需要的依赖的坐标:

        <!-- Shiro依赖 -->
        <dependency>
            <groupId>com.github.theborakompanioni</groupId>
            <artifactId>thymeleaf-extras-shiro</artifactId>
            <version>2.0.0</version>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring-boot-web-starter</artifactId>
            <version>1.5.3</version>
        </dependency>
        
        <!-- Thymeleaf模版引擎 -->
        <dependency>
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf-spring5</artifactId>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-java8time</artifactId>
        </dependency>
        
        <!-- web组件 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

【配置编写】

先编写自定义Realm:

package cn.dai.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * @author DaiZhiZhou
 * @file Shiro
 * @create 2020-08-01 22:44
 */
public class UserRealm extends AuthorizingRealm {

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

        String principal = authenticationToken.getPrincipal().toString();

        if ("xxx".equals(principal)) return new SimpleAuthenticationInfo(principal, "123456", this.getName());

        return null;
    }

}

再编写配置类:

package cn.dai.config;

import cn.dai.shiro.UserRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author DaiZhiZhou
 * @file Shiro
 * @create 2020-08-01 22:39
 */
@Configuration
public class ShiroConfiguration {

    
    @Bean("realm") /* 自定义Realm配置 */
    public Realm getRealm() {
        return new UserRealm();
    }

    @Bean("defaultWebSecurityManager") /* 注入安全管理器 */
    public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(realm);
        return defaultWebSecurityManager;
    }

    @Bean("shiroFilterFactoryBean") /* 注入Shiro过滤器工厂Bean */
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
        return shiroFilterFactoryBean;
    }
}

配置Controller:

package cn.dai.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpSession;

/**
 * @author DaiZhiZhou
 * @file Shiro
 * @create 2020-08-01 22:53
 */
@Controller
public class AccessController {
    
    @RequestMapping("logout")
    public String logout() { 
        SecurityUtils.getSubject().logout();
        return "redirect:/loginview"; // 账号退出,重定向到登录页
    }
    
    @RequestMapping("loginview")
    public String login() {
        return "login"; // 跳转登陆页面
    }
    
    @RequestMapping("login")
    public String login(String username, String password, HttpSession session) {
        try {
            Subject subject = SecurityUtils.getSubject();
            subject.login(new UsernamePasswordToken(username, password));
            return "redirect:/index"; // login方法执行没出现异常,登陆正常
        } catch (UnknownAccountException unknownAccountException) {
            unknownAccountException.printStackTrace();
            System.out.println("用户名错误");
        } catch (IncorrectCredentialsException incorrectCredentialsException) {
            incorrectCredentialsException.printStackTrace();
            System.out.println("密码错误");
        } catch (Exception exception) {
            exception.printStackTrace();
        }
        
        return "redirect:/loginview";
    }
    
}

然后再更改权限控制:

package cn.dai.config;

import cn.dai.shiro.UserRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;

/**
 * @author DaiZhiZhou
 * @file Shiro
 * @create 2020-08-01 22:39
 */
@Configuration
public class ShiroConfiguration {


    @Bean("realm") /* 自定义Realm配置 */
    public Realm getRealm() {
        return new UserRealm();
    }

    @Bean("defaultWebSecurityManager") /* 注入安全管理器 */
    public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(realm);
        return defaultWebSecurityManager;
    }

    @Bean("shiroFilterFactoryBean") /* 注入Shiro过滤器工厂Bean */
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

        HashMap<String, String> map = new HashMap<>();
        
        map.put("/login", "anon"); // 登录shiro控制程序,随意访问
        map.put("/loginview", "anon"); // 登录页面随意访问
        map.put("/logout", "anon"); //退出页面随意访问
        map.put("/**", "authc"); // 其余资源都必须授权访问
        
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        shiroFilterFactoryBean.setLoginUrl("/login");
        return shiroFilterFactoryBean;
    }
}