Simple integration of spring boot and Shiro

Shrio official website :https://shiro.apache.org/

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, encryption, and session management. with Shiro's easy-to-understand API, you can quickly and easily protect any application-from the smallest mobile app to the largest Web and enterprise application. Spring also comes with its own security framework. Shrio is through its re-encapsulation, realizes its own set of new architecture.

It happened that the spring boot project also needs to use the user's authentication and permission control, originally wanted to use AOP to write a set of their own, but eventually chose the Shiro, through the joint fight with the predecessor, and finally realized it.

1. Directly on the configuration class:

/** * * Shiro Configuration class * @author Wuzz * @Date April 30, 2018 * */@Configurationpublic class Shiroconfiguration {/** * Lif Ecyclebeanpostprocessor, this is a destructionawarebeanpostprocessor subclass, *     Responsible for the life cycle of the org.apache.shiro.util.Initializable type Bean, initialization and destruction.     * Mainly subclasses of the Authorizingrealm class, as well as the Ehcachemanager class.        */@Bean (name = "Lifecyclebeanpostprocessor") public lifecyclebeanpostprocessor Lifecyclebeanpostprocessor () {    return new Lifecyclebeanpostprocessor ();     }/** * Hashedcredentialsmatcher, this class is to encode the password, * to prevent the password in the database plaintext, of course, when the login authentication, * This class is also responsible for the password entered in the form code. */@Bean (name = "Hashedcredentialsmatcher") public Hashedcredentialsmatcher Hashedcredentialsmatcher () {Hash        Edcredentialsmatcher credentialsmatcher = new Hashedcredentialsmatcher ();        Credentialsmatcher.sethashalgorithmname ("MD5");        Credentialsmatcher.sethashiterations (1024);        Credentialsmatcher.setstoredcredentialshexencoded (TRUE);    return credentialsmatcher;   } /**shirorealm, this is a custom authentication class, inherits from the Authorizingrealm, * responsible for the user's authentication and the permission processing, may refer to the Jdbcrealm realization. */@Bean (name = "Shirorealm") @DependsOn ("Lifecyclebeanpostprocessor") public Permissionsshirorealm Shirorealm () {Permissionsshirorealm realm = new Permissionsshirorealm ();//This class needs to be written by itself the following will post its implementation realm.setcredentialsmatcher (has        Hedcredentialsmatcher ());    return realm;     }/** * Ehcachemanager, cache management, the user login successfully, the user information and permission information cache, * and then each time the user requests, put into the user's session, if not set this bean, each request will query the database. *///@Bean (name = "Ehcachemanager")//@DependsOn ("lifecyclebeanpostprocessor")//Public Ehcachemanager Getehcache  Manager () {//Ehcachemanager Ehcachemanager = new Ehcachemanager ();  Ehcachemanager.setcachemanagerconfigfile ("Classpath:ehcache.xml");  return ehcachemanager; }/** * SecurityManager, Rights Management, this class combination of landing, logout, permissions, session processing, is a more important class. */@Bean (name = "SecurityManager") public Defaultwebsecuritymanager SecurityManager (PermissionSshirorealm Shirorealm, SessionManager sessionmanager) {Defaultwebsecuritymanager SecurityManager = new DefaultWeb        SecurityManager ();        Securitymanager.setrealm (Shirorealm);//Securitymanager.setcachemanager (Getehcachemanager ());        Securitymanager.setsessionmanager (SessionManager);    return SecurityManager;     }/** * Shirofilterfactorybean, is a factorybean, in order to generate Shirofilter.     * It mainly maintains three data, Securitymanager,filters,filterchaindefinitionmanager. */@Bean (name = "Shirofilter") public Shirofilterfactorybean Shirofilterfactorybean (org.apache.shiro.mgt.SecurityMan        Ager SecurityManager) {Shirofilterfactorybean Shirofilterfactorybean = new Shirofilterfactorybean (); Shirofilterfactorybean.setsecuritymanager (SecurityManager);//map<string, filter> filters = new LinkedHashMap <> ();//Logoutfilter Logoutfilter = new Logoutfilter ();//Logoutfilter.setredirecturl ("/api/1.0/logino UT ");//Filters.put (" LogouT ", null);//Shirofilterfactorybean.setfilters (filters);        map<string, string> Filterchaindefinitionmanager = new linkedhashmap<string, string> (); Filterchaindefinitionmanager.put ("/api/1.0/logout", "logout");//Logout URL filterchaindefinitionmanager.put ("/api/1.0 /login "," anon ");//Login URL filterchaindefinitionmanager.put ("/api/1.0/nologin "," anon ");//not logged in jump url//Filterchai        Ndefinitionmanager.put ("/user/edit/**", "Authc,perms[user:edit]");//here to test, fixed write dead value can also be read from the database or other configuration, here is the permission control        Filterchaindefinitionmanager.put ("/**", "user");        Shirofilterfactorybean.setfilterchaindefinitionmap (Filterchaindefinitionmanager);        Shirofilterfactorybean.setloginurl ("/api/1.0/nologin");        Shirofilterfactorybean.setunauthorizedurl ("/api/1.0/unauth");    return Shirofilterfactorybean;     }/** * Defaultadvisorautoproxycreator,spring a bean, which is determined by the advisor to which classes of methods are AOP proxied. */@Bean @ConditionalOnMissingBean public DefauLtadvisorautoproxycreator Defaultadvisorautoproxycreator () {defaultadvisorautoproxycreator DefaultAAP = new Defaul        Tadvisorautoproxycreator ();        Defaultaap.setproxytargetclass (TRUE);    return DEFAULTAAP; }/** * Authorizationattributesourceadvisor,shiro implemented in the Advisor class, * Internal use Aopallianceannotationsauthorizingmethodint     Erceptor to intercept the method with the following annotations. */@Bean public authorizationattributesourceadvisor authorizationattributesourceadvisor ( Org.apache.shiro.mgt.SecurityManager SecurityManager) {authorizationattributesourceadvisor AASA = new Authorizatio        Nattributesourceadvisor ();        Aasa.setsecuritymanager (SecurityManager);    return AASA; } @Bean Public Defaultwebsessionmanager Configwebsessionmanager (Redissessiondao Sessiondao) {mysessionmanage  R manager = new Mysessionmanager ();  Manager.setsessiondao (Sessiondao);//Set Sessiondao manager.setdeleteinvalidsessions (TRUE);//Delete expired session Manager.setsessionvalidationschedulerenabled (FALSE);//Whether to check the session return manager regularly;    } public Redissessiondao Configredissessiondao () {return new Redissessiondao (); }}

　　

Simple integration of spring boot and Shiro