新闻管理系统的shiro权限管理
一.shiro权限管理
1.po实体类层
创建Role和Permission实体类,在数据库中建好表
Role:
package com.guang.demo.po;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.persistence.*;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
@NoArgsConstructor
@Entity
@Table(name = "t_role")
public class Role implements Serializable {
private static final long serialVersionUID = 2478409104716610825L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String name;
private String description;
@ManyToMany(mappedBy = "roles")
private Set<User> users = new HashSet<>(0);
@ManyToMany(fetch = FetchType.EