SpringBoot怎么实现shiro权限拦截

SpringBoot可以通过集成Shiro框架来实现权限拦截。具体步骤如下：

1. 引入Shiro和SpringBoot的相关依赖。可以在pom.xml文件中添加以下依赖：

<!-- Shiro依赖 -->
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring-boot-starter</artifactId>
    <version>1.5.2</version>
</dependency>

2. 创建Shiro的配置类。可以在@Configuration注解的类中配置Shiro的相关信息，比如Realm、Session管理器、Cache等。可以参考以下示例代码：

@Configuration
public class ShiroConfig {
 
    @Bean
    public Realm realm() {
        return new MyRealm();
    }
 
    @Bean
    public SessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setGlobalSessionTimeout(1800000);
        sessionManager.setSessionValidationSchedulerEnabled(true);
        sessionManager.setDeleteInvalidSessions(true);
        return sessionManager;
    }
 
    @Bean
    public CacheManager cacheManager() {
        return new MemoryConstrainedCacheManager();
    }
}

3. 创建自定义的Realm。Realm是Shiro的核心组件，用于验证用户身份和权限。可以继承AuthorizingRealm类，并实现doGetAuthorizationInfo和doGetAuthenticationInfo方法。可以参考以下示例代码：

public class MyRealm extends AuthorizingRealm {
 
    @Autowired
    private UserService userService;
 
    /**
     * 授权
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        User user = (User) principalCollection.getPrimaryPrincipal();
        List<Role> roles = userService.getRolesByUserId(user.getId());
        for (Role role : roles) {
            authorizationInfo.addRole(role.getName());
            List<Permission> permissions = userService.getPermissionsByRoleId(role.getId());
            for (Permission permission : permissions) {
                authorizationInfo.addStringPermission(permission.getName());
            }
        }
        return authorizationInfo;
    }
 
    /**
     * 认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String username = token.getUsername();
        User user = userService.getUserByUsername(username);
        if (user == null) {
            throw new UnknownAccountException();
        }
        return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
    }
}

4. 在Controller中使用Shiro进行权限拦截。可以在需要进行权限拦截的方法上添加@RequiresPermissions注解，并指定权限名称。可以参考以下示例代码：

@RestController
@RequestMapping("/api")
public class UserController {
 
    @Autowired
    private UserService userService;
 
    @GetMapping("/users")
    @RequiresPermissions("user:list")
    public List<User> getUsers() {
        return userService.getUsers();
    }
 
    @PostMapping("/users")
    @RequiresPermissions("user:create")
    public void createUser(@RequestBody User user) {
        userService.createUser(user);
    }
 
    @PutMapping("/users/{id}")
    @RequiresPermissions("user:update")
    public void updateUser(@PathVariable("id") Long id, @RequestBody User user) {
        user.setId(id);
        userService.updateUser(user);
    }
 
    @DeleteMapping("/users/{id}")
    @RequiresPermissions("user:delete")
    public void deleteUser(@PathVariable("id") Long id) {
        userService.deleteUser(id);
    }
}

以上就是使用SpringBoot集成Shiro实现权限拦截的基本步骤