zoukankan      html  css  js  c++  java
  • springboot shiro认证授权

    shiro必备表:用户,角色,权限     1:1:n   其中一种(可变)

    ------------------------------------------------------------------

    shiro配置(类似于ssm中的xml配置)

    package cn.xydata.config.shiro;

    import cn.xydata.entity.system.Permission;
    import cn.xydata.service.impl.system.PermisssionServiceImpl;
    import cn.xydata.service.system.PermissionService;
    import org.apache.shiro.cache.ehcache.EhCacheManager;
    import org.apache.shiro.spring.LifecycleBeanPostProcessor;
    import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;

    import java.util.LinkedHashMap;
    import java.util.List;
    import java.util.Map;

    @Configuration
    public class ShiroConfig {
    private static final Logger logger = LoggerFactory.getLogger(ShiroConfig.class);

    @Bean(name="permissionService")
    public PermissionService getPermissionService(){
    return new PermisssionServiceImpl();
    }


    @Bean(name = "shiroEhcacheManager")
    public EhCacheManager getEhCacheManager() {
    EhCacheManager em = new EhCacheManager();
    em.setCacheManagerConfigFile("classpath:ehcache.xml");
    return em;
    }

    @Bean(name = "myShiroRealm")
    public MyShiroRealm getShiroRealm() {
    MyShiroRealm realm = new MyShiroRealm();
    realm.setCacheManager(getEhCacheManager());
    return realm;
    }
    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
    DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
    daap.setProxyTargetClass(true);
    return daap;
    }

    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager() {
    DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
    dwsm.setRealm(getShiroRealm());
    dwsm.setCacheManager(getEhCacheManager());

    return dwsm;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() {
    AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
    aasa.setSecurityManager(getDefaultWebSecurityManager());
    return aasa;
    }

    private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean){
    //关联数据库权限
    List<Permission> Permissions=getPermissionService().getPermissions();

    logger.info(String.valueOf(Permissions.size()));
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
    for (Permission permission : Permissions) {
    filterChainDefinitionMap.put(permission.getPageUrl(),"authc,perms["+permission.getId()+"]");
    }
    //放行静态资源和登陆界面
    filterChainDefinitionMap.put("/login", "anon");
    filterChainDefinitionMap.put("/css/**", "anon");
    filterChainDefinitionMap.put("/js/**", "anon");
    filterChainDefinitionMap.put("/bootstrap/**", "anon");
    filterChainDefinitionMap.put("/img/**", "anon");
    filterChainDefinitionMap.put("/dist/**", "anon");
    filterChainDefinitionMap.put("/plugins/**", "anon");
    filterChainDefinitionMap.put("/**", "authc");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    }
    //shiro拦截
    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean() {
    ShiroFilterFactoryBean shiroFilterFactoryBean=null;
    try {
    shiroFilterFactoryBean = new MyShiroFilterFactoryBean();

    shiroFilterFactoryBean.setSecurityManager(getDefaultWebSecurityManager());

    shiroFilterFactoryBean.setLoginUrl("/login");

    shiroFilterFactoryBean.setSuccessUrl("/index.html");
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");

    loadShiroFilterChain(shiroFilterFactoryBean);

    } catch (Exception e) {

    e.printStackTrace();
    }
    return shiroFilterFactoryBean;
    }

    }
    -----------------------------------------------------------------------------------------------------------
    自定义ShiroRealm,实现对自定义数据表的操作
    package cn.xydata.config.shiro;

    import cn.xydata.entity.system.User;
    import cn.xydata.mapper.system.UserMapper;
    import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
    import org.apache.commons.lang3.builder.ToStringStyle;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.*;
    import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.authz.SimpleAuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.apache.shiro.subject.Subject;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.beans.factory.annotation.Autowired;
    import tk.mybatis.mapper.entity.Example;

    import javax.annotation.PostConstruct;
    import java.util.Set;


    public class MyShiroRealm extends AuthorizingRealm {

    private static final Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);
    private static final String ALGORITHM = "MD5";

    @Autowired
    private UserMapper userMapper;

    @PostConstruct
    public void initCredentialsMatcher() {
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(ALGORITHM);
    setCredentialsMatcher(matcher);
    }
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    logger.info("##################执行Shiro授权##################");
    String username= (String)super.getAvailablePrincipal(principalCollection);
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    Set<String> roles = userMapper.findUserRoles(username);
    authorizationInfo.setRoles(roles);
    Set<String> permissions = userMapper.findUserPermissions(username);
    authorizationInfo.setStringPermissions(permissions);

    return authorizationInfo;
    }
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
    AuthenticationToken authenticationToken) throws AuthenticationException {
    //认证
    UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;
    logger.info("验证当前Subject时获取到token为:" + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE));
    String username = (String) token.getPrincipal();
    User user=userMapper.findByUsername(username);
    if (user==null) {
    throw new UnknownAccountException();//没找到帐号
    }
    Subject currentUser = SecurityUtils.getSubject();
    currentUser.getSession().setAttribute("userid", user.getId());
    currentUser.getSession().setAttribute("isadmin", user.getAdmin());
    currentUser.getSession().setAttribute("username", username);

    if (Boolean.TRUE.equals(user.getLocked())) {
    throw new LockedAccountException(); //帐号锁定
    }
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
    user.getUsercode(),
    user.getPasswd(),
    getName()
    );
    /* SimpleByteSource sbs=new SimpleByteSource(user.getUsercode().getBytes());
    authenticationInfo.setCredentialsSalt(sbs);*/
    return authenticationInfo;
    }

