Apache Shiro 是一個(gè)強(qiáng)大且易用的 Java 安全框架�����,用于身份驗(yàn)證�����、授權(quán)�、加密和會(huì)話管理。在 Spring Boot 應(yīng)用程序中�,結(jié)合 Shiro 進(jìn)行日志管理可以通過(guò)以下步驟實(shí)現(xiàn):
1. 引入依賴
首先,在你的 pom.xml 文件中添加 Shiro 和 Spring Boot 相關(guān)依賴:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.8.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
</dependencies>
2. 配置 Shiro
創(chuàng)建一個(gè)配置類來(lái)設(shè)置 Shiro 的相關(guān)配置:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
public SecurityManager securityManager() {
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
return factory.getInstance();
}
}
創(chuàng)建一個(gè) shiro.ini 文件來(lái)配置 Shiro 的用戶�、角色和權(quán)限:
[users]
admin=password, admin
user=password, user
[roles]
admin=user, admin
user=user
[urls]
/admin/** = authc, roles[admin]
/user/** = authc, roles[user]
3. 配置日志
創(chuàng)建一個(gè) logback.xml 文件來(lái)配置日志記錄:
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="org.apache.shiro" level="DEBUG"/>
<logger name="org.springframework.web" level="DEBUG"/>
<root level="INFO">
<appender-ref ref="STDOUT"/>
</root>
</configuration>
4. 使用 Shiro 進(jìn)行身份驗(yàn)證和授權(quán)
在你的控制器中使用 Shiro 進(jìn)行身份驗(yàn)證和授權(quán):
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class ShiroController {
@GetMapping("/login")
public String login(@RequestParam String username, @RequestParam String password) {
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
currentUser.login(token);
return "Login successful";
} catch (Exception e) {
return "Login failed: " + e.getMessage();
}
}
@GetMapping("/admin")
public String admin() {
Subject currentUser = SecurityUtils.getSubject();
if (currentUser.isPermitted("admin")) {
return "Welcome, Admin!";
} else {
return "Access denied";
}
}
@GetMapping("/user")
public String user() {
Subject currentUser = SecurityUtils.getSubject();
if (currentUser.isPermitted("user")) {
return "Welcome, User!";
} else {
return "Access denied";
}
}
}
5. 運(yùn)行應(yīng)用程序
啟動(dòng)你的 Spring Boot 應(yīng)用程序,并訪問(wèn)以下 URL 進(jìn)行測(cè)試:
http://localhost:8080/login?username=admin&password=passwordhttp://localhost:8080/adminhttp://localhost:8080/user
通過(guò)以上步驟�,你可以在 Spring Boot 應(yīng)用程序中結(jié)合 Shiro 進(jìn)行日志管理,并使用 Shiro 進(jìn)行身份驗(yàn)證和授權(quán)�。
