SpringBoot整合JWT+Shiro
引入相关的依赖
编写配置
ShiroConfig
import com.demo.shiro.AccountReaIm;import com.demo.shiro.LoginReaIm;import com.demo.shiro.JwtFilter;import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;import org.apache.shiro.mgt.DefaultSubjectDAO;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.realm.Realm;import org.apache.shiro.session.mgt.SessionManager;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;import org.crazycake.shiro.RedisCacheManager;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.crazycake.shiro.RedisSessionDAO;import javax.servlet.Filter;import java.util.ArrayList;import java.util.HashMap;import java.util.LinkedHashMap;import java.util.Map;/*** * 引入RedisSessionDAO和RedisCacheManager , 为了解决shiro的权限数据和会话信息能保存到redis中 , 实现会话共享 。*/@Configurationpublic class ShiroConfig {@AutowiredJwtFilter jwtFilter;/*** 重建了SessionManager** @param redisSessionDAO* @return*/@Beanpublic SessionManager sessionManager(RedisSessionDAO redisSessionDAO) {DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();// inject redisSessionDAOsessionManager.setSessionDAO(redisSessionDAO);return sessionManager;}/*** 重建DefaultWebSecurityManager* DefaultWebSecurityManager中为了关闭shiro自带的session方式 , 我们需要设置为false ,* 这样用户就不再能通过session方式登录shiro 。 后面将采用jwt凭证登录 。** @param accountRealm* @param sessionManager* @param redisCacheManager* @return*/@Beanpublic DefaultWebSecurityManager securityManager(LoginReaIm loginReaIm,AccountReaIm accountRealm,SessionManager sessionManager,RedisCacheManager redisCacheManager) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//inject sessionManagersecurityManager.setSessionManager(sessionManager);// inject redisCacheManagersecurityManager.setCacheManager(redisCacheManager);/** 关闭shiro自带的session , 详情见文档* #SessionManagement-StatelessApplications%28Sessionless%29*/DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();defaultSessionStorageEvaluator.setSessionStorageEnabled(false);subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);securityManager.setSubjectDAO(subjectDAO);/*** 多个LoginReaIm*/ArrayList
- 文件系统(02):基于SpringBoot管理Xml和CSV
- SpringBoot2.x入门到项目实战课程系列(第二章)
- SpringBoot集成Mybatis
- 大牛深入解析SpringBoot核心运行原理和运作原理源码
- SpringBoot写后端接口,看这一篇就够了
- SpringBoot2.x入门到项目实战课程系列(第五章)
- 不做CRUD的我开源了Springboot API一键生成器
- 10k+点赞的SpringBoot系统竟出了详细教程!爱了
- SpringBoot运行流程源码分析:run方法流程及监听器
- 连锁美业+互联网,四种可以资源整合又能拆分运营的变现法则