ShiroFilter
package com.baizhi.shirofilter;
import com.baizhi.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration//表示是一个配置类
public class ShiroFilter {
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
Map<String, String> map = new HashMap<>();
//AnonymousFilter 匿名拦截器 anon
//FormAuthenticationFilter 认证拦截器 authc
map.put("/back/login/login.jsp", "anon");
map.put("/admin/login", "anon");
map.put("/back/modules/main.jsp", "anon");
map.put("/back/login/assets/**", "anon");
map.put("/back/statics/**", "anon");
map.put("/code/getCode", "anon");
map.put("/admin/insert", "anon");
map.put("/back/modules/regist.jsp", "anon");
map.put("/admin/send", "anon");
/*map.put("/back/album/**","anon");
map.put("/back/article/**","anon");
map.put("/back/echarts-js/**","anon");
map.put("/back/kindeditor/**","anon");
map.put("/back/star/**","anon");
map.put("/back/user/**","anon");*/
map.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/back/login/login.jsp");
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager getSecurityManager(MyRealm myRealm, CacheManager cacheManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm);
securityManager.setCacheManager(cacheManager);
return securityManager;
}
@Bean
public CacheManager getCacheManager() {
EhCacheManager ehCacheManager = new EhCacheManager();
return ehCacheManager;
}
@Bean
public MyRealm getShiroRealm(HashedCredentialsMatcher hashedCredentialsMatcher) {
MyRealm myRealm = new MyRealm();
myRealm.setCredentialsMatcher(hashedCredentialsMatcher);
return myRealm;
}
@Bean
public HashedCredentialsMatcher getHashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
hashedCredentialsMatcher.setHashIterations(1024);
return hashedCredentialsMatcher;
}
}
开发MyRealm
package com.baizhi.realm;
import com.baizhi.dao.*;
import com.baizhi.entity.*;
import com.baizhi.service.AdminService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.ArrayList;
import java.util.List;
public class MyRealm extends AuthorizingRealm {
@Autowired
private AdminDao adminDao;
@Autowired
private AdminService adminService;
@Autowired
private RoleDao roleDao;
@Autowired
private AdminRoleDao adminRoleDao;
@Autowired
private AdminPermissionDao adminPermissionDao;
@Autowired
private PermissionDao permissionDao;
@Override
//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username = (String) principalCollection.getPrimaryPrincipal();
Admin admin = new Admin();
admin.setUsername(username);
Admin one = adminService.findOne(admin);
//根据当前用户查用户的角色信息
AdminRole adminRole = new AdminRole();
adminRole.setAdminId(one.getId());
List<AdminRole> select = adminRoleDao.select(adminRole);
//遍历集合,取集合里的角色ID,取得当前用户的所有角色
//当前用户所有的角色信息
List<String> roles = new ArrayList<>();
List<String> permissions = new ArrayList<>();
select.forEach(adminRole1 -> {
//获取角色信息
Role role = new Role();
role.setId(adminRole1.getRoleId());
Role role1 = roleDao.selectOne(role);
roles.add(role1.getName());
//根据角色,获取所属权限w
AdminPermission adminPermission = new AdminPermission();
AdminPermission adminPermission1 = adminPermission.setRoleId(adminRole1.getRoleId());
Permission permission = new Permission();
Permission permission1 = permission.setId(adminPermission1.getPermissionId());
Permission permission2 = permissionDao.selectOne(permission1);
permissions.add(permission2.getName());
});
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(permissions);
return info;
}
@Override
//认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
Admin admin = new Admin();
admin.setUsername(token.getUsername());
Admin dbAdmin = adminDao.selectOne(admin);
if (dbAdmin == null) {
return null;
} else {
SimpleAccount account = new SimpleAccount(dbAdmin.getUsername(), dbAdmin.getPassword(), ByteSource.Util.bytes(dbAdmin.getSalt()), this.getName());
return account;
}
}
}
页面相关标签
<shiro:notAuthenticated>
</shiro:notAuthenticated>//未认证
<shiro:authenticated>
</shiro:authenticated>//已认证
<shiro:hasRole name="admin">
</shiro:hasRole>//拥有哪种角色
<shiro:hasPermission name="">
</shiro:hasPermission>//拥有什么样的权限
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
