spring boot技术在国内慢慢流行起来,其版本迭代速度也是相当快,截止当前时间,官方版本稳定版是1.4.3,开发版已经是2.0了,2017的脚步已经启程,2.0还会远吗?
spring自家也有安全框架,也就是security,而在spring boot中使用security似乎也是理所当然。今天我所说的是另一个--shiro。由于对shiro的理解还不是很深,但基本的权限控制是不成问题的,写博客还是想锻炼一下自己的思路,巩固所学的知识,如果有错误还请提出,谢谢。对于spring boot和shiro的知识这里不做讲解,特别是对于spring boot默认大家已经比较熟悉了,那么下面开始:
1.数据库表的设计,共5张表
admin 管理员
字段:id name password
role 角色
字段:id name description
permission 权限
字段:id name description
role_permission 角色权限
字段:id role_id permission_id
admin_role 管理员角色
字段:id admin_id role_id
简单说明各表之间的关系,admin,role,permission三张表作为独立表,role_permission 记录某个角色所拥有的权限,admin_role记录某个管理员拥有的角色。这种设计也就是RBAC模型,建表之后请自行添加测试数据,并创建对应的Model类。
2.在pom.xml中添加shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.3</version>
</dependency>
①.创建AdminShiro类,代码如下:
@Service
public class AdminShiro {
@Autowired
private AdminRepository adminRepository;
@Autowired
private AdminRoleRepository adminRoleRepository;
@Autowired
private RolePermissionRepository rolePermissionRepository;
@Autowired
private PermissionRepository permissionRepository;
public Admin getAdminByAdminName(String adminName){
Admin admin = adminRepository.findByAdminName(adminName);
return admin;
}
/**
* 根据用户名获取权限授权
*/
public List<String> getPermissionsByAdminName(String adminName){
Admin admin = getAdminByAdminName(adminName);
if (admin == null){
return null;
}
List<String> list = new ArrayList<>();
List<AdminRole> adminRoleList = adminRoleRepository.findAllByAdminId(admin.getId());
for(AdminRole adminRole : adminRoleList){
List<RolePermission> rolePermissionList = rolePermissionRepository.findAllByRoleId(adminRole.getRoleId());
for (RolePermission role : rolePermissionList){
Permission p = permissionRepository.findOne(role.getPermissionId());
list.add(p.getUrl());
}
}
return list;
}
}
②.创建MyShiroRealm,并继承AuthorizingRealm,即自定义Realm,代码如下:
public class MyShiroRealm extends AuthorizingRealm {
@Autowired
private AdminShiro adminShiro;
/**
* 读取当前用户所有权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String adminName = (String) principals.fromRealm(getName()).iterator().next();
if (MyUtils.checkNull(new Object[]{adminName})){
List<String> permissions = adminShiro.getPermissionsByAdminName(adminName);
SimpleAuthorizationInfo info = null;
if (permissions.size() > 0){
info = new SimpleAuthorizationInfo();
for (String s : permissions){
info.addStringPermission(s);
}
return info;
}
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken _token) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) _token;
String adminName = token.getUsername();
if (adminName!=null && !adminName.equals("")){
Admin admin = adminShiro.getAdminByAdminName(adminName);
if (admin != null){
return new SimpleAuthenticationInfo(admin.getAdminName(),admin.getPassword(),getName());
}
}
return null;
}
}
③.创建ShiroConfiguration类,即shiro配置类,设置验证规则等,代码如下:
public class ShiroConfiguration {
/**
* 设置验证规则
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/manage/admin/logout","anon");
filterChainDefinitionMap.put("/manage/admin/login","anon");
filterChainDefinitionMap.put("/manage/admin/unauthorized","anon");
filterChainDefinitionMap.put("/manage/admin/**","perms[/manage/admin]");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/manage/admin/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/manage/admin/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(myShiroRealm());
return defaultWebSecurityManager;
}
@Bean
public MyShiroRealm myShiroRealm(){
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
配置到此结束,博客新手,不喜勿喷,如有问题,欢迎留言给出您的意见!