您好,登錄后才能下訂單哦!
這篇文章主要介紹基于springboot如何實現整合shiro實現登錄認證以及授權過程解析,文中介紹的非常詳細,具有一定的參考價值,感興趣的小伙伴們一定要看完!
1.添加shiro的依賴
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web- starter</artifactId> <version>1.4.0</version> </dependency>
2.先創建一個Realm
public class MyShiroRealm extends AuthorizingRealm { @Autowired private RoleService roleService;//角色模模塊 @Autowired private UserService userService;//用戶模塊 @Autowired private PermissionService permissionService;//權限模塊 /** * 用戶身份識別(登錄") * @param authenticationToken * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken authToken = (UsernamePasswordToken) authenticationToken; // 獲取用戶輸入的賬號 String userName = authToken.getUsername(); //通過賬號查找用戶信息 User user= userService.selectUserOne(userName);// 將賬戶名,密碼,鹽值,getName()實例化到SimpleAuthenticationInfo中交給Shiro來管理 SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( user, user.getPassWord(), //這里是設置的密碼鹽 ByteSource.Util.bytes(user.getSalt()), getName()); return authenticationInfo; } /** * 訪問控制。比如某個用戶是否具有某個操作的使用權限 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); String userName = (String) principalCollection.getPrimaryPrincipal(); if (userName == null) { log.error("授權失敗,用戶信息為空!!!"); return null; } try { //獲取用戶角色集 Set<String> listRole= roleService.findRoleByUsername(userName); simpleAuthorizationInfo.addRoles(listRole); //通過角色獲取權限集 for (String role : listRole) { Set<String> permission= permissionService.findPermissionByRole(role); simpleAuthorizationInfo.addStringPermissions(permission); } return simpleAuthorizationInfo; } catch (Exception e) { log.error("授權失敗,請檢查系統內部錯誤!!!", e); } return simpleAuthorizationInfo; } }
3.創建shiro的配置類
@Configuration public class ShiroConfiguration { //配置自定義的Realm @Bean public MyShiroRealm myShiroRealm(HashedCredentialsMatcher matcher){ MyShiroRealm myShiroRealm= new MyShiroRealm(); //在這里配置密碼加密 myShiroRealm.setCredentialsMatcher(matcher); return myShiroRealm; } //將Realm注冊到securityManager中 @Bean public DefaultWebSecurityManager securityManager(HashedCredentialsMatcher matcher){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm(matcher)); return securityManager; } //如果沒有此name,將會找不到shiroFilter的Bean @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter(org.apache.shiro.mgt.SecurityManager securityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); shiroFilterFactoryBean.setLoginUrl("/login"); //表示指定登錄頁面 shiroFilterFactoryBean.setSuccessUrl("/user/list"); // 登錄成功后要跳轉的鏈接 shiroFilterFactoryBean.setUnauthorizedUrl("/403"); //未授權頁面 Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();//攔截器, 配置不會被攔截的鏈接 順序判斷 filterChainDefinitionMap.put("/login","anon"); //所有匿名用戶均可訪問到Controller層的該方法下 filterChainDefinitionMap.put("/userLogin","anon"); filterChainDefinitionMap.put("/image/**","anon"); filterChainDefinitionMap.put("/css/**", "anon"); filterChainDefinitionMap.put("/fonts/**","anon"); filterChainDefinitionMap.put("/js/**","anon"); filterChainDefinitionMap.put("/logout","logout"); filterChainDefinitionMap.put("/**", "authc"); //authc:所有url都必須認證通過才可以訪問; anon:所有url都都可以匿名訪問 //filterChainDefinitionMap.put("/**", "user"); //user表示配置記住我或認證通過可以訪問的地址 shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } /** * SpringShiroFilter首先注冊到spring容器 * 然后被包裝成FilterRegistrationBean * 最后通過FilterRegistrationBean注冊到servlet容器 * @return */ @Bean public FilterRegistrationBean delegatingFilterProxy(){ FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); DelegatingFilterProxy proxy = new DelegatingFilterProxy(); proxy.setTargetFilterLifecycle(true); proxy.setTargetBeanName("shiroFilter"); filterRegistrationBean.setFilter(proxy); return filterRegistrationBean; } //設置cookie @Bean public SimpleCookie rememberMeCookie(){ //這個參數是cookie的名稱,對應前端的checkbox的name=rememberMe SimpleCookie simpleCookie = new SimpleCookie("rememberMe"); //記住我cookie生效時間3個小時(單位秒) simpleCookie.setMaxAge(10800); return simpleCookie; } //cookie管理對象,記住我功能 @Bean public CookieRememberMeManager rememberMeManager(){ CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCookie(rememberMeCookie()); return cookieRememberMeManager; } /** * 密碼匹配憑證管理器(密碼加密需要此配置) * @return */ @Bean(name = "hashedCredentialsMatcher") public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5"); hashedCredentialsMatcher.setHashIterations(1024);// 設置加密次數 return hashedCredentialsMatcher; } //如果沒有這兩個配置,可能會授權失敗,所以依賴中還需要配置aop的依賴 @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(HashedCredentialsMatcher matcher) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager(matcher)); return authorizationAttributeSourceAdvisor; } @Bean @ConditionalOnMissingBean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){ DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator(); defaultAdvisorAutoProxyCreator.setProxyTargetClass(true); return defaultAdvisorAutoProxyCreator; } }
