Shiro 是一个比较常用的安全认证框架,简单又实用。在Spring Boot中整合Shiro有两种方式:
- 1.将传统的SSM+Shiro中的配置用Java实现
- 2.使用Shiro官方提供的自动化配置依赖
本文选择实用第二种方式进行整合,但是在使用Postman进行测试的时候却出现了如下错误:
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
注:运行环境为:IntelliJ IDEA 2018.1.1
- Postman 错误提示如下
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.0</version>
</dependency>
而不是使用Java实现SSM+Shiro中的配置所采用的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
正确的代码示例如下
- 添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.0</version>
</dependency>
- 自定义一个MyRealm
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = ((UsernamePasswordToken) token).getUsername();
if (!"zhangsan".equals(username)) {
throw new UnknownAccountException("账户不存在");
}
return new SimpleAuthenticationInfo(username, "123", getName());
}
}
- 创建ShiroConfig
@Configuration
public class ShiroConfig {
@Bean
MyRealm myRealm() {
return new MyRealm();
}
@Bean
DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(myRealm());
return manager;
}
@Bean
ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
definition.addPathDefinition("/doLogin", "anon");
definition.addPathDefinition("/**", "authc");
return definition;
}
}
- 创建一个Controller进行测试
@Controller
public class ShiroController {
@PostMapping("/doLogin")
public String doLogin(String username, String password) {
try {
Subject subject = SecurityUtils.getSubject();
subject.login(new UsernamePasswordToken(username, password));
return "redirect:/index";//验证成功跳转页面
} catch (AuthenticationException e) {
e.printStackTrace();
}
return "redirect:/login";//验证失败跳转页面
}
@GetMapping("/index")
@ResponseBody
public String index() {
return "index";
}
@GetMapping("/login")
@ResponseBody
public String login() {
return "login";
}
}
- 测试结果如下
积少成多,滴水穿石!