springboot整合shiro 框架
点击上方蓝色字体,选择“标星公众号”
优质文章,第一时间送达
写这篇文章主要是记录我的学习过程,刚开始在网上找资料的时候,网上的资料很乱。所以自己整合了一个比较简单的shiro的使用方法,shiro是什么、怎么用就不用我在这里详细的讲解了。
1.添加依赖
<dependency>
<groupId>org.apache.shirogroupId>
<artifactId>shiro-springartifactId>
<version>1.4.0version>
dependency>
<dependency>
<groupId>org.apache.shirogroupId>
<artifactId>shiro-coreartifactId>
<version>1.4.0version>
dependency>
2.配置文件
shiroconfig
package com.xl.shiro;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* Shiro 配置文件
*/
public class ShiroConfig {
/**
* Session Manager:会话管理
* 即用户登录后就是一次会话,在没有退出之前,它的所有信息都在会话中;
* 会话可以是普通JavaSE环境的,也可以是如Web环境的;
*/
"sessionManager") (
public SessionManager sessionManager(){
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
//设置session过期时间
sessionManager.setGlobalSessionTimeout(60 * 60 * 1000);
sessionManager.setSessionValidationSchedulerEnabled(true);
// 去掉shiro登录时url里的JSESSIONID
sessionManager.setSessionIdUrlRewritingEnabled(false);
return sessionManager;
}
/**
* SecurityManager:安全管理器
*/
"securityManager") (
public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//securityManager.setSessionManager(sessionManager);
securityManager.setRealm(userRealm);
return securityManager;
}
/**
* ShiroFilter是整个Shiro的入口点,用于拦截需要安全控制的请求进行处理
*/
"shiroFilter") (
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl("/userLogin");
shiroFilter.setUnauthorizedUrl("/");
Map<String, String> filterMap = new LinkedHashMap<>();
//authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问,先配置anon再配置authc,当你变为authc的时候,登入将会跳转/userLogin
filterMap.put("/userLogin", "anon");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
/**
* 管理Shiro中一些bean的生命周期
*/
"lifecycleBeanPostProcessor") (
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 扫描上下文,寻找所有的Advistor(通知器)
* 将这些Advisor应用到所有符合切入点的Bean中。
*/
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
proxyCreator.setProxyTargetClass(true);
return proxyCreator;
}
/**
* 匹配所有加了 Shiro 认证注解的方法
*/
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
这个配置文件是我们进行权限和登入认证的时候需要用到的
package com.xl.shiro;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import javax.annotation.Resource;
import java.util.*;
/**
* Shiro 认证实体
*/
public class UserRealm extends AuthorizingRealm {
private SysUserMapper sysUserMapper ;
private SysMenuMapper sysMenuMapper ;
/**
* 授权(验证权限时调用)
* 获取用户权限集合
*/
public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Object user = principals.getPrimaryPrincipal();
if(user == null) {
throw new UnknownAccountException("账号不存在");
}
List<String> permsList;
//默认用户拥有最高权限
User user1 =new User();
user1.setUserid(1);
user1.setUserid1(2);
user1.setUserid2(3);
user1.setUserid3("123");
List
permsList = new ArrayList<>(menuList.size());
for(Map menu : menuList){
permsList.add(menu.get("perms").toString());
}
//用户权限列表
Set<String> permsSet = new HashSet<>();
for(String perms : permsList){
if(StringUtils.isEmpty(perms)){
continue;
}
permsSet.addAll(Arrays.asList(perms.trim().split(",")));
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setStringPermissions(permsSet);
return info;
}
/**
* 认证(登录时调用)
* 验证用户登录
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken)authToken;
//查询用户信息
Map user = sysUserMapper.selectOne(token.getUsername());
//账号不存在
if(user == null) {
throw new UnknownAccountException("账号或密码不正确");
}
//账号锁定
/* if(user.getStatus() == 0){
throw new LockedAccountException("账号已被锁定,请联系管理员");
}*/
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.get("password"),getName());
// SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.get("password"),getName());
return info;
}
/*
重写这个方法是因为登入验证的时候,从数据库取出的密码是加密过的,shiro进行密码验证的时候会将明文密码加密后与数据库的密码进行对比。
*/
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName);
// shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);//这里就是自己设置如何去加密的多少次
super.setCredentialsMatcher(shaCredentialsMatcher);
}
}
3.添加shiro工具类
package com.xl.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
/**
* Shiro工具类
*/
public class ShiroUtils {
/** 加密算法 */
public final static String hashAlgorithmName = "SHA-256";
/** 循环次数 */
public final static int hashIterations = 16;
public static String sha256(String password, String salt) {
return new SimpleHash(hashAlgorithmName, password, salt, hashIterations).toString();
}
// 获取一个测试账号 admin
public static void main(String[] args) {
// 3743a4c09a17e6f2829febd09ca54e627810001cf255ddcae9dabd288a949c4a
// System.out.println(sha256("qqq","123")) ;
System.out.println(new SimpleHash(hashAlgorithmName, "admin").toString()) ;
}
/**
* 获取会话
*/
public static Session getSession() {
return SecurityUtils.getSubject().getSession();
}
/**
* Subject:主体,代表了当前“用户”
*/
public static Subject getSubject() {
return SecurityUtils.getSubject();
}
/* public static SysUserEntity getUserEntity() {
return (SysUserEntity)SecurityUtils.getSubject().getPrincipal();
}
public static Long getUserId() {
return getUserEntity().getUserId();
}*/
public static void setSessionAttribute(Object key, Object value) {
getSession().setAttribute(key, value);
}
public static Object getSessionAttribute(Object key) {
return getSession().getAttribute(key);
}
public static boolean isLogin() {
return SecurityUtils.getSubject().getPrincipal() != null;
}
public static void logout() {
SecurityUtils.getSubject().logout();
}
}
4.重写抛出异常类
package com.xl.shiro;
import org.apache.shiro.authz.AuthorizationException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
@RestControllerAdvice
public class ShiroException {
@ExceptionHandler(AuthorizationException.class)
public String authorizationException (){
return "抱歉您没有权限访问该内容!";
}
@ExceptionHandler(Exception.class)
public String handleException(Exception e){
return "系统异常!";
}
}
5.控制层
package com.xl.shiro;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import java.util.List;
/**
* Shrio 测试方法控制层
*/
public class ShiroController {
private Integer time;
private static Logger LOGGER = LoggerFactory.getLogger(ShiroController.class) ;
private SysMenuMapper sysMenuMapper ;
/**
* 登录测试
* http://localhost:7011/userLogin?userName=admin&passWord=admin
*/
public void userLogin (
String userName,
String passWord){
try{
Subject subject = ShiroUtils.getSubject();
// String ps=ShiroUtils.sha256(passWord,"123");
log.info(time.toString());
UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
subject.login(token);
LOGGER.info("登录成功");
}catch (Exception e) {
e.printStackTrace();
}
}
/**
* 服务器每次重启请求该接口之前必须先请求上面登录接口
* http://localhost:7011/menu/list 获取所有菜单列表
* 权限要求:sys:user:shiro
*/
public List list(){
User user =new User();
user.setUserid(1);
user.setUserid1(2);
user.setUserid2(3);
user.setUserid3("123");
return sysMenuMapper.selectList(user) ;
}
/**
* 用户没有该权限,无法访问
* 权限要求:ccc:ddd:bbb
*/
public List list2(){
User user =new User();
user.setUserid(1);
user.setUserid1(2);
user.setUserid2(3);
user.setUserid3("123");
return sysMenuMapper.selectList(user) ;
}
/**
* 退出测试
*/
public String logout (){
ShiroUtils.logout();
return "success" ;
}
}
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Heyyouare/article/details/108384771
感谢点赞支持下哈
评论