shiro架构（外部）

shiro架构(内部)

具体API操作

获取当前的用户对象

Subject currentUser = SecurityUtils.getSubject();

通过当前用户拿到session

Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {log.info("Subject = >session [" + value + "]");
}

判断当前的用户是否被认证

!currentUser.isAuthenticated()

获得当前用户的认证

currentUser.getPrincipal()

获得用户是否拥有什么角色

currentUser.hasRole("schwartz")

获得当前用户的权限

currentUser.isPermitted("lightsaber:wield")

注销

currentUser.logout();

springboot集成shiro

环境搭建

导入shiro整合sping的包

<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
<dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.9.0</version>
</dependency>

新建config层

@Configuration
public class ShiroConfig {@Bean//ShiroFilterFactoryBean 3public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);return shiroFilterFactoryBean;}
@Bean(name = "defaultWebSecurityManager")
//DafaultWebSecurityManager              2                         //指定方法名public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();//关联realmdefaultWebSecurityManager.setRealm(userRealm);return defaultWebSecurityManager;}
//创建realm 对象，需要自定义类 1@Beanpublic UserRealm userRealm(){return new UserRealm();}}

Realm配置

public class UserRealm extends AuthorizingRealm {//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行了=>doGetAuthorizationInfo");return null;}//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("执行了=>doGetAuthenticationInfo");return null;}
}

shiro登录拦截

/*  anon:无霹认证就可以访问authc:必须认证了 才能让问user:必须拥有记住我功能才能用perms:拥有对某个资源的权限才能访间;role:拥有某 个角色权限才能访问*/

controller层

@Controller
public class MyController {@GetMapping({"/","index"})public  String  toIndex(Model model){model.addAttribute("msg","hello,shiro");return "index";}@RequestMapping("/User/add")public  String  add(){return "User/add";}@RequestMapping("/User/update")public  String  update(){return "User/update";}@RequestMapping("/toLogin")public  String toLogin(){return "login";}

shiroConfig类

@Configuration
public class ShiroConfig {@Bean//ShiroFilterFactoryBean 3public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);/*  anon:无霹认证就可以访问authc:必须认证了 才能让问user:必须拥有记住我功能才能用perms:拥有对某个资源的权限才能访间;role:拥有某 个角色权限才能访问*/Map<String ,String> filterMap = new LinkedHashMap<>();filterMap.put("/User/add","authc");filterMap.put("/User/update","authc");//filterMap.put("/User/*","authc");shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);//设置登录请求的页面shiroFilterFactoryBean.setLoginUrl("/toLogin");return shiroFilterFactoryBean;}
@Bean(name = "defaultWebSecurityManager")
//DafaultWebSecurityManager              2                         //指定方法名public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();//关联realmdefaultWebSecurityManager.setRealm(userRealm);return defaultWebSecurityManager;}
//创建realm 对象，需要自定义类 1@Beanpublic UserRealm userRealm(){return new UserRealm();}}