SpringBoot+Shiro+mybatis整合实战

SpringBoot+Shiro+mybatis整合

1. 使用Springboot版本2.0.4 与shiro的版本

   引入springboot和shiro依赖   

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.smile</groupId>
    <artifactId>spring-demo</artifactId>
    <version>1.0-SNAPSHOT</version>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.4.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!--常用工具类 -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
        </dependency>

        <!-- mysql所需的配置 -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>

        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>1.3.2</version>
        </dependency>

        <!--阿里数据库连接池 -->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid-spring-boot-starter</artifactId>
            <version>1.1.10</version>
        </dependency>

        <!-- Redis客户端 -->
        <dependency>
            <groupId>redis.clients</groupId>
            <artifactId>jedis</artifactId>
        </dependency>

        <!-- 读取资源文件所需的配置 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
            <optional>true</optional>
        </dependency>

        <!-- 引入thymeleaf模板依赖 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>

        <!-- pagehelper 分页插件 -->
        <dependency>
            <groupId>com.github.pagehelper</groupId>
            <artifactId>pagehelper-spring-boot-starter</artifactId>
            <version>1.2.5</version>
        </dependency>

        <!-- 阿里JSON解析器 -->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.47</version>
        </dependency>

        <!-- 集成shiro -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.0</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/org.crazycake/shiro-redis -->
        <dependency>
            <groupId>org.crazycake</groupId>
            <artifactId>shiro-redis</artifactId>
            <version>3.1.0</version>
        </dependency>


        <!-- 打印SQL语句-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>


    </dependencies>
</project>

2. 添加相应的配置

server:
  port: 8183

spring:
  thymeleaf:
    mode: HTML
    encoding: utf-8
    cache: false
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://192.168.144.128:3306/spring_shiro?serverTimezone=GMT&useUnicode=true&characterEncoding=utf-8&useSSL=true
    #url: jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=false
    username: root
    password: root
    type: com.alibaba.druid.pool.DruidDataSource
    maxActive: 20
    initialSize: 1
    maxWait: 60000
    poolPreparedStatements: true
    maxPoolPreparedStatementPerConnectionSize: 20
    minIdle: 1
    timeBetweenEvictionRunsMillis: 60000
    minEvictableIdleTimeMillis: 300000
    validationQuery: select 1 from dual
    testWhileIdle: true
    testOnBorrow: false
  jackson:
    time-zone: GMT+8
    date-format: yyyy-MM-dd HH:mm:ss

  jpa:
    database: mysql
    show-sql: true

#日志级别打印
logging:
  level:
    com.example.demo: debug
    org.springframework: WARN
    org.spring.springboot.dao: debug

# MyBatis
mybatis:
  typeAliasesPackage: com.example.demo
  mapperLocations: classpath:mybatis/**/*Mapper.xml
  configLocation: classpath:mybatis/mybatis-config.xml

# PageHelper
pagehelper:
  helperDialect: mysql
  reasonable: true
  supportMethodsArguments: true
  params: count=countSql

3. 将相关配置@Bean注入容器

package com.example.demo.config;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @时间 2019/11/25 17:17
 * @作者 liutao
 * @描述
 */
@Configuration
public class ShiroConfig {

    /**
     * 设置过滤器
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        factoryBean.setSecurityManager(securityManager);
        // 设置需要进行登录的路径API
        factoryBean.setLoginUrl("/pub/need_login");
        // 若是使用前后端分离，则不需要进行设置该方法
        factoryBean.setSuccessUrl("/");
        // 没有进行授权，返回的API
        factoryBean.setUnauthorizedUrl("/pub/not_permit");

        // 自定义过滤器

        Map<String, String> filterMap = new LinkedHashMap<>();
        // 设置退出的过滤器
        filterMap.put("/logout", "logout");
        // 不需要进行授权就可以进行访问，游客都可以进行访问的API
        filterMap.put("/pub/**", "anon");
        // 需要进行授权才可以进行访问的API接口
        filterMap.put("/authc/**", "authc");
        // 有对应的角色才可以进行访问
        filterMap.put("/admin/**", "roles[admin]");

        // 设置最后的拦截器，需要进行授权才可以进行访问
        filterMap.put("/**","authc");
        factoryBean.setFilterChainDefinitionMap(filterMap);

        return factoryBean;
    }

    /**
     * 设置安全管理器
     * @return
     */
    @Bean
    public SecurityManager securityManager(){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setSessionManager(sessionManager());
        securityManager.setRealm(customRealm());
        securityManager.setCacheManager(cacheManage());
        return securityManager;
    }


    /**
     * 自定义Realm
     * @return
     */
    @Bean
    public CustomRealm customRealm(){
        CustomRealm customRealm = new CustomRealm();
        // 设置密码的加密
        customRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return customRealm;
    }

    /**
     * 设置sessionId的管理器 （前后端分离，要进行获取Token）
     * @return
     */
    @Bean
    public SessionManager sessionManager(){
        CustomSessionManager sessionManager = new CustomSessionManager();
        // 设置sessionDAO -- 里面定义了自定义SessionId
        sessionManager.setSessionDAO(redisSessionDAO());
        return sessionManager;
    }


    /**
     * 设置密码加密
     * @return
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        // 密码算法
        matcher.setHashAlgorithmName("md5");
        // 加密散列次数
        matcher.setHashIterations(3);
        return matcher;
    }


