springboot整合shiro 框架
點(diǎn)擊上方藍(lán)色字體,選擇“標(biāo)星公眾號(hào)”
優(yōu)質(zhì)文章,第一時(shí)間送達(dá)
66套java從入門到精通實(shí)戰(zhàn)課程分享?
寫這篇文章主要是記錄我的學(xué)習(xí)過程,剛開始在網(wǎng)上找資料的時(shí)候,網(wǎng)上的資料很亂。所以自己整合了一個(gè)比較簡(jiǎn)單的shiro的使用方法,shiro是什么、怎么用就不用我在這里詳細(xì)的講解了。
1.添加依賴
<dependency><groupId>org.apache.shirogroupId><artifactId>shiro-springartifactId><version>1.4.0version>dependency><dependency><groupId>org.apache.shirogroupId><artifactId>shiro-coreartifactId><version>1.4.0version>dependency>
2.配置文件
shiroconfig
package com.xl.shiro;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.session.mgt.SessionManager;import org.apache.shiro.spring.LifecycleBeanPostProcessor;import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;import java.util.Map;/*** Shiro 配置文件*/public class ShiroConfig {/*** Session Manager:會(huì)話管理* 即用戶登錄后就是一次會(huì)話,在沒有退出之前,它的所有信息都在會(huì)話中;* 會(huì)話可以是普通JavaSE環(huán)境的,也可以是如Web環(huán)境的;*/("sessionManager")public SessionManager sessionManager(){DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();//設(shè)置session過期時(shí)間sessionManager.setGlobalSessionTimeout(60 * 60 * 1000);sessionManager.setSessionValidationSchedulerEnabled(true);// 去掉shiro登錄時(shí)url里的JSESSIONIDsessionManager.setSessionIdUrlRewritingEnabled(false);return sessionManager;}/*** SecurityManager:安全管理器*/("securityManager")public SecurityManager securityManager(UserRealm userRealm, SessionManager sessionManager) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//securityManager.setSessionManager(sessionManager);securityManager.setRealm(userRealm);return securityManager;}/*** ShiroFilter是整個(gè)Shiro的入口點(diǎn),用于攔截需要安全控制的請(qǐng)求進(jìn)行處理*/("shiroFilter")public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();shiroFilter.setSecurityManager(securityManager);shiroFilter.setLoginUrl("/userLogin");shiroFilter.setUnauthorizedUrl("/");Map<String, String> filterMap = new LinkedHashMap<>();//authc:所有url都必須認(rèn)證通過才可以訪問; anon:所有url都都可以匿名訪問,先配置anon再配置authc,當(dāng)你變?yōu)閍uthc的時(shí)候,登入將會(huì)跳轉(zhuǎn)/userLoginfilterMap.put("/userLogin", "anon");shiroFilter.setFilterChainDefinitionMap(filterMap);return shiroFilter;}/*** 管理Shiro中一些bean的生命周期*/("lifecycleBeanPostProcessor")public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {return new LifecycleBeanPostProcessor();}/*** 掃描上下文,尋找所有的Advistor(通知器)* 將這些Advisor應(yīng)用到所有符合切入點(diǎn)的Bean中。*/public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();proxyCreator.setProxyTargetClass(true);return proxyCreator;}/*** 匹配所有加了 Shiro 認(rèn)證注解的方法*/public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();advisor.setSecurityManager(securityManager);return advisor;}}
這個(gè)配置文件是我們進(jìn)行權(quán)限和登入認(rèn)證的時(shí)候需要用到的
package com.xl.shiro;import org.apache.shiro.authc.*;import org.apache.shiro.authc.credential.CredentialsMatcher;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;import org.springframework.stereotype.Component;import org.springframework.util.StringUtils;import javax.annotation.Resource;import java.util.*;/*** Shiro 認(rèn)證實(shí)體*/public class UserRealm extends AuthorizingRealm {private SysUserMapper sysUserMapper ;private SysMenuMapper sysMenuMapper ;/*** 授權(quán)(驗(yàn)證權(quán)限時(shí)調(diào)用)* 獲取用戶權(quán)限集合*/public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {Object user = principals.getPrimaryPrincipal();if(user == null) {throw new UnknownAccountException("賬號(hào)不存在");}List<String> permsList;//默認(rèn)用戶擁有最高權(quán)限User user1 =new User();user1.setUserid(1);user1.setUserid1(2);user1.setUserid2(3);user1.setUserid3("123");ListpermsList = new ArrayList<>(menuList.size());for(Map menu : menuList){permsList.add(menu.get("perms").toString());}//用戶權(quán)限列表Set<String> permsSet = new HashSet<>();for(String perms : permsList){if(StringUtils.isEmpty(perms)){continue;}permsSet.addAll(Arrays.asList(perms.trim().split(",")));}SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();info.setStringPermissions(permsSet);return info;}/*** 認(rèn)證(登錄時(shí)調(diào)用)* 驗(yàn)證用戶登錄*/protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {UsernamePasswordToken token = (UsernamePasswordToken)authToken;//查詢用戶信息Map user = sysUserMapper.selectOne(token.getUsername());//賬號(hào)不存在if(user == null) {throw new UnknownAccountException("賬號(hào)或密碼不正確");}//賬號(hào)鎖定/* if(user.getStatus() == 0){throw new LockedAccountException("賬號(hào)已被鎖定,請(qǐng)聯(lián)系管理員");}*/SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.get("password"),getName());// SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.get("password"),getName());return info;}/*重寫這個(gè)方法是因?yàn)榈侨腧?yàn)證的時(shí)候,從數(shù)據(jù)庫(kù)取出的密碼是加密過的,shiro進(jìn)行密碼驗(yàn)證的時(shí)候會(huì)將明文密碼加密后與數(shù)據(jù)庫(kù)的密碼進(jìn)行對(duì)比。*/public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName);// shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);//這里就是自己設(shè)置如何去加密的多少次super.setCredentialsMatcher(shaCredentialsMatcher);}}
