spring boot 整合 shiro 权限框架

?1.配置 pom

? <shiro.version>1.4.0</shiro.version>

? ? ? <!--shiro start-->

? ? <dependency>

? ? ? <groupId>org.apache.shiro</groupId>

? ? ? <artifactId>shiro-core</artifactId>

? ? ? <version>${shiro.version}</version>

? ? </dependency>

? ? <dependency>

? ? ? <groupId>org.apache.shiro</groupId>

? ? ? <artifactId>shiro-web</artifactId>

? ? ? <version>${shiro.version}</version>

? ? </dependency>

? ? <dependency>

? ? ? <groupId>org.apache.shiro</groupId>

? ? ? <artifactId>shiro-ehcache</artifactId>

? ? ? <version>${shiro.version}</version>

? ? </dependency>

? ? <dependency>

? ? ? <groupId>org.apache.shiro</groupId>

? ? ? <artifactId>shiro-spring</artifactId>

? ? ? <version>${shiro.version}</version>

? ? </dependency>

<!--shiro end-->

2.?MyShiroRealm.java

package org.fh.realm;

import java.util.Collection;

import java.util.HashSet;

import org.apache.shiro.authc.*;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.session.Session;

import org.apache.shiro.subject.PrincipalCollection;

import org.fh.service.system.UsersService;

import org.fh.util.Const;

import org.fh.util.Jurisdiction;

import org.fh.entity.PageData;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Lazy;

/**

* 说明：Shiro身份认证

* 作者：FH

* From：www.fhadmin.org

*/

public class MyShiroRealm extends AuthorizingRealm {

? ? @Autowired

? ? @Lazy

? ? private UsersService usersService;

? ? /**

? ? * 登录认证

? ? */

? ? @Override

? ? protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

? ? ? ? UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken; //UsernamePasswordToken用于存放提交的登录信息

? ? PageData pd = new PageData();

? ? pd.put("USERNAME", token.getUsername());

try {

pd = usersService.findByUsername(pd);

if (pd != null){

? ? return new SimpleAuthenticationInfo(pd.getString("USERNAME"), pd.getString("PASSWORD"), getName());

? ? ? ? }

} catch (Exception e) {

return null;

}

return null;

? ? }

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

String USERNAME = (String) super.getAvailablePrincipal(principals);

SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

Session session = Jurisdiction.getSession();

Collection<String> shiroSet= new HashSet<String>();

shiroSet = (Collection<String>)session.getAttribute(USERNAME + Const.SHIROSET);

if(null != shiroSet){

info.addStringPermissions(shiroSet);

return info;

}else {

return null;

}

}

}