    /**
     * 将会话SessionId保存到Redis里面，可以提高性能
     * @return
     */
    public RedisSessionDAO redisSessionDAO(){
        RedisSessionDAO dao = new RedisSessionDAO();
        dao.setRedisManager(redisManager());
        dao.setSessionIdGenerator(new CustomSessionIdGenerator());
        return dao;
    }


    /**
     * 接入Redis数据库
     * @return
     */
    public RedisManager redisManager(){
        RedisManager redisManager = new RedisManager();
        redisManager.setHost("127.0.0.1");
        redisManager.setPort(6379);
        return redisManager;
    }


    /**
     * 缓存管理
     * @return
     */
    @Bean
    public RedisCacheManager cacheManage(){
        RedisCacheManager cacheManager = new RedisCacheManager();
        cacheManager.setRedisManager(redisManager());
        // 设置过期时间，单位是秒
        cacheManager.setExpire(60);
        return cacheManager;
    }




    /**
     * 加入请求头  前后端分离
     * @return
     */
    @Bean
    public WebMvcConfigurer webMvcConfigurer(){
        return new WebMvcConfig();
    }

}

4.创建CustomRealm类继承AuthorizingRealm，实现用户登录认证和权限鉴权

package com.example.demo.config;

import com.example.demo.entity.User;
import com.example.demo.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * @时间 2019/11/25 17:17
 * @作者 liutao
 * @描述
 */
public class CustomRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    /**
     * 鉴权
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String name = (String) principals.getPrimaryPrincipal();

　　　　//若是使用Redis和cache，获取信息转成用户对象

　　　　// User user= (User) principals.getPrimaryPrincipal();

　　　　return null;
    }


    /**
     * 登录认证
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String name = (String) token.getPrincipal();

        User user = userService.selectUserByName(name);
        if(user == null){
            return null;
        }
　　　　　// 若是加入Redis和Cache缓存的管理的话，需要返回 用户对象
　　　　　//new SimpleAuthenticationInfo(user,user.getPassword(),getName());

　　　　return new SimpleAuthenticationInfo(name,user.getPassword(),getName());
    }
}

5. 创建CustomSessionManager继承DefaultWebSessionManager，可以进行实现Token，进行重写

package com.example.demo.config;

import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.Serializable;

/**
 * @时间 2019/11/25 17:18
 * @作者 liutao
 * @描述
 */
public class CustomSessionManager extends DefaultWebSessionManager {

    private static final String AUTHORIZATION = "token";

    public CustomSessionManager(){
        super();
    }

    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response) {

        String sessionId = WebUtils.toHttp(request).getHeader(AUTHORIZATION);

        if(sessionId != null){

            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                    ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId);
            //automatically mark it valid here.  If it is invalid, the
            //onUnknownSession method below will be invoked and we'll remove the attribute at that time.
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);

            return sessionId;
        }else{
            return super.getSessionId(request,response);
        }

    }

}

6. 实现自定义SessionId，创建CustomSessionIdGenerator类实现 SessionIdGenerator

package com.example.demo.config;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;

import java.io.Serializable;
import java.util.UUID;

/**
 * @时间 2019/11/26 16:30
 * @作者 liutao
 * @描述
 */
public class CustomSessionIdGenerator implements SessionIdGenerator {

    private final String PREFIX_SESSIONID = "cc0504";

    public CustomSessionIdGenerator(){
        super();
    }

    @Override
    public Serializable generateId(Session session) {
        return PREFIX_SESSIONID + UUID.randomUUID().toString().replaceAll("-","");
    }
}

7.前后端分离，在Header里面加入相应的数据信息

package com.example.demo.config;

import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * @时间 2019/11/25 19:27
 * @作者 liutao
 * @描述
 */
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {

        registry.addMapping("/**")
                .allowedOrigins("*")  //可访问ip，ip最好从配置文件中获取，
                .allowedMethods("PUT", "DELETE","GET","POST")
                .allowedHeaders("*")
                .exposedHeaders("access-control-allow-headers","access-control-allow-methods","access-control-allow-origin", "access-control-max-age","X-Frame-Options")
                .allowCredentials(false).maxAge(3600);

    }
}

8. mybatis的配置

# MyBatis
mybatis:
  typeAliasesPackage: com.example.demo
  mapperLocations: classpath:mybatis/**/*Mapper.xml
  configLocation: classpath:mybatis/mybatis-config.xml

mybatis-config.xml中的内容：

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
    
    <settings>
        <setting name="cacheEnabled"             value="true" />  <!-- 全局映射器启用缓存 -->
        <setting name="useGeneratedKeys"         value="false" />  <!-- 不允许 JDBC 支持自动生成主键 -->
        <setting name="defaultExecutorType"      value="REUSE" /> <!-- 配置默认的执行器 -->
        <!--<setting name="logImpl"                  value="SLF4J" />--> <!-- 指定 MyBatis 所用日志的具体实现 -->
        <setting name="logImpl" value="STDOUT_LOGGING" /> <!-- 在控制台打印SQL语句 -->
        <!-- <setting name="mapUnderscoreToCamelCase" value="true"/>  驼峰式命名 -->
    </settings>
    
</configuration>

基础Mapper.xml文件内容

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.demo.mapper.UserMapper">
    <resultMap id="userResultMap" type="User">
        <result column="id" property="id"/>
        <result column="name" property="name"/>
        <result column="password" property="password"/>
        <result column="salt" property="salt"/>
    </resultMap>

    <select id="selectAllUsers" resultMap="userResultMap">
        select * from sys_user
    </select>

    <select id="selectUserByName" resultMap="userResultMap">
        select * from sys_user where name = #{name}
    </select>
</mapper>