如何給Java環境配置最簡單的Shiro環境css
@Bean public SecurityManager securityManager(){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //設置realm. securityManager.setRealm(userRealm()); // 自定義緩存實現 使用redis if(Constant.CACHE_TYPE_REDIS.equals(cacheType)){ securityManager.setCacheManager(cacheManager()); }else { securityManager.setCacheManager(ehCacheManager()); } securityManager.setSessionManager(sessionManager()); return securityManager; }
核心代碼是前兩行,講Realm內置到SecurityManaager就能夠了。由於Realm像前文講的同樣,是與系統交互的主要橋樑。redis
給Shiro設置Filterapache
@Bean ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); shiroFilterFactoryBean.setLoginUrl("/login"); shiroFilterFactoryBean.setSuccessUrl("/index"); shiroFilterFactoryBean.setUnauthorizedUrl("/403"); LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); filterChainDefinitionMap.put("/login", "anon"); filterChainDefinitionMap.put("/css/**", "anon"); filterChainDefinitionMap.put("/js/**", "anon"); filterChainDefinitionMap.put("/fonts/**", "anon"); filterChainDefinitionMap.put("/img/**", "anon"); filterChainDefinitionMap.put("/docs/**", "anon"); filterChainDefinitionMap.put("/druid/**", "anon"); filterChainDefinitionMap.put("/upload/**", "perms[act:model:edit]"); filterChainDefinitionMap.put("/student/**","roles["admin,normal,assistant"]"); filterChainDefinitionMap.put("/logout", "logout"); filterChainDefinitionMap.put("/", "anon"); filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; }
Filter主要是給Shiro設置一切基礎策略,也能夠用配置文件進行配置,不過依然是須要重啓應用才能生效的。緩存
anno表明不須要受權便可訪問,對於靜態資源,訪問權限都設置爲annosession
authc表示須要登陸纔可訪問ui
perms[act:model:edit] 權限配置orm
roles["admin,normal,assistant"] 角色配置繼承
注:非鑑權接口須要在這裏面配置接口
Realm的一個實現資源
1.建立類繼承 AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
使用此類做爲父類的緣由咱們能夠看到,其已經繼承了身份認證的Realm父類
public abstract class AuthorizingRealm extends AuthenticatingRealm implements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware
實現doGetAuthorizationInfo方法
該方法主要是返回受權的信息,通常的作法是,用戶經過認證以後,須要知道用戶都有哪些頁面或者哪些操做的受權。
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setStringPermissions(perms);
實現doGetAuthenticationInfo方法
該方法主要是作身份認證的時候的判斷邏輯
// 帳號不存在 if (user == null) { throw new UnknownAccountException("帳號或密碼不正確"); } // 密碼錯誤 if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("帳號或密碼不正確"); } // 帳號鎖定 if (user.getStatus() == 0) { throw new LockedAccountException("帳號已被鎖定,請聯繫管理員"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
其餘的方法邏輯還有不少,根據須要實現的業務邏輯添加劇寫便可,後面使用到了再增長文檔