springboot整合shiro 框架

共 11653字,需浏览 24分钟

 ·

2020-09-06 15:33

点击上方蓝色字体,选择“标星公众号”

优质文章,第一时间送达

66套java从入门到精通实战课程分享 

写这篇文章主要是记录我的学习过程,刚开始在网上找资料的时候,网上的资料很乱。所以自己整合了一个比较简单的shiro的使用方法,shiro是什么、怎么用就不用我在这里详细的讲解了。

1.添加依赖

  <dependency>            <groupId>org.apache.shirogroupId>            <artifactId>shiro-springartifactId>            <version>1.4.0version>        dependency>        <dependency>            <groupId>org.apache.shirogroupId>            <artifactId>shiro-coreartifactId>            <version>1.4.0version>        dependency>

2.配置文件

shiroconfig

package com.xl.shiro;
import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.session.mgt.SessionManager;import org.apache.shiro.spring.LifecycleBeanPostProcessor;import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;import java.util.Map;
/** * Shiro 配置文件 */@Configurationpublic class ShiroConfig { /** * Session Manager:会话管理 * 即用户登录后就是一次会话,在没有退出之前,它的所有信息都在会话中; * 会话可以是普通JavaSE环境的,也可以是如Web环境的; */ @Bean("sessionManager") public SessionManager sessionManager(){ DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); //设置session过期时间 sessionManager.setGlobalSessionTimeout(60 * 60 * 1000); sessionManager.setSessionValidationSchedulerEnabled(true); // 去掉shiro登录时url里的JSESSIONID sessionManager.setSessionIdUrlRewritingEnabled(false); return sessionManager; }
/** * SecurityManager:安全管理器 */ @Bean("securityManager") public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //securityManager.setSessionManager(sessionManager); securityManager.setRealm(userRealm); return securityManager; } /** * ShiroFilter是整个Shiro的入口点,用于拦截需要安全控制的请求进行处理 */ @Bean("shiroFilter") public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); shiroFilter.setLoginUrl("/userLogin"); shiroFilter.setUnauthorizedUrl("/"); Map<String, String> filterMap = new LinkedHashMap<>(); //authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问,先配置anon再配置authc,当你变为authc的时候,登入将会跳转/userLogin filterMap.put("/userLogin", "anon"); shiroFilter.setFilterChainDefinitionMap(filterMap); return shiroFilter; } /** * 管理Shiro中一些bean的生命周期 */ @Bean("lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } /** * 扫描上下文,寻找所有的Advistor(通知器) * 将这些Advisor应用到所有符合切入点的Bean中。 */ @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator(); proxyCreator.setProxyTargetClass(true); return proxyCreator; } /** * 匹配所有加了 Shiro 认证注解的方法 */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; }}

这个配置文件是我们进行权限和登入认证的时候需要用到的

package com.xl.shiro;
import org.apache.shiro.authc.*;import org.apache.shiro.authc.credential.CredentialsMatcher;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;import org.springframework.stereotype.Component;import org.springframework.util.StringUtils;
import javax.annotation.Resource;import java.util.*;
/** * Shiro 认证实体 */@Componentpublic class UserRealm extends AuthorizingRealm {
@Resource private SysUserMapper sysUserMapper ; @Resource private SysMenuMapper sysMenuMapper ;
/** * 授权(验证权限时调用) * 获取用户权限集合 */ @Override public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Object user = principals.getPrimaryPrincipal(); if(user == null) { throw new UnknownAccountException("账号不存在"); } List<String> permsList; //默认用户拥有最高权限 User user1 =new User(); user1.setUserid(1); user1.setUserid1(2); user1.setUserid2(3); user1.setUserid3("123"); List menuList = sysMenuMapper.selectList(user1); permsList = new ArrayList<>(menuList.size()); for(Map menu : menuList){ permsList.add(menu.get("perms").toString()); } //用户权限列表 Set<String> permsSet = new HashSet<>(); for(String perms : permsList){ if(StringUtils.isEmpty(perms)){ continue; } permsSet.addAll(Arrays.asList(perms.trim().split(","))); } SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setStringPermissions(permsSet); return info; }
/** * 认证(登录时调用) * 验证用户登录 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken)authToken; //查询用户信息 Map user = sysUserMapper.selectOne(token.getUsername()); //账号不存在 if(user == null) { throw new UnknownAccountException("账号或密码不正确"); } //账号锁定 /* if(user.getStatus() == 0){ throw new LockedAccountException("账号已被锁定,请联系管理员"); }*/ SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.get("password"),getName());// SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.get("password"),getName()); return info; }
/* 重写这个方法是因为登入验证的时候,从数据库取出的密码是加密过的,shiro进行密码验证的时候会将明文密码加密后与数据库的密码进行对比。 */ @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher(); shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName); // shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);//这里就是自己设置如何去加密的多少次 super.setCredentialsMatcher(shaCredentialsMatcher); }}

