SpringBoot之Shiro注解使用

菜菜捞捞

 关注

阅读 118

2021-09-24

一般是在shiroConfig初始配置文件中配置权限,如下:

Map<String, String> chains = Maps.newLinkedHashMap();
        //for swagger
        chains.put("/swagger-ui.html", "anon");
        chains.put("/static/**", "anon");
        chains.put("/swagger/**","anon");
        chains.put("/webjars/**", "anon");
        chains.put("/swagger-resources/**","anon");
        chains.put("/v2/**","anon");

        chains.put("/course/**", "authc,perms[admin:view]");
        chains.put("/user/**", "authc");
        chains.put("/logout", "logout");

        chains.put("/login/**", "anon");
        chains.put("/css/**", "anon");
        chains.put("/fonts/**", "anon");
        chains.put("/layer/**", "anon");

在Springboot环境中继承Shiro时,使用注解@RequiresPermissions时无效

@RequestMapping("add")
@RequiresPermissions("user:add")
public String add() {
     return "user_add";
}

在shiroConfig配置类中增加如下代码

/**
     * 开启Shiro注解(如@RequiresRoles,@RequiresPermissions),
     * 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
     * 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

    /**
     * 开启aop注解支持
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

若是不想在过滤链中配置权限,也可以通过注解方式,更加灵活方便。

Shiro的其他权限过滤器及其用法

  • anon :org.apache.shiro.web.filter.authc.AnonymousFilter
  • authc:org.apache.shiro.web.filter.authc.FormAuthenticationFilter
  • authcBasic:org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
  • port : org.apache.shiro.web.filter.authz.PortFilter
  • rest :org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
  • roles :org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
  • ssl : org.apache.shiro.web.filter.authz.SslFilter
  • user : org.apache.shiro.web.filter.authc.UserFilter
  • logout : org.apache.shiro.web.filter.authc.LogoutFilter

相关推荐

shiro使用模板(springboot)

hoohack 82 0 0

六、Shiro之通过注解配置授权

吴陆奇 73 0 0

Springboot之Shiro权限管理

骑在牛背上看书 93 0 0

【Shiro】Shiro 的学习教程(四)之 SpringBoot 集成 Shiro 原理

ixiaoyang8 17 0 0

SpringBoot之----了解Shiro安全框架

爱奔跑的读书者 87 0 0

Shiro之基本使用

您好 63 0 0

SpringBoot之整合Shiro(最详细)

小a草 45 0 0

Springboot 之 @EnableConfigurationProperties 注解

拾杨梅记 95 0 0

SpringBoot之常用注解

穿裙子的程序员 68 0 0

【shiro基础】springboot整合shiro

MaxWen 92 0 0

精彩评论(0)

0 0 举报