Apache Shiro 是一個強大且易用的 Java 安全框架,用于身份驗證、授權、加密和會話管理。在 Spring Boot 應用程序中,結合 Shiro 進行日志管理可以通過以下步驟實現:
首先,在你的 pom.xml
文件中添加 Shiro 和 Spring Boot 相關依賴:
<dependencies>
<!-- Spring Boot Starter Web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- Apache Shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.8.0</version>
</dependency>
<!-- Logback for logging -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
</dependencies>
創建一個配置類來設置 Shiro 的相關配置:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
public SecurityManager securityManager() {
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
return factory.getInstance();
}
}
創建一個 shiro.ini
文件來配置 Shiro 的用戶、角色和權限:
[users]
admin=password, admin
user=password, user
[roles]
admin=user, admin
user=user
[urls]
/admin/** = authc, roles[admin]
/user/** = authc, roles[user]
創建一個 logback.xml
文件來配置日志記錄:
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="org.apache.shiro" level="DEBUG"/>
<logger name="org.springframework.web" level="DEBUG"/>
<root level="INFO">
<appender-ref ref="STDOUT"/>
</root>
</configuration>
在你的控制器中使用 Shiro 進行身份驗證和授權:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class ShiroController {
@GetMapping("/login")
public String login(@RequestParam String username, @RequestParam String password) {
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
currentUser.login(token);
return "Login successful";
} catch (Exception e) {
return "Login failed: " + e.getMessage();
}
}
@GetMapping("/admin")
public String admin() {
Subject currentUser = SecurityUtils.getSubject();
if (currentUser.isPermitted("admin")) {
return "Welcome, Admin!";
} else {
return "Access denied";
}
}
@GetMapping("/user")
public String user() {
Subject currentUser = SecurityUtils.getSubject();
if (currentUser.isPermitted("user")) {
return "Welcome, User!";
} else {
return "Access denied";
}
}
}
啟動你的 Spring Boot 應用程序,并訪問以下 URL 進行測試:
http://localhost:8080/login?username=admin&password=password
http://localhost:8080/admin
http://localhost:8080/user
通過以上步驟,你可以在 Spring Boot 應用程序中結合 Shiro 進行日志管理,并使用 Shiro 進行身份驗證和授權。