Spring boot provides a built-in authentication framework, and also provides customized javaconfig configuration extensions. Spring-sercurity is also an excellent framework, but I am used to using the apache shiro framework. Moreover, the original project was an integrated shiro framework. I went online to find the configuration method, but I couldn't find a complete configuration method, so I decided to do it myself and have enough food and clothing!
To integrate other frameworks on spring boot, you must first understand the spring javaconfig method. You can also configure other modules using this method. Less nonsense, start. . .
Before starting, you need to import maven dependencies (shiro-web optional):
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency>The original shiro integrated spring configuration is taken out, as follows:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans.xsd" default-lazy-init="true"> <description>Shiro security configuration comes from: http://shiro.apache.org/spring.html </description> <bean id="securityManager"> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <property name="realm" ref="ShiroRealmImpl" /> <property name="cacheManager" ref="shiroEhcacheManager" /> </bean> <!-- Define the realm you want to use to connect to your back-end security datasource: --> <bean id="ShiroRealmImpl" /> <bean id="shiroFilter"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <!-- Page that does not have permission or jumps after failure --> <property name="successUrl" value="/sa/index" /> <property name="filterChainDefinitions"> <!-- , roles[admin], perms[document:read] --> <value> <!-- /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms [role:edit] /role/list = perms [role:view] --> /sa/** = authc /** = anon </value> </property> </bean> <!-- User authorization/authentication information Cache, using EhCache cache --> <bean id="shiroEhcacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" /> </bean> <!-- Ensure that the bean execution of Shiro's internal lifecycle function is implemented --> <bean id="lifecycleBeanPostProcessor" /> <!-- AOP method-level permission check--> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after --> <!-- the lifecycleBeanProcessor has run: --> <bean depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean> <property name="securityManager" ref="securityManager" /> </bean> </beans>
There are so many classes, and there is no way to configure them one by one. The javaconfig file is as follows:
import java.util.LinkedHashMap; import java.util.Map; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ShiroConfiguration { private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); @Bean(name = "ShiroRealmImpl") public ShiroRealmImpl getShiroRealm() { return new ShiroRealmImpl(); } @Bean(name = "shiroEhcacheManager") public EhCacheManager getEhCacheManager() { EhCacheManager em = new EhCacheManager(); em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml"); return em; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator(); daap.setProxyTargetClass(true); return daap; } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager() { DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager(); dwsm.setRealm(getShiroRealm()); dwsm.setCacheManager(getEhCacheManager()); return dwsm; } @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(getDefaultWebSecurityManager()); return new AuthorizationAttributeSourceAdvisor(); } @Bean(name = "shiroFilter") public ShiroFilterFactoryBean getShiroFilterFactoryBean() { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean .setSecurityManager(getDefaultWebSecurityManager()); shiroFilterFactoryBean.setLoginUrl("/login"); shiroFilterFactoryBean.setSuccessUrl("/sa/index"); filterChainDefinitionMap.put("/sa/**", "authc"); filterChainDefinitionMap.put("/**", "anon"); shiroFilterFactoryBean .setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } }Note: The last one is the initialization of filterChainDefinitionMap. The map is initialized by LinkedHashMap. When you apply, configure it into properties file, and then initialization is OK. After rewriting it, it should be OK. After it is rewrite, it should be OK.
Don't forget to go to ehcache-shiro.xml
<ehcache updateCheck="false" name="shiroCache"> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="false" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" /> </ehcache>
Note: Please refer to the official documentation for ShiroRealmImpl class
Summarize
The above is the configuration method of spring boot integrated shiro introduced to you. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to Wulin.com website!