SpringBoot中使用shiro权限认证

<!-- 导入shiro的依赖 --> <!-- 启动shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web-starter</artifactId> <version>1.4.0</version> </dependency> 在这里插入代码片 package com.h1.realm; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import com.h1.pojo.User; import com.h1.service.UserService; public class AuthRealm extends AuthorizingRealm { @Autowired private UserService userService; //认证登陆 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken usernamePasswordToken=(UsernamePasswordToken) token; String username = usernamePasswordToken.getUsername(); User user = userService.findByUsername(username); return new SimpleAuthenticationInfo(user,user.getPasswords(),this.getClass().getName()); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub return null; } } 在这里插入代码片 package com.h1.configuration; import org.apache.shiro.mgt.SessionsSecurityManager; import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition; import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import com.h1.realm.AuthRealm; @Configuration public class ShiroConfig { @Bean AuthRealm auMyRealm() { return new AuthRealm(); } @Bean SessionsSecurityManager securityManager() { DefaultWebSecurityManager manager = new DefaultWebSecurityManager(); manager.setRealm(auMyRealm()); return manager; } @Bean ShiroFilterChainDefinition shiroFilterChainDefinition() { DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition(); //authc标识只有登录后才有权限访问,anon标识没有登录也有权限访问 definition.addPathDefinition("/user/login", "anon"); /* definition.addPathDefinition("/index", "authc"); */ definition.addPathDefinition("/static/**", "anon"); definition.addPathDefinition("/**", "user"); return definition; } } @Controller public class IndexController { /** * 用户登录请求 */ @GetMapping("user/login") @ResponseBody public SysResult userLogin(String account,String password,HttpSession session) { UsernamePasswordToken token = new UsernamePasswordToken(account, password); Subject subject = SecurityUtils.getSubject(); try { subject.login(token); User user = (User) subject.getPrincipal(); session.setAttribute("user", user); return SysResult.oK(JSONArray.fromObject(user)); } catch (Exception e) { // e.printStackTrace(); System.err.println("登录错误;" + e); return SysResult.build(204, "密码输入错误!"); } } /** *退出登录 */ @GetMapping("/loginOut") public String loginOut() { Subject subject = SecurityUtils.getSubject(); if (subject != null) { subject.logout(); } return "login"; } }