Shiro整合

Shiro是开源的安全框架，可以完全处理身份验证，授权，会话加密等

这里只讲解 SpringBoot 整合 Shiro，进一步了解，进入Shiro文章进行深入学习

应用步骤：

1. 引入依赖

   <!-- Shiro -->
   <dependency>
       <groupId>org.apache.shiro</groupId>
       <artifactId>shiro-spring-boot-web-starter</artifactId>
       <version>1.4.0-RC2</version>
   </dependency>
   

2. 创建配置类 ShiroConfig

   @Configuration
   @Component
   public class ShiroConfig {
   
       @Bean
       public ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager) {
   
           ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
           shiroFilterFactoryBean.setSecurityManager(securityManager);
   
           // 定义默认路径
           shiroFilterFactoryBean.setLoginUrl("/dologin");
           shiroFilterFactoryBean.setSuccessUrl("/index");
           shiroFilterFactoryBean.setUnauthorizedUrl("/refuse.html");
   
           // 过滤器链
           LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
           filterChainDefinitionMap.put("/", "anon");
           filterChainDefinitionMap.put("/static/css/**", "anon");
           filterChainDefinitionMap.put("/static/js/**", "anon");
           filterChainDefinitionMap.put("/static/images/**", "anon");
           filterChainDefinitionMap.put("/static/register", "anon");
           filterChainDefinitionMap.put("/toRegister", "anon");
           filterChainDefinitionMap.put("/login.html", "anon");
           filterChainDefinitionMap.put("/logout", "logout");
           filterChainDefinitionMap.put("/**", "authc");
   
           // 配置过滤器
           shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
   
           // 自定义过滤器
           // Map<String, Filter> filters = new HashMap<>();
           // filters.put("authc", new CustomFormAuthenticationFilter());
           // shiroFilterFactoryBean.setFilters(filters);
   
           return shiroFilterFactoryBean;
       }
   
       @Bean
       public ShiroFilterChainDefinition shiroFilterChainDefinition() {
           DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
   
           // logged in users with the 'admin' role
           //chainDefinition.addPathDefinition("/admin/**", "authc, roles[admin]");
   
           // logged in users with the 'document:read' permission
           //chainDefinition.addPathDefinition("/docs/**", "authc, perms[document:read]");
   
           // all other paths require a logged in user
           //chainDefinition.addPathDefinition("/logout", "logout");
           //chainDefinition.addPathDefinition("/**", "authc");
           return chainDefinition;
       }
   
       @Bean
       public DefaultWebSecurityManager securityManager(Realm realm) {
           DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
           securityManager.setRealm(realm);
   //       securityManager.setRememberMeManager(rememberMeManager());
   //       securityManager.setCacheManager(getEhCacheManager());
   //       securityManager.setSessionManager(sessionManager());
           return securityManager;
       }
   
       @Bean
       public Realm shiroRealm() {
           return new ShiroRealm();
       }
   
   //    /**
   //     * 密码校验规则HashedCredentialsMatcher
   //     * 这个类是为了对密码进行编码的 ,
   //     * 防止密码在数据库里明码保存 , 当然在登陆认证的时候 ,
   //     * 这个类也负责对form里输入的密码进行编码
   //     * 处理认证匹配处理器：如果自定义需要实现继承HashedCredentialsMatcher
   //     */
   //    @Bean("hashedCredentialsMatcher")
   //    public HashedCredentialsMatcher hashedCredentialsMatcher() {
   //        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
   //        //指定加密方式为MD5
   //        credentialsMatcher.setHashAlgorithmName("MD5");
   //        //加密次数
   //        credentialsMatcher.setHashIterations(1024);
   //        credentialsMatcher.setStoredCredentialsHexEncoded(true);
   //        return credentialsMatcher;
   //    }
   
   
   //    @Bean("authRealm")
   //    @DependsOn("lifecycleBeanPostProcessor")//可选
   //    public AuthRealm authRealm(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
   //        AuthRealm authRealm = new AuthRealm();
   //        authRealm.setAuthorizationCachingEnabled(false);
   //        authRealm.setCredentialsMatcher(matcher);
   //        return authRealm;
   //    }
   }
   

3. 创建领域

   public class ShiroRealm extends AuthorizingRealm {
   
       @Autowired
       private AuctionuserService auctionuserService;
   
       @Override
       protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
           return null;
       }
   
       /**
        * 身份验证
        * @param token 包含用户主体和凭据的身份验证令牌。
        * @return
        * @throws AuthenticationException
        */
       @Override
       protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
           String username = (String) token.getPrincipal();
           Auctionuser user = auctionuserService.findUserByName(username);
           if (user == null) return null;
           return new SimpleAuthenticationInfo(user, user.getUserPassword(),"ShiroRealm");
       }
   }
   

4. 三个步骤即可实现引入Shiro（如果需要其他功能可以在配置类中进行添加！）