    }

    -----------------------------------------------------------------------------------------------------------
    //自定义拦截工厂
    package cn.xydata.config.shiro;

    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.filter.mgt.FilterChainManager;
    import org.apache.shiro.web.filter.mgt.FilterChainResolver;
    import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
    import org.apache.shiro.web.mgt.WebSecurityManager;
    import org.apache.shiro.web.servlet.AbstractShiroFilter;
    import org.springframework.beans.factory.BeanInitializationException;

    import javax.servlet.FilterChain;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import java.io.IOException;
    import java.util.HashSet;
    import java.util.Set;

    public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean {

    private Set<String> ignoreExt;

    public MyShiroFilterFactoryBean() {
    super();
    ignoreExt = new HashSet<>();
    ignoreExt.add(".jpg");
    ignoreExt.add(".png");
    ignoreExt.add(".gif");
    ignoreExt.add(".bmp");
    ignoreExt.add(".js");
    ignoreExt.add(".css");
    }

    @Override
    protected AbstractShiroFilter createInstance() throws Exception {

    SecurityManager securityManager = getSecurityManager();
    if (securityManager == null) {
    String msg = "SecurityManager property must be set.";
    throw new BeanInitializationException(msg);
    }

    if (!(securityManager instanceof WebSecurityManager)) {
    String msg = "The security manager does not implement the WebSecurityManager interface.";
    throw new BeanInitializationException(msg);
    }

    FilterChainManager manager = createFilterChainManager();

    PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
    chainResolver.setFilterChainManager(manager);

    return new MSpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
    }

    private final class MSpringShiroFilter extends AbstractShiroFilter {

    protected MSpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
    super();
    if (webSecurityManager == null) {
    throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
    }
    setSecurityManager(webSecurityManager);
    if (resolver != null) {
    setFilterChainResolver(resolver);
    }
    }

    @Override
    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse,
    FilterChain chain) throws ServletException, IOException {
    HttpServletRequest request = (HttpServletRequest)servletRequest;
    String str = request.getRequestURI().toLowerCase();
    boolean flag = true;
    int idx = 0;
    if(( idx = str.indexOf(".")) > 0){
    str = str.substring(idx);
    if(ignoreExt.contains(str.toLowerCase()))
    flag = false;
    }
    if(flag){
    super.doFilterInternal(servletRequest, servletResponse, chain);
    }else{
    chain.doFilter(servletRequest, servletResponse);
    }
    }

    }
    }
    -----------------------------------------------------------------------------------------
    shiro的实例应用
    @ResponseBody()
    @RequestMapping(value = "/login",method = RequestMethod.POST)
    public Response login(
    @RequestParam(value="userName",required=false,defaultValue="") String userName,
    @RequestParam(value="passWord",required=false,defaultValue="") String passWord,
    @RequestParam(value="rememberMe",required=false,defaultValue="false") boolean rememberMe,
    RedirectAttributes redirectAttributes) {
    UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord,rememberMe);
    Subject currentUser = SecurityUtils.getSubject();
    try {
    logger.info("对用户[" + userName + "]进行登录验证..验证开始");
    currentUser.login(token);
    logger.info("对用户[" + userName + "]进行登录验证..验证通过");
    }catch(UnknownAccountException uae){
    logger.info("对用户[" + userName + "]进行登录验证..验证未通过,未知账户");
    redirectAttributes.addFlashAttribute("message", "用户名不存在");
    return new Response(ExceptionMsg.LoginNameNotExists);
    }catch(IncorrectCredentialsException ice){
    logger.info("对用户[" + userName + "]进行登录验证..验证未通过,错误的凭证");
    redirectAttributes.addFlashAttribute("message", "密码不正确");
    return new Response(ExceptionMsg.PassWordError);
    }catch(LockedAccountException lae){
    logger.info("对用户[" + userName + "]进行登录验证..验证未通过,账户已锁定");
    redirectAttributes.addFlashAttribute("message", "账户已锁定");
    return new Response(ExceptionMsg.UserLock);
    }catch(ExcessiveAttemptsException eae){
    logger.info("对用户[" + userName + "]进行登录验证..验证未通过,错误次数过多");
    redirectAttributes.addFlashAttribute("message", "用户名或密码错误次数过多");
    return new Response(ExceptionMsg.LoginNameOrPassWordError);
    }catch(AuthenticationException ae){
    logger.info("对用户[" + userName + "]进行登录验证..验证未通过,堆栈轨迹如下");
    ae.printStackTrace();
    redirectAttributes.addFlashAttribute("message", "用户名或密码不正确");
    return new Response(ExceptionMsg.LoginNameOrPassWordError);
    }
    if(currentUser.isAuthenticated()){
    httpSession.setAttribute("username", currentUser.getPrincipal());
    return new Response(ExceptionMsg.SUCCESS);
    }else{
    return new Response(ExceptionMsg.FAILED);
    }

    }
     
  • 相关阅读:
    JQuery的Dom操作
    JQuer的简单应用
    JSBom联合Dom的应用
    Bom—浏览器对象模型
    正则表达式(其实就是预习)
    Js关于表单的事件应用
    JavaScript事件练习
    微信小程序实现微信登录
    Azure 数据资源管理器 -- 当 ADX 遇上 ML
    多快好省 -- Azure VMSS AI 推理篇
  • 原文地址:https://www.cnblogs.com/1234cjq/p/8038809.html
Copyright © 2011-2022 走看看