3.添加shiro工具類
package com.xl.shiro;import org.apache.shiro.SecurityUtils;import org.apache.shiro.crypto.hash.SimpleHash;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;/*** Shiro工具類*/public class ShiroUtils {/** 加密算法 */public final static String hashAlgorithmName = "SHA-256";/** 循環(huán)次數(shù) */public final static int hashIterations = 16;public static String sha256(String password, String salt) {return new SimpleHash(hashAlgorithmName, password, salt, hashIterations).toString();}// 獲取一個(gè)測(cè)試賬號(hào) adminpublic static void main(String[] args) {// 3743a4c09a17e6f2829febd09ca54e627810001cf255ddcae9dabd288a949c4a// System.out.println(sha256("qqq","123")) ;System.out.println(new SimpleHash(hashAlgorithmName, "admin").toString()) ;}/*** 獲取會(huì)話*/public static Session getSession() {return SecurityUtils.getSubject().getSession();}/*** Subject:主體,代表了當(dāng)前“用戶”*/public static Subject getSubject() {return SecurityUtils.getSubject();}/* public static SysUserEntity getUserEntity() {return (SysUserEntity)SecurityUtils.getSubject().getPrincipal();}public static Long getUserId() {return getUserEntity().getUserId();}*/public static void setSessionAttribute(Object key, Object value) {getSession().setAttribute(key, value);}public static Object getSessionAttribute(Object key) {return getSession().getAttribute(key);}public static boolean isLogin() {return SecurityUtils.getSubject().getPrincipal() != null;}public static void logout() {SecurityUtils.getSubject().logout();}}
4.重寫拋出異常類
package com.xl.shiro;import org.apache.shiro.authz.AuthorizationException;import org.springframework.web.bind.annotation.ExceptionHandler;import org.springframework.web.bind.annotation.RestControllerAdvice;@RestControllerAdvicepublic class ShiroException {@ExceptionHandler(AuthorizationException.class)public String authorizationException (){return "抱歉您沒有權(quán)限訪問該內(nèi)容!";}@ExceptionHandler(Exception.class)public String handleException(Exception e){return "系統(tǒng)異常!";}}
5.控制層
package com.xl.shiro;import lombok.extern.slf4j.Slf4j;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.annotation.RequiresPermissions;import org.apache.shiro.subject.Subject;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Value;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestParam;import org.springframework.web.bind.annotation.RestController;import javax.annotation.Resource;import java.util.List;/*** Shrio 測(cè)試方法控制層*/public class ShiroController {private Integer time;private static Logger LOGGER = LoggerFactory.getLogger(ShiroController.class) ;private SysMenuMapper sysMenuMapper ;/*** 登錄測(cè)試* http://localhost:7011/userLogin?userName=admin&passWord=admin*/public void userLogin (String userName,String passWord){try{Subject subject = ShiroUtils.getSubject();// String ps=ShiroUtils.sha256(passWord,"123");log.info(time.toString());UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);subject.login(token);LOGGER.info("登錄成功");}catch (Exception e) {e.printStackTrace();}}/*** 服務(wù)器每次重啟請(qǐng)求該接口之前必須先請(qǐng)求上面登錄接口* http://localhost:7011/menu/list 獲取所有菜單列表* 權(quán)限要求:sys:user:shiro*/public List list(){User user =new User();user.setUserid(1);user.setUserid1(2);user.setUserid2(3);user.setUserid3("123");return sysMenuMapper.selectList(user) ;}/*** 用戶沒有該權(quán)限,無(wú)法訪問* 權(quán)限要求:ccc:ddd:bbb*/public List list2(){User user =new User();user.setUserid(1);user.setUserid1(2);user.setUserid2(3);user.setUserid3("123");return sysMenuMapper.selectList(user) ;}/*** 退出測(cè)試*/public String logout (){ShiroUtils.logout();return "success" ;}}
版權(quán)聲明:本文為博主原創(chuàng)文章,遵循?CC 4.0 BY-SA?版權(quán)協(xié)議,轉(zhuǎn)載請(qǐng)附上原文出處鏈接和本聲明。
本文鏈接:https://blog.csdn.net/Heyyouare/article/details/108384771
??? ?
感謝點(diǎn)贊支持下哈?
評(píng)論
圖片
表情