4.新建controller并寫個登錄的方法
/** * 登錄頁面 這里對應shiro中配置的shiroFilter的登錄方法 * @return */ @GetMapping("/login") public String login() { return "user/login"; }
//登錄方法 @PostMapping("/userLogin") public String toLogin( String userName,String passWord,Model model){ UsernamePasswordToken token =new UsernamePasswordToken(userName,passWord); Subject subject = SecurityUtils.getSubject(); try { //這里直接使用shiro的登錄方法 subject.login(token); return "redirect:user/list"; //登錄失敗時,會catch到你的異常,異常通過全局處理 } catch (UnknownAccountException e) { model.addAttribute("msg","該賬號不存在"); } catch (IncorrectCredentialsException e) { model.addAttribute("msg","密碼錯誤,請重試"); } catch (LockedAccountException e) { model.addAttribute("msg","該賬戶已被鎖定,請聯系管理員"); } catch (Exception e) { model.addAttribute("msg","登錄失敗"); } return "user/login"; } //添加 @RequestMapping("/insertUser") @ResponseBody public int insertUser(User user){ //將uuid設置為密碼鹽值 String salt = UUID.randomUUID().toString().replaceAll("-",""); SimpleHash simpleHash = new SimpleHash("MD5", user.getPassWord(), salt, 1024); //添加用戶信息 user.setPassWord(simpleHash.toHex()).setValid(1).setSalt(salt).setCreateTime(new Date()).setDel(0); return userMapper.insertSelective(user); }
5.創建全局異常處理類
@RestControllerAdvice public class GlobalExceptionHandle { @ExceptionHandler(ShiroException.class) public String doHandleShiroException(ShiroException se,Model model) { se.printStackTrace(); if(se instanceof UnknownAccountException) return "賬戶不存在!"; else if(se instanceof LockedAccountException) return "賬戶已鎖定,請聯系管理員"; else if(se instanceof IncorrectCredentialsException) return "密碼錯誤,請重試"; else if(se instanceof AuthorizationException) return "沒有相應權限,請聯系管理員"; else return "登錄失敗"; } }
權限需要開啟權限注解才生效
@GetMapping("/userPageList") @ResponseBody @RequiresPermissions("user:view") //這里是用戶對應的權限 public PageList listPage(HttpServletRequest request){ PageList pageList = new PageList(); List<User> list= userService.findAllPage(request);//查詢出的條數 int totalCount = userService.countAll();//總記錄數 pageList.setRows(list); pageList.setTotal(totalCount); return pageList; }
shiro用戶角色和權限表
-- Table structure for `sys_permission` DROP TABLE IF EXISTS `sys_permission`; CREATE TABLE `sys_permission` ( `id` int(64) NOT NULL AUTO_INCREMENT, `name` varchar(32) DEFAULT NULL, `permission` varchar(32) DEFAULT NULL, `url` varchar(64) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of sys_permission -- ---------------------------- INSERT INTO `sys_permission` VALUES ('1', '用戶管理', 'user:view', 'user/userPageList'); INSERT INTO `sys_permission` VALUES ('2', '用戶添加', 'user:add', 'user/saveUser'); INSERT INTO `sys_permission` VALUES ('3', '用戶刪除', 'user:del', 'user/delById'); -- ---------------------------- -- Table structure for `sys_role` -- ---------------------------- DROP TABLE IF EXISTS `sys_role`; CREATE TABLE `sys_role` ( `id` int(64) NOT NULL, `available` varchar(8) DEFAULT NULL, `description` varchar(32) DEFAULT NULL, `role` varchar(32) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of sys_role -- ---------------------------- INSERT INTO `sys_role` VALUES ('1', '1', '管理員', 'admin'); INSERT INTO `sys_role` VALUES ('2', '1', 'VIP會員', 'vip'); -- ---------------------------- -- Table structure for `sys_role_permission` -- ---------------------------- DROP TABLE IF EXISTS `sys_role_permission`; CREATE TABLE `sys_role_permission` ( `permission_id` int(64) NOT NULL COMMENT '權限表主鍵', `role_id` int(64) NOT NULL COMMENT '角色表主鍵' ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of sys_role_permission -- ---------------------------- INSERT INTO `sys_role_permission` VALUES ('1', '1'); INSERT INTO `sys_role_permission` VALUES ('2', '1'); -- ---------------------------- -- Table structure for `sys_user_role` -- ---------------------------- DROP TABLE IF EXISTS `sys_user_role`; CREATE TABLE `sys_user_role` ( `role_id` int(64) NOT NULL, `user_id` int(64) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of sys_user_role -- ---------------------------- INSERT INTO `sys_user_role` VALUES ('1', '1'); -- ---------------------------- -- Table structure for `user_info` -- ---------------------------- DROP TABLE IF EXISTS `user_info`; CREATE TABLE `user_info` ( `id` int(64) NOT NULL AUTO_INCREMENT, `name` varchar(32) DEFAULT NULL, `password` varchar(64) DEFAULT NULL, `salt` varchar(64) DEFAULT NULL, `state` varchar(8) DEFAULT NULL, `username` varchar(32) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of user_info -- ---------------------------- INSERT INTO `user_info` VALUES ('1', '管理員', 'd3c59d25033dbf980d29554025c23a75', '8d78869f470951332959580424d4bf4f', '1', 'admin');
以上是“基于springboot如何實現整合shiro實現登錄認證以及授權過程解析”這篇文章的所有內容,感謝各位的閱讀!希望分享的內容對大家有幫助,更多相關知識,歡迎關注億速云行業資訊頻道!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。