shiro配置、shiro权限管理、微服务springcloud
导入shiro相关的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
在po里新建类:role和permission:
package com.demo.phone.po;
import javax.persistence.*;
import java.io.Serializable;
import java.util.HashSet;
@Entity
@Table(name = "t_role")
public class Role implements Serializable {
private static final long serialVersionUID = -1003928920961239838L;
@Id
private String id;
private String name;
private String description;
@ManyToMany(mappedBy = "roles")
private Set<User> users = new HashSet<>(0);
@ManyToMany(fetch = FetchType.EAGER)
private Set<com.llanero.news.po.Permission> permissions = new HashSet<>(0);
public static long getSerialVersionUID() {
return serialVersionUID;
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public Set<User> getUsers() {
return users;
}
public void setUsers(Set<User> users) {
this.users = users;
}
public Set<com.llanero.news.po.Permission> getPermissions() {
return permissions;
}
public void setPermissions(Set<com.llanero.news.po.Permission> permissions) {
this.permissions = permissions;
}
@Override
public String toString() {
return "Role{" +
"id='" + id + '\'' +
", name='" + name + '\'' +
", description='" + description + '\'' +
", users=" + users +
", permissions=" + permissions +
'}';
}
}
import javax.persistence.*;
import java.io.Serializable;
@Entity
@Table(name = "t_permission")
public class Permission implements Serializable {
private static final long serialVersionUID = 1486480317310743604L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String name;
private String code;
private String description;
public static long getSerialVersionUID() {
return serialVersionUID;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
@Override
public String toString() {
return "Permission{" +
"id=" + id +
", name='" + name + '\'' +
", code='" + code + '\'' +
", description='" + description + '\'' +
'}';
}
}
在User类中增加属性:
@ManyToMany(fetch = FetchType.EAGER)
private Set<Role> roles = new HashSet<Role>(0);
shiro
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。它的三个核心组件为Subject, SecurityManager 和 Realms。Realm实质上是一个安全相关的DAO:它封装了数据源的连接细节,并在需要时将相关数据提供给Shiro。当配置Shiro时,你必须至少指定一个Realm,用于认证和(或)授权。配置多个Realm是可以的,但是至少需要一个。Shiro内置了可以连接大量安全数据源(又名目录)的Realm,如LDAP、关系数据库(JDBC)、类似INI的文本配置资源以及属性文件等。如果缺省的Realm不能满足需求,你还可以插入代表自定义数据源的自己的Realm实现。
创建NewsRealm类,判断登录的用户角色类型:
public class NewsRealm extends AuthorizingRealm {
public void setName(String name) {
setName("newsRealm");
}
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取认证的用户数据
User user = (User) principalCollection.getPrimaryPrincipal();
//构造认证数据
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roles = user.getRoles();
for (Role role : roles) {
//添加角色信息
info.addRole(role.getName());
for (Permission permission : role.getPermissions()) {
//添加角色信息
info.addStringPermission(permission.getCode());
}
}
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
User user = userService.checkUsers(username, password);
if (user != null) {
return new SimpleAuthenticationInfo(user, user.getPassword(), this.getName());
}
return null;
}
}
在news包下新建ShiroConfiguration类:
@Configuration
public class ShiroConfiguration {
//创建realm
@Bean
public NewsRealm getRealm(){
return new NewsRealm();
}
//创建安全管理器
@Bean
public SecurityManager securityManager(NewsRealm realm) {
//使用默认的安全管理器
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);
//将自定义realm交给安全管理器统一调度
return securityManager;
}
//配置shiro过滤器工厂
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//通用配置
shiroFilterFactoryBean.setLoginUrl("/admin");
shiroFilterFactoryBean.setUnauthorizedUrl("/admin");
/* * key: 请求路径
* value: 过滤器类型
* */
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/admin/types", "perms[user-types]");
filterMap.put("/admin/news", "perms[user-news");
filterMap.put("/admin/tags", "perms[user-tags]");
filterMap.put("/admin/login", "anon");
filterMap.put("/admin/**","authc");
System.out.println(filterMap);
//设置过滤器
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
//开启shiro注解支持
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
修改LoginController中的login()方法:
@PostMapping("/login")
public String login(@RequestParam String username, @RequestParam String password,
HttpSession session, RedirectAttributes attributes) {
try {
//构造登录令牌
UsernamePasswordToken uptoken = new UsernamePasswordToken(username, password);
//获取subject
Subject subject = SecurityUtils.getSubject();
subject.login(uptoken);
User user = (User) subject.getPrincipal();
session.setAttribute("user", user);
return "admin/index";
} catch (Exception e) {
attributes.addFlashAttribute("message", "用户名或密码错误");
return "redirect:/admin";
}
}