Springboot Integrated Apache Shiro

These days because of the project needs, learning the next Shiro, leaving some records, but also hope for beginners Shiro friends to help.

Springboot is a new project in the past two years, it is to reduce the need to introduce a variety of SPRINGMVC in the development process of the jar package, various XML configuration files, it takes full advantage of the Javaconfig configuration mode and "contract better than the configuration" concept, To help developers configure most of what they need, the Springboot project on GitHub offers a lot of

While Apache Shiro is a lightweight authentication and authorization framework, compared to spring security, it is easy to use and flexible, and springboot itself provides support for security, after all, its own stuff. Springboot temporarily without integrated Shiro, this has to match.

Find some information on the Internet, configuration Shiro, there are many needs in the Web. XML, application.xml inside various configurations, however Springboot does not have these, and springboot advocates XML-free, using Javaconfig configuration method, Not very familiar with this, but someone using javaconfig way to configure the Shiro, see the csdn inside a classmate's blog Spring boot integrated shiro configuration, download the demo, and then imitate the successful configuration. But accustomed to the configuration of XML, feel Javaconfig way is not very intuitive, and then I replaced it with the way of XML. The following are the main configuration procedures

First, Spring-shiro.xml.

<?xml version= "1.0" encoding= "UTF-8"? ><beans xmlns= "Http://www.springframework.org/schema/beans" xmlns: Xsi= "Http://www.w3.org/2001/XMLSchema-instance" xmlns:aop= "HTTP://WWW.SPRINGFRAMEWORK.ORG/SCHEMA/AOP" xmlns:tx= " Http://www.springframework.org/schema/tx "xmlns:util=" Http://www.springframework.org/schema/util "xmlns:context= "Http://www.springframework.org/schema/context" xsi:schemalocation= "Http://www.springframework.org/schema/bean s http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx HTTP://WW W.springframework.org/schema/tx/spring-tx.xsd HTTP://WWW.SPRINGFRAMEWORK.ORG/SCHEMA/AOP/HTTP Www.springframework.org/schema/aop/spring-aop.xsd Http://www.springframework.org/schema/util/HTTP Www.springframework.org/schema/util/spring-util.xsd Http://www.springframework.org/schema/context/HTTP Www.springframework.org/schema/context/spring-context.xsd "> <!--========================================================= Shiro Components ================================== =======================-<!--cache Manager uses Ehcache for <bean id= "CacheManager" class= "org.apache.shiro.c Ache.ehcache.EhCacheManager "> <property name=" cachemanagerconfigfile "value=" classpath:app/config/ Ehcache-shiro.xml "/> </bean> <!--session cookie template--<bean id=" Sessionidcookie "class=" Org.apache. Shiro.web.servlet.SimpleCookie "> <constructor-arg value=" Sid "/> <property name=" HttpOnly "value = "true"/> <property name= "MaxAge" value= "1800000"/> <!--20 days--</bean> <!--session ID Generator-<bean id= "Sessionidgenerator" class= "Org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/ > <bean id= "Sessiondao" class= "Org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" > < Property Name= "Activesessionscachename" VAlue= "Shiro-activesessioncache"/> <property name= "sessionidgenerator" ref= "Sessionidgenerator"/> < /bean> <!--Session Manager--<bean id= "SessionManager" class= "org.apache.shiro.web.session.mgt.DefaultWebSess Ionmanager "> <property name=" globalsessiontimeout "value=" 10800 "/> <property name=" DeleteInval Idsessions "value=" true "/> <property name=" Sessiondao "ref=" Sessiondao "/> </bean> <!--required        Write your own realm class to act as a bridge for Shiro and application security data--<bean id= "Monitorrealm" class= "Com.test.MonitorRealm" ></bean>        <!--security Manager--<bean id= "SecurityManager" class= "Org.apache.shiro.web.mgt.DefaultWebSecurityManager" > <property name= "Realms" > <list> <ref bean= "Monitorrealm"/> < /list> </property> <property name= "SessionManager" ref= "SessionManager"/> <propert Y name= "CacheManager" ref= "CacheManager"/> </bean> <!--Shiro Life cycle Processor--<bean id= "Lifecyclebeanpostprocessor" class= " Org.apache.shiro.spring.LifecycleBeanPostProcessor "/> <!--Shiro Web Filter--<bean id=" Shirofilter "Clas s= "Org.apache.shiro.spring.web.ShiroFilterFactoryBean" > <property name= "SecurityManager" ref= " SecurityManager "/> <property name=" loginurl "value="/cooka-user-web/login "/> <property name=" u                Nauthorizedurl "value="/unauthorized "/> <property name=" Filters "> <util:map> <entry key= "authc" > <bean class= "Org.apache.shiro.web.filter.auth        C.passthruauthenticationfilter "/> </entry> </util:map> </property>                <property name= "Filterchaindefinitions" > <value> # Files that can be accessed without authentication are placed in front /js/* = Anon/css/* = anon/img/* = anon/images/* = Anon #需要认证后才能访问的url, here to write full /user-web/login = Anon/logout = logout/user-web/* = authc/backend-web/* = AUTHC </value> </property> </bean> <!--exception blocking--<bean class= "org.sp            Ringframework.web.servlet.handler.SimpleMappingExceptionResolver "> <property name=" exceptionmappings ">                       <props> <prop key= "Org.apache.shiro.authz.UnauthorizedException" > /unauthorized <!--not authorized to process pages--</prop> &LT;PR                             Op key= "Org.apache.shiro.authz.UnauthenticatedException" >/user-web/login <!--identity not validated-</prop> </props> </property> &LT;/BEAN&GT;&L   T;/beans>

Next is the Ehcache.xml file.

Ehcache is a pure Java in-process caching framework, which can be seen in this context

<ehcache updatecheck= "false" Name= "Shirocache" >    <defaultcache            maxelementsinmemory= "10000"            Eternal= "false"            timetoidleseconds= "timetoliveseconds="            overflowtodisk= "false"            Diskpersistent= "false"            diskexpirythreadintervalseconds= "/></ehcache>"            

Springboot loading an XML configuration file

Import Org.springframework.boot.springapplication;import Org.springframework.boot.autoconfigure.enableautoconfiguration;import Org.springframework.boot.autoconfigure.springbootapplication;import Org.springframework.context.annotation.componentscan;import org.springframework.context.annotation.configuration;@ Configuration@springbootapplication@componentscan@enableautoconfigurationpublic class Application {public static void Main (string[] args) {Springapplication.run (new string[] {"Classpath*:app/config/spring-*.xml", "classpath*:app/ Config/spring-session-redis.xml "," classpath*:/user/captcha.xml "//....}, args);}}

Such Spingboot is configured in XML form Shiro is completed, after the controller method above the use of annotations on the way, you can control the permissions.

There are no Monitorrealm classes available, there are two ways to implement Dogetauthorizationinfo (authorization) and Dogetauthenticationinfo (authentication), There is logincontroller inside to make some changes, the need for friends can refer to this article Springmvc integration Shiro Blog.

Springboot Integrated Apache Shiro