springboot定义Shiro整合服务

1、在本次项目之中web模块为“microboot-shiro-web”，很明显对于web模块之中必须要求调用用户认证与授权微服务（Realm），而后需要进行各种依赖包的配置（Shiro）、考虑到各种缓存的问题、认证与授权检测问题。

2、【microboot-shiro-嘛术铹砾web】修改pom.xml配置文件，追加Shiro相关依赖程序包：<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>SpringBoot</artifactId> <groupId>com.gwolf</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <packaging>war</packaging> <artifactId>microboot-shiro-web</artifactId> <name>microboot-shiro-web</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>springloaded</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-quartz</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>com.gwolf</groupId> <artifactId>microboot-shiro-api</artifactId> <version>1.0-SNAPSHOT</version> </dependency> </dependencies> <build> <finalName>springboot-shiro-web</finalName> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <configuration> <webXml>src/main/resources/web.xml</webXml> </configuration> </plugin> </plugins> </build></project>

3、【microboot-shiro-web】建立一个RestTemplate的配置类对象：package com.gwolf.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.web.client.RestTemplate;@Configuration //此处为配置项public class RestConfig { @Bean //此处返回的是一个Spring的配置Bean，与xml的<bean>等价 public RestTemplate getRestTemplate() {//方法名称随便写 return new RestTemplate(); }}

4、【microboot-shiro-嘛术铹砾web】Shiro之中所有认证与授权的处理都在Realm之中定义的。package com.gwolf.rea造婷用痃lm;import com.gwolf.utils.encrypt.MyPasswordEncrypt;import com.gwolf.vo.Member;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.web.client.RestTemplate;import javax.annotation.Resource;import java.util.HashSet;import java.util.List;import java.util.Map;import java.util.Set;public class MemberRealm extends AuthorizingRealm { @Resource private RestTemplate restTemplate; @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("doGetAuthenticationInfo----------"); //登录认证的方法需要先执行，需要用他来判断登录的用户信息是否合法 String username = (String)token.getPrincipal(); Member vo = null; try { vo = restTemplate.postForObject("http://localhost:8080/member/get?mid="+username, null, Member.class); } catch (Exception e) { e.printStackTrace(); } if(vo == null) { throw new AuthenticationException("该用户名称不存在"); }else { String password = MyPasswordEncrypt.encryptPassword(new String((char[])token.getCredentials())); if(vo.getPassword().equals(password)) { AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password,"memberRealm"); return auth; }else { throw new IncorrectCredentialsException("密码错误！"); } } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("------------doGetAuthorizationInfo----------"); String username = (String)principals.getPrimaryPrincipal(); SimpleAuthorizationInfo authenticationInfo = new SimpleAuthorizationInfo(); Map<String, Object> map; try { map = restTemplate.postForObject("http://localhost:8080/member/auth?mid="+username, null, Map.class); Set<String> allRoles = new HashSet<String>(); allRoles.addAll((List<String>)map.get("allRoles")); Set<String> allActions = new HashSet<String>(); allRoles.addAll((List<String>)map.get("allActions")); authenticationInfo.setRoles(allRoles); authenticationInfo.setStringPermissions(allActions); } catch (Exception e) { e.printStackTrace(); } return authenticationInfo; }}

5、【microboot-shiro-web】现在虽然准备好了Realm程序类，但是在整个Shiro进行整合处理的时候实际上需要编写大量的程序类，所以这个时候如果直接使用xml配置文件虽然可以，但是不标准，最好的做法是你将所有的xml配置项编程Bean配置。