Shiro安全框架_import org.apache.shiro.authz.annotation.requiresp-优快云博客

本文链接：https://blog.youkuaiyun.com/PengK_aha/article/details/127787818

本文详细介绍了Shiro安全框架的原理，包括Subject、SecurityManager和Realm等核心概念。并逐步展示了如何添加依赖、创建User实体和服务，以及配置ShiroConfig、自定义AuthFilter、AuthToken和AuthRealm。最后提到了UserController的相关内容，全面阐述了Shiro在权限管理中的应用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、原理

subject（当前用户）
securityManager （管理所有用户）
realm（数据交互）

二、添加依赖

 <!--整合Shiro安全框架-->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>

三、User实体类，UserService接口，UserServiceImpl实现类

package com.example.demo.pojo;

import com.baomidou.mybatisplus.annotation.TableName;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableId;
import java.time.LocalDateTime;
import java.io.Serializable;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;

/**
 * <p>
 * 用户信息表
 * </p>
 *
 * @author Pengke
 * @since 2022-09-21
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
@EqualsAndHashCode(callSuper = false)
@TableName("sys_user")
public class SysUser implements Serializable {

    private static final long serialVersionUID = 1L;

    /**
     * 用户ID
     */
      @TableId(value = "user_id", type = IdType.AUTO)
    private Long userId;


    /**
     * 用户账号
     */
    private String userName;



    /**
     * 手机号码
     */
    private String phonenumber;


    /**
     * 密码
     */
    private String password;

 


}

public interface SysUserService extends IService<SysUser> {

    SysUser getUserByUserName(String userName);
}

@Service
public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements SysUserService {

    @Override
    public SysUser getUserByUserName(String userName) {
        SysUser one = getOne(new LambdaQueryWrapper<SysUser>()
                .eq(SysUser::getUserName, userName)
        );
        return one;
    }
}

四、返回结果封装

package com.example.demo.utils;

import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * @author Administrator
 */
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor

public class Result<T> {
    /**
     * 成功
     */

    private boolean success;


    private String code;

    /**
     * 消息
     */

    private String message;

    /**
     * 结果数据
     */

    private T data;

    public static <T> Result<T> success() {
        return success(null);
    }

    public static <T> Result<T> success(T data) {
        return new Result<>(true, "200", "success", data);
    }

    public static <T> Result<T> fail(String code, String message) {
        return new Result<>(false, code, message, null);
    }

}

五、ShiroConfig配置文件

package com.example.demo.config.shiro;

import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.Authoriz