springBoot2.0 配置shiro实现权限管理( 五 ) _权限

.java
package com.example.demo2.config;import org.apache.shiro.cache.MemoryConstrainedCacheManager;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;/*** @author sssr* @version 1.0* @Description:* @date 2019/2/17*/@Configurationpublic class ShiroConfig {@Bean("shiroFilter")public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();bean.setSecurityManager(manager);//登录接口bean.setLoginUrl("/user/login");//登录成功跳转页面bean.setSuccessUrl("/user/index");//没有权限跳转的页面bean.setUnauthorizedUrl("/user/unauthorized");LinkedHashMap filterChainDefinitionMap = new LinkedHashMap<>();filterChainDefinitionMap.put("/user/index", "authc");filterChainDefinitionMap.put("/user/login", "anon");filterChainDefinitionMap.put("/user/loginUser", "anon");filterChainDefinitionMap.put("/user/admin", "roles[admin]");filterChainDefinitionMap.put("/user/edit", "perms[edit]");filterChainDefinitionMap.put("/druid/**", "anon");filterChainDefinitionMap.put("/**", "user");bean.setFilterChainDefinitionMap(filterChainDefinitionMap);return bean;}@Bean("securityManager")public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm) {DefaultWebSecurityManager manager = new DefaultWebSecurityManager();manager.setRealm(authRealm);return manager;}@Bean("authRealm")public AuthRealm authRealm(@Qualifier("credentialMatcher") CredentialMatcher matcher) {AuthRealm authRealm = new AuthRealm();authRealm.setCacheManager(new MemoryConstrainedCacheManager());authRealm.setCredentialsMatcher(matcher);return authRealm;}@Bean("credentialMatcher")public CredentialMatcher credentialMatcher() {return new CredentialMatcher();}@Beanpublic AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager) {AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();advisor.setSecurityManager(securityManager);return advisor;}@Beanpublic DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();creator.setProxyTargetClass(true);return creator;}}
九、运行效果
1.打开地址会自动跳转到登录页面

文章插图
2.登录成功

文章插图
3.访问user/edit接口，没有权限时跳转到没有权限页面

文章插图
4.访问user/index,可以正常访问，因为没有做权限控制

文章插图
5.退出登录
【springBoot2.0 配置shiro实现权限管理】

文章插图