Spring Boot integrates Shiro permission verification framework for reference:


Introduction of depend on

<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web-starter</artifactId> The < version > 1.4.0 < / version > < / dependency >Copy the code

Configure Shiro


@ConfigurationProperties(prefix = "shiro")
public class ShiroConfig {

    private ApplicationConfig applicationConfig;

    private List<String> pathDefinitions;

    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
        DefaultShiroFilterChainDefinition chainDefinition = new

                .forEach(s -> chainDefinition.addPathDefinition(s, "anon"));
        this.getPathDefinitions().forEach(d -> {
            String[] defArr = d.split("=");
                    .addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1]));

        return chainDefinition;

    public Realm systemRealm() {
        SystemRealm systemRealm = new SystemRealm();
        return systemRealm;

    public List<String> getPathDefinitions() {
        return pathDefinitions;

    public void setPathDefinitions(List<String> pathDefinitions) {
        this.pathDefinitions = pathDefinitions;

Copy the code

ApplicationConfig: The configuration in application.yml is injected.


public class SystemRealm extends AuthorizingRealm { @Autowired private SysAdminMapper sysAdminMapper; @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray ()); SysAdminDO sysAdminParams = new SysAdminDO(); sysAdminParams.setAdminLoginName(token.getUsername()); SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams); AuthenticationInfo authInfo = null; if (sysAdminDO ! = null) { authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(), getName()); } return authInfo; } Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection PrincipalCollection) {/** * According to the corresponding permission to modify the user corresponding roles, permissions, * * according to user's query/SysAdminDO SysAdminDO = (SysAdminDO) super. GetAvailablePrincipal (principalCollection); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); Set<String> roles = new HashSet<>(); roles.addAll(Arrays.asList("product", "operation")); authorizationInfo.setRoles(roles); Set<String> permissions = new HashSet<>(); permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update")); authorizationInfo.addStringPermissions(permissions); return authorizationInfo; }}Copy the code

Application configuration

Add Shiro configuration to application.yml.

  loginUrl: /login
  successUrl: /
  unauthorizedUrl: /error
    - /login/submit = anon
    - /logout = logout
    - /test = authc, roles[product], perms[operation:update]
    - /** = authc
Copy the code

LoginUrl: Those without authentication will jump to the login page.

SuccessUrl: Indicates the page to which authentication succeeds.

UnauthorizedUrl: indicates the page to which the authentication fails.

PathDefinitions: Defines path authorization rules.

More parameters refer to the official website definition:


Login Service Class

@Override public SysAdminDO login(LoginForm form) { UsernamePasswordToken token = new UsernamePasswordToken(form.getLoginName(), form.getLoginPassword()); token.setRememberMe(true); Subject currentUser = getSubject(); try { currentUser.login(token); } catch (Exception e) {logger.error(" login failed: ", e); } return (SysAdminDO) currentUser.getPrincipal(); }Copy the code

Built-in filter

Anno, Authc, etc.

Copy the code

Official website definition:


Shiro reference Manual hd version, please reply qq group in the public account menu, in the group file technology tutorial folder download.

Recommended reading

Dry goods: 2TB architect four-stage video tutorial

Interview: the most complete Java multithreaded interview questions and answers

Interview: the most comprehensive ali advanced Java interview questions in history

Interview: The most complete Spring interview questions in history

Tutorial: The most complete Spring Boot complete video tutorial

Books: 15 must-read books for advanced Java architects

Tools: Recommended an online creation flow chart, mind mapping software

Share Java dry goods, high concurrency programming, hot technology tutorials, microservices and distributed technology, architecture design, blockchain technology, artificial intelligence, big data, Java interview questions, and cutting-edge hot news.