1、增加Shiro依赖
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency>2、创立ShiroConfig
@Configurationpublic class ShiroConfig { @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); //设置平安管理器 bean.setSecurityManager(defaultWebSecurityManager); //增加shiro的内置过滤器 /* anon:无需认证能够拜访 authc:必须认证能力拜访 user:必须领有 记住我 性能能力用 perms:领有对某个资源的权限能力拜访 role:领有某个角色权限能力拜访 */ //拦挡 Map<String, String> filterMap = new LinkedHashMap<>();// filterMap.put("/user/add","authc");// filterMap.put("/user/update","authc"); filterMap.put("/login/*","anon"); bean.setFilterChainDefinitionMap(filterMap); //验证失败跳转页面 bean.setLoginUrl("/Text"); return bean; } @Bean public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } @Bean public UserRealm userRealm(){ return new UserRealm(); }}3、Realm受权、认证
public class UserRealm extends AuthorizingRealm { @Autowired private UserService userService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("受权执行"); return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("认证执行");// UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;//// //连贯实在的数据库// User user = userService.queryUserByName(token.getUsername());//// if (user == null){//没有此用户// return null;// } //明码认证 shiro做 return new SimpleAuthenticationInfo("",token.getPassword(),""); }}