0
点赞
收藏
分享

微信扫一扫

SpringBoot之Shiro注解使用

菜菜捞捞 2021-09-24 阅读 109
javaspringbootjava高级开发
加载失败

一般是在shiroConfig初始配置文件中配置权限,如下:

Map<String, String> chains = Maps.newLinkedHashMap();
        //for swagger
        chains.put("/swagger-ui.html", "anon");
        chains.put("/static/**", "anon");
        chains.put("/swagger/**","anon");
        chains.put("/webjars/**", "anon");
        chains.put("/swagger-resources/**","anon");
        chains.put("/v2/**","anon");

        chains.put("/course/**", "authc,perms[admin:view]");
        chains.put("/user/**", "authc");
        chains.put("/logout", "logout");

        chains.put("/login/**", "anon");
        chains.put("/css/**", "anon");
        chains.put("/fonts/**", "anon");
        chains.put("/layer/**", "anon");

在Springboot环境中继承Shiro时,使用注解@RequiresPermissions时无效

@RequestMapping("add")
@RequiresPermissions("user:add")
public String add() {
     return "user_add";
}

在shiroConfig配置类中增加如下代码

/**
     * 开启Shiro注解(如@RequiresRoles,@RequiresPermissions),
     * 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
     * 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

    /**
     * 开启aop注解支持
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

若是不想在过滤链中配置权限,也可以通过注解方式,更加灵活方便。

Shiro的其他权限过滤器及其用法

  • anon :org.apache.shiro.web.filter.authc.AnonymousFilter
  • authc:org.apache.shiro.web.filter.authc.FormAuthenticationFilter
  • authcBasic:org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
  • port : org.apache.shiro.web.filter.authz.PortFilter
  • rest :org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
  • roles :org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
  • ssl : org.apache.shiro.web.filter.authz.SslFilter
  • user : org.apache.shiro.web.filter.authc.UserFilter
  • logout : org.apache.shiro.web.filter.authc.LogoutFilter
举报

相关推荐

shiro使用模板(springboot)

spring bootjavaeureka

六、Shiro之通过注解配置授权

springjsonapache编程语言

Springboot之Shiro权限管理

过滤器shirospring bootapachespring编程语言

【Shiro】Shiro 的学习教程(四)之 SpringBoot 集成 Shiro 原理

gatewayspring bootspringcloudjavafilter

SpringBoot之----了解Shiro安全框架

spring boot安全java

Shiro之基本使用

安全java

SpringBoot之整合Shiro(最详细)

spring bootjavaspring

SpringBoot之常用注解

spring bootjavaspring

Springboot 之 @EnableConfigurationProperties 注解

spring bootjavaspring

【shiro基础】springboot整合shiro

spring bootjava后端shiro
0 条评论
加载失败