如何使用 Spring Boot 配置 Shiro [英] How to configure Shiro with Spring Boot

问题描述

我有一个 Spring MVC Web 应用程序，它使用使用 Spring 配置而不是 shiro.ini 的 Shiro 身份验证.

I have a Spring MVC web application that uses Shiro authentication using Spring configuration rather than a shiro.ini.

我想过渡到 Spring Boot 应用程序.

I want to transition to a Spring Boot application.

我主要是成功的.应用程序在 Spring Boot 中启动，我的 Shiro 环境得到设置.但是我就是不知道如何正确设置 Shiro 过滤器.我需要这样做以确保请求最终由正确的线程处理.

I have been mainly successful. The application starts in Spring Boot and my Shiro environment gets setup. However I just cannot work out how to setup the Shiro Filter correctly. I need this to be working to make sure requests end up being handled by the correct thread.

在原始应用程序中，我在 web.xml 中配置了 Shiro 过滤器，如下所示:

In the original app I configured the Shiro Filter in the web.xml like this:

<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

我尝试使用这样的 Java 配置来复制它:

I have tried replicate this using a Java Config like this:

  @Autowired
  private WebSecurityManager webSecurityManager;

  @Bean
  public ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new org.apache.shiro.spring.web.ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(webSecurityManager);
    return shiroFilterFactoryBean;
  }

  @Bean
  public org.apache.shiro.spring.LifecycleBeanPostProcessor lifecycleBeanPostProcessor()
  {
    return new org.apache.shiro.spring.LifecycleBeanPostProcessor();
  }

  @Bean
  public Filter shiroFilter()
  {
    DelegatingFilterProxy filter = new DelegatingFilterProxy();
    filter.setTargetBeanName("shiroFilterFactoryBean");
    filter.setTargetFilterLifecycle(true);
    return filter;
  }

但是，我无法将所有内容组合在一起，也没有足够的知识来解决问题.我只是看不到将过滤器连接到环境.我猜这与设置的顺序有关.

However I just cannot get everything to fit together and don't have enough knowledge to sort it out. I just can't see to connect the filter to the environment. I would guess it is something to do with the order things are setup.

有没有人成功地将 Spring Boot 和 Shiro 一起使用?

Has anyone managed to use Spring Boot and Shiro together successfully?

推荐答案

好吧，好像少了点什么，java config是这样的:

Well, it seems that the lack of something, java config like this:

import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setLoginUrl("/login");
    shiroFilter.setSuccessUrl("/index");
    shiroFilter.setUnauthorizedUrl("/forbidden");
    Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>();
    filterChainDefinitionMapping.put("/", "anon");
    filterChainDefinitionMapping.put("/home", "authc,roles[guest]");
    filterChainDefinitionMapping.put("/admin", "authc,roles[admin]");
    shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
    shiroFilter.setSecurityManager(securityManager());
    Map<String, Filter> filters = new HashMap<String, Filter>();
    filters.put("anon", new AnonymousFilter());
    filters.put("authc", new FormAuthenticationFilter());
    filters.put("logout", new LogoutFilter());
    filters.put("roles", new RolesAuthorizationFilter());
    filters.put("user", new UserFilter());
    shiroFilter.setFilters(filters);
    System.out.println(shiroFilter.getFilters().size());
    return shiroFilter;
}

@Bean(name = "securityManager")
public SecurityManager securityManager() {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm());
    return securityManager;
}

@Bean(name = "realm")
@DependsOn("lifecycleBeanPostProcessor")
public PropertiesRealm realm() {
    PropertiesRealm propertiesRealm = new PropertiesRealm();
    propertiesRealm.init();
    return propertiesRealm;
}

@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
}

https://github.com/lenicliu/eg-spring/tree/master/eg-spring-boot/eg-spring-boot-shiro

这篇关于如何使用 Spring Boot 配置 Shiro的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！