1. 引入依赖
Spring Boot项目中已经包含了Spring Security依赖、Apache Shiro的依赖。
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Apache Shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.1</version>
</dependency>
2. 配置Spring Security OAuth2
通过配置文件或Java配置类来设置Spring Security OAuth2。例如,使用Java配置类来启用OAuth2登录:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@EnableResourceServer
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// 其他配置...
.authorizeRequests()
// 需要保护的资源路径配置...
.anyRequest().authenticated(); // 所有请求都需要认证
}
}
3. 配置Apache Shiro
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.apache.shiro.realm.text.IniRealm;
import java.util.*;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/api/**", "authc"); // 需要认证的路径配置
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(new IniRealm("classpath:shiro-users-roles-permissions-jdbc-example/shiro-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example-users-roles-permissions-jdbc-example/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/shiro/