對應許可權新增
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //獲取登入使用者名稱
        String name= (String) principalCollection.getPrimaryPrincipal();
        //查詢使用者名稱稱
        User user = iUserService.getByUsername(name);
        //新增角色和許可權
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (Role role:iUserService.getRoles(user.getId())) {
            //新增角色
            simpleAuthorizationInfo.addRole(role.getMark());
            for (Permission permission:iUserService.getRolePermissions(role.getId())) {
                //新增許可權
                simpleAuthorizationInfo.addStringPermission(permission.getMark());
            }
        }
        return simpleAuthorizationInfo;
    }

    /**
     * 使用者認證
     * @param authenticationToken
     * @return
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken){
        //加這一步的目的是在Post請求的時候會先進認證，然後在到請求
        if (authenticationToken.getPrincipal() == null) {
           return null;
        }
        //獲取使用者資訊
        String username = authenticationToken.getPrincipal().toString();
        User user = iUserService.getByUsername(username);
        if (user == null) {
            //這裡返回後會報出對應異常
            return null;
        } else {
            //這裡驗證authenticationToken和simpleAuthenticationInfo的資訊
            return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
        }
    }
}