How to configure Shiro with Spring Boot
I have a Spring MVC web application that uses Shiro authentication using Spring configuration rather than a shiro.ini.
I want to transition to a Spring Boot application.
-
Well, it seems that the lack of something, java config like this:
import java.util.HashMap; import java.util.Map; import javax.servlet.Filter; import org.apache.shiro.realm.text.PropertiesRealm; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.web.filter.authc.AnonymousFilter; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.filter.authc.LogoutFilter; import org.apache.shiro.web.filter.authc.UserFilter; import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.WebSecurityManager; @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter() { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setLoginUrl("/login"); shiroFilter.setSuccessUrl("/index"); shiroFilter.setUnauthorizedUrl("/forbidden"); Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>(); filterChainDefinitionMapping.put("/", "anon"); filterChainDefinitionMapping.put("/home", "authc,roles[guest]"); filterChainDefinitionMapping.put("/admin", "authc,roles[admin]"); shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping); shiroFilter.setSecurityManager(securityManager()); Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("anon", new AnonymousFilter()); filters.put("authc", new FormAuthenticationFilter()); filters.put("logout", new LogoutFilter()); filters.put("roles", new RolesAuthorizationFilter()); filters.put("user", new UserFilter()); shiroFilter.setFilters(filters); System.out.println(shiroFilter.getFilters().size()); return shiroFilter; } @Bean(name = "securityManager") public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(realm()); return securityManager; } @Bean(name = "realm") @DependsOn("lifecycleBeanPostProcessor") public PropertiesRealm realm() { PropertiesRealm propertiesRealm = new PropertiesRealm(); propertiesRealm.init(); return propertiesRealm; } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }https://github.com/lenicliu/eg-spring/tree/master/eg-spring-boot/eg-spring-boot-shiro
讨论(0) -
lenicliu gave great information, since I can't comment on his answer because I don't have enough reputation. I would like to add all the imports I had to make for his code to actually compile (maybe useful for noobies on Shiro, like me).
import java.util.HashMap; import java.util.Map; import javax.servlet.Filter; import org.apache.shiro.realm.text.PropertiesRealm; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.web.filter.authc.AnonymousFilter; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.filter.authc.LogoutFilter; import org.apache.shiro.web.filter.authc.UserFilter; import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.WebSecurityManager;讨论(0)
加载中...
- 热议问题