Spring Boot 创建 Web 项目，pom.xml 导入 Thymeleaf 依赖

        <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></dependency>

resources 目录下 templates 包新建 index.html

xmlns:th="http://www.thymeleaf.org"

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>首页</h1>
<p th:text="${msg}"></p>
</body>
</html>

controller 包下先创建 MyController.java 测试是否能执行成功

package com.demo.shirospringboot.controller;import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;@Controller
public class MyController {@RequestMapping("/index")public String toIndex(Model model){model.addAttribute("msg","Hello,Shiro!");return "index";}
}

地址栏输入 localhost:8080/index 回车

执行成功！

Shiro 核心对象：

1.Subject 用户

2.SecurityManager 管理所有用户

3.Realm 连接数据

pom.xml 文件引入 shiro-spring 的 jar 包

        <dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>2.0.1</version></dependency>

config 包下创建自定义 UserRealm 类

继承 AuthorizingRealm 方法，重写授权（doGetAuthorizationInfo）和认证（doGetAuthenticationInfo）方法

package com.demo.shirospringboot.config;import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;//自定义UserRealm
public class UserRealm extends AuthorizingRealm {//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("授权");return null;}//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("认证");return null;}
}

config 包下创建 ShiroConfig.java

package com.demo.shirospringboot.config;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Controller;@Controller
public class ShiroConfig {//第三步：ShiroFilterFactoryBean@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();//设置安全管理器bean.setSecurityManager(defaultWebSecurityManager);return bean;}//第二步：DefaultWebSecurityManager@Bean(name="securityManager")public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//关联UserRealmsecurityManager.setRealm(userRealm);return securityManager;}//第一步：创建realm对象，需自定义类@Beanpublic UserRealm userRealm(){return new UserRealm();}
}

templates 目录下再创建 user 目录，随便写两个 HTML 用来测试

MyController.java 添加 add 和 update 方法，设置跳转地址和返回页面

package com.demo.shirospringboot.controller;import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;@Controller
public class MyController {@RequestMapping("/index")public String toIndex(Model model){model.addAttribute("msg","Hello,Shiro!");return "index";}@RequestMapping("/user/add")public String add(){return "user/add";}@RequestMapping("/user/update")public String update(){return "user/update";}
}

同理，index.html 也添加两个 a 链接标签

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body><h1>首页</h1>
<p th:text="${msg}"></p>
<hr><a th:href="@{/user/add}">add</a> | <a th:href="@{/user/update}">update</a></body>
</html>

启动，查看效果

在运行时发现一个 bug

threw exception with message: javax/servlet/Filter

经过搜索，找到解决方法

在 pom.xml 文件导入 javax.servlet-api 的 jar 包即可

        <dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>4.0.1</version></dependency>