zoukankan      html  css  js  c++  java

  • springboot shiro认证授权

    shiro必备表:用户,角色,权限     1:1:n   其中一种(可变)

    ------------------------------------------------------------------

    shiro配置(类似于ssm中的xml配置)

    package cn.xydata.config.shiro;

    import cn.xydata.entity.system.Permission;
    import cn.xydata.service.impl.system.PermisssionServiceImpl;
    import cn.xydata.service.system.PermissionService;
    import org.apache.shiro.cache.ehcache.EhCacheManager;
    import org.apache.shiro.spring.LifecycleBeanPostProcessor;
    import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;

    import java.util.LinkedHashMap;
    import java.util.List;
    import java.util.Map;

    @Configuration
    public class ShiroConfig {
        private static final Logger logger = LoggerFactory.getLogger(ShiroConfig.class);

        @Bean(name="permissionService")
        public PermissionService getPermissionService(){
            return new PermisssionServiceImpl();
        }


        @Bean(name = "shiroEhcacheManager")
        public EhCacheManager getEhCacheManager() {
            EhCacheManager em = new EhCacheManager();
            em.setCacheManagerConfigFile("classpath:ehcache.xml");
            return em;
        }

        @Bean(name = "myShiroRealm")
        public MyShiroRealm getShiroRealm() {
            MyShiroRealm realm = new MyShiroRealm();
            realm.setCacheManager(getEhCacheManager());
            return realm;
        }
        @Bean(name = "lifecycleBeanPostProcessor")
        public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
            return new LifecycleBeanPostProcessor();
        }

        @Bean
        public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
            DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
            daap.setProxyTargetClass(true);
            return daap;
        }

        @Bean(name = "securityManager")
        public DefaultWebSecurityManager getDefaultWebSecurityManager() {
            DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
            dwsm.setRealm(getShiroRealm());
            dwsm.setCacheManager(getEhCacheManager());

            return dwsm;
        }

        @Bean
        public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() {
            AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
            aasa.setSecurityManager(getDefaultWebSecurityManager());
            return aasa;
        }

        private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean){
            //关联数据库权限
            List<Permission> Permissions=getPermissionService().getPermissions();

            logger.info(String.valueOf(Permissions.size()));
            Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
            for (Permission permission : Permissions) {
                filterChainDefinitionMap.put(permission.getPageUrl(),"authc,perms["+permission.getId()+"]");
            }
            //放行静态资源和登陆界面
            filterChainDefinitionMap.put("/login", "anon");
            filterChainDefinitionMap.put("/css/**", "anon");
            filterChainDefinitionMap.put("/js/**", "anon");
            filterChainDefinitionMap.put("/bootstrap/**", "anon");
            filterChainDefinitionMap.put("/img/**", "anon");
            filterChainDefinitionMap.put("/dist/**", "anon");
            filterChainDefinitionMap.put("/plugins/**", "anon");
            filterChainDefinitionMap.put("/**", "authc");
            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        }
    //shiro拦截
        @Bean(name = "shiroFilter")
        public ShiroFilterFactoryBean getShiroFilterFactoryBean() {
            ShiroFilterFactoryBean shiroFilterFactoryBean=null;
            try {
                shiroFilterFactoryBean = new MyShiroFilterFactoryBean();

                shiroFilterFactoryBean.setSecurityManager(getDefaultWebSecurityManager());

                shiroFilterFactoryBean.setLoginUrl("/login");

                shiroFilterFactoryBean.setSuccessUrl("/index.html");
                shiroFilterFactoryBean.setUnauthorizedUrl("/403");

                loadShiroFilterChain(shiroFilterFactoryBean);

            } catch (Exception e) {

                e.printStackTrace();
            }
            return shiroFilterFactoryBean;
        }

    }
    -----------------------------------------------------------------------------------------------------------
    自定义ShiroRealm,实现对自定义数据表的操作
    package cn.xydata.config.shiro;

    import cn.xydata.entity.system.User;
    import cn.xydata.mapper.system.UserMapper;
    import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
    import org.apache.commons.lang3.builder.ToStringStyle;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.*;
    import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.authz.SimpleAuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.apache.shiro.subject.Subject;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.beans.factory.annotation.Autowired;
    import tk.mybatis.mapper.entity.Example;

    import javax.annotation.PostConstruct;
    import java.util.Set;

     
    public class MyShiroRealm extends AuthorizingRealm {

        private static final Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);
        private static final String ALGORITHM = "MD5";

        @Autowired
        private UserMapper userMapper;

        @PostConstruct
        public void initCredentialsMatcher() {
            HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(ALGORITHM);
            setCredentialsMatcher(matcher);
        }
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            logger.info("##################执行Shiro授权##################");
            String username= (String)super.getAvailablePrincipal(principalCollection);
            SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
            Set<String> roles = userMapper.findUserRoles(username);
            authorizationInfo.setRoles(roles);
            Set<String> permissions = userMapper.findUserPermissions(username);
            authorizationInfo.setStringPermissions(permissions);

            return authorizationInfo;
        }
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(
                AuthenticationToken authenticationToken) throws AuthenticationException {
    //认证
            UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;
            logger.info("验证当前Subject时获取到token为:" + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE));
            String username = (String) token.getPrincipal();
            User user=userMapper.findByUsername(username);
            if (user==null) {
                throw new UnknownAccountException();//没找到帐号
            }
            Subject currentUser = SecurityUtils.getSubject();
            currentUser.getSession().setAttribute("userid", user.getId());
            currentUser.getSession().setAttribute("isadmin", user.getAdmin());
            currentUser.getSession().setAttribute("username", username);

            if (Boolean.TRUE.equals(user.getLocked())) {
                throw new LockedAccountException(); //帐号锁定
            }
            SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                    user.getUsercode(),
                    user.getPasswd(),
                    getName()
            );
        /*    SimpleByteSource sbs=new SimpleByteSource(user.getUsercode().getBytes());
            authenticationInfo.setCredentialsSalt(sbs);*/
            return authenticationInfo;
        }