3.添加shiro工具类

package com.xl.shiro;import org.apache.shiro.SecurityUtils;import org.apache.shiro.crypto.hash.SimpleHash;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;
/** * Shiro工具类 */public class ShiroUtils { /** 加密算法 */ public final static String hashAlgorithmName = "SHA-256"; /** 循环次数 */ public final static int hashIterations = 16;
public static String sha256(String password, String salt) { return new SimpleHash(hashAlgorithmName, password, salt, hashIterations).toString(); }
// 获取一个测试账号 admin public static void main(String[] args) { // 3743a4c09a17e6f2829febd09ca54e627810001cf255ddcae9dabd288a949c4a // System.out.println(sha256("qqq","123")) ; System.out.println(new SimpleHash(hashAlgorithmName, "admin").toString()) ; }
/** * 获取会话 */ public static Session getSession() { return SecurityUtils.getSubject().getSession(); }
/** * Subject:主体,代表了当前“用户” */ public static Subject getSubject() { return SecurityUtils.getSubject(); }
/* public static SysUserEntity getUserEntity() { return (SysUserEntity)SecurityUtils.getSubject().getPrincipal(); }
public static Long getUserId() { return getUserEntity().getUserId(); }*/
public static void setSessionAttribute(Object key, Object value) { getSession().setAttribute(key, value); }
public static Object getSessionAttribute(Object key) { return getSession().getAttribute(key); }
public static boolean isLogin() { return SecurityUtils.getSubject().getPrincipal() != null; }
public static void logout() { SecurityUtils.getSubject().logout(); }}

4.重写抛出异常类

package com.xl.shiro;
import org.apache.shiro.authz.AuthorizationException;import org.springframework.web.bind.annotation.ExceptionHandler;import org.springframework.web.bind.annotation.RestControllerAdvice;
@RestControllerAdvicepublic class ShiroException {
@ExceptionHandler(AuthorizationException.class) public String authorizationException (){ return "抱歉您没有权限访问该内容!"; }
@ExceptionHandler(Exception.class) public String handleException(Exception e){ return "系统异常!"; }
}

5.控制层

package com.xl.shiro;
import lombok.extern.slf4j.Slf4j;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.annotation.RequiresPermissions;import org.apache.shiro.subject.Subject;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Value;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestParam;import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;import java.util.List;
/** * Shrio 测试方法控制层 */@RestController@Slf4jpublic class ShiroController {@Value("${my}")private Integer time; private static Logger LOGGER = LoggerFactory.getLogger(ShiroController.class) ;
@Resource private SysMenuMapper sysMenuMapper ; /** * 登录测试 * http://localhost:7011/userLogin?userName=admin&passWord=admin */ @RequestMapping("/userLogin") public void userLogin ( @RequestParam(value = "userName") String userName, @RequestParam(value = "passWord") String passWord){ try{ Subject subject = ShiroUtils.getSubject();// String ps=ShiroUtils.sha256(passWord,"123"); log.info(time.toString()); UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord); subject.login(token); LOGGER.info("登录成功"); }catch (Exception e) { e.printStackTrace(); } }
/** * 服务器每次重启请求该接口之前必须先请求上面登录接口 * http://localhost:7011/menu/list 获取所有菜单列表 * 权限要求:sys:user:shiro */ @RequestMapping("/menu/list") @RequiresPermissions("sys:user:shiro") public List list(){ User user =new User(); user.setUserid(1); user.setUserid1(2); user.setUserid2(3); user.setUserid3("123"); return sysMenuMapper.selectList(user) ; }
/** * 用户没有该权限,无法访问 * 权限要求:ccc:ddd:bbb */ @RequestMapping("/menu/list2") @RequiresPermissions("ccc:ddd:bbb") public List list2(){ User user =new User(); user.setUserid(1); user.setUserid1(2); user.setUserid2(3); user.setUserid3("123"); return sysMenuMapper.selectList(user) ; }
/** * 退出测试 */ @RequestMapping("/userLogOut") public String logout (){ ShiroUtils.logout(); return "success" ; }}



版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文链接:https://blog.csdn.net/Heyyouare/article/details/108384771




     



感谢点赞支持下哈 

浏览 36
点赞
评论
收藏
分享

手机扫一扫分享

分享
举报
评论
图片
表情
推荐
点赞
评论
收藏
分享

手机扫一扫分享

分享
举报