    }

    -----------------------------------------------------------------------------------------------------------
    //自定义拦截工厂
    package cn.xydata.config.shiro;

    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.filter.mgt.FilterChainManager;
    import org.apache.shiro.web.filter.mgt.FilterChainResolver;
    import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
    import org.apache.shiro.web.mgt.WebSecurityManager;
    import org.apache.shiro.web.servlet.AbstractShiroFilter;
    import org.springframework.beans.factory.BeanInitializationException;

    import javax.servlet.FilterChain;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import java.io.IOException;
    import java.util.HashSet;
    import java.util.Set;
     
    public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean {

        private Set<String> ignoreExt;

        public MyShiroFilterFactoryBean() {
            super();
            ignoreExt = new HashSet<>();
            ignoreExt.add(".jpg");
            ignoreExt.add(".png");
            ignoreExt.add(".gif");
            ignoreExt.add(".bmp");
            ignoreExt.add(".js");
            ignoreExt.add(".css");
        }

        @Override
        protected AbstractShiroFilter createInstance() throws Exception {

            SecurityManager securityManager = getSecurityManager();
            if (securityManager == null) {
                String msg = "SecurityManager property must be set.";
                throw new BeanInitializationException(msg);
            }

            if (!(securityManager instanceof WebSecurityManager)) {
                String msg = "The security manager does not implement the WebSecurityManager interface.";
                throw new BeanInitializationException(msg);
            }

            FilterChainManager manager = createFilterChainManager();

            PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
            chainResolver.setFilterChainManager(manager);

            return new MSpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
        }

        private final class MSpringShiroFilter extends AbstractShiroFilter {

            protected MSpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
                super();
                if (webSecurityManager == null) {
                    throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
                }
                setSecurityManager(webSecurityManager);
                if (resolver != null) {
                    setFilterChainResolver(resolver);
                }
            }

            @Override
            protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse,
                                            FilterChain chain) throws ServletException, IOException {
                HttpServletRequest request = (HttpServletRequest)servletRequest;
                String str = request.getRequestURI().toLowerCase();
                boolean flag = true;
                int idx = 0;
                if(( idx = str.indexOf(".")) > 0){
                    str = str.substring(idx);
                    if(ignoreExt.contains(str.toLowerCase()))
                        flag = false;
                }
                if(flag){
                    super.doFilterInternal(servletRequest, servletResponse, chain);
                }else{
                    chain.doFilter(servletRequest, servletResponse);
                }
            }

        }
    }
    -----------------------------------------------------------------------------------------
    shiro的实例应用
    @ResponseBody()
    @RequestMapping(value = "/login",method = RequestMethod.POST)
    public Response login(
            @RequestParam(value="userName",required=false,defaultValue="") String userName,
            @RequestParam(value="passWord",required=false,defaultValue="") String passWord,
            @RequestParam(value="rememberMe",required=false,defaultValue="false") boolean rememberMe,
            RedirectAttributes redirectAttributes) {
        UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord,rememberMe);
        Subject currentUser = SecurityUtils.getSubject();
        try {
            logger.info("对用户[" + userName + "]进行登录验证..验证开始");
            currentUser.login(token);
            logger.info("对用户[" + userName + "]进行登录验证..验证通过");
        }catch(UnknownAccountException uae){
            logger.info("对用户[" + userName + "]进行登录验证..验证未通过,未知账户");
            redirectAttributes.addFlashAttribute("message", "用户名不存在");
            return new Response(ExceptionMsg.LoginNameNotExists);
        }catch(IncorrectCredentialsException ice){
            logger.info("对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证");
            redirectAttributes.addFlashAttribute("message", "密码不正确");
            return new Response(ExceptionMsg.PassWordError);
        }catch(LockedAccountException lae){
            logger.info("对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定");
            redirectAttributes.addFlashAttribute("message", "账户已锁定");
            return new Response(ExceptionMsg.UserLock);
        }catch(ExcessiveAttemptsException eae){
            logger.info("对用户[" + userName + "]进行登录验证..验证未通过,错误次数过多");
            redirectAttributes.addFlashAttribute("message", "用户名或密码错误次数过多");
            return new Response(ExceptionMsg.LoginNameOrPassWordError);
        }catch(AuthenticationException ae){
            logger.info("对用户[" + userName + "]进行登录验证..验证未通过,堆栈轨迹如下");
            ae.printStackTrace();
            redirectAttributes.addFlashAttribute("message", "用户名或密码不正确");
            return new Response(ExceptionMsg.LoginNameOrPassWordError);
        }
        if(currentUser.isAuthenticated()){
            httpSession.setAttribute("username", currentUser.getPrincipal());
            return new Response(ExceptionMsg.SUCCESS);
        }else{
            return new Response(ExceptionMsg.FAILED);
        }

    }
     
  • 相关阅读:
    类的再理解
    关于网络配置和zmp以及json
    PCL 库安装
    Ros学习注意点
    Ros集成开发环境配置
    《TCP/IP详解卷1:协议》第3章 IP:网际协议(1)-读书笔记
    《Effective C++》第1章 让自己习惯C++-读书笔记
    《TCP/IP详解卷1:协议》第2章 链路层-读书笔记
    《TCP/IP详解卷1:协议》第1章 概述-读书笔记
    C++内存分配与对象构造的分离
  • 原文地址:https://www.cnblogs.com/1234cjq/p/8038809.html
Copyright © 2011-2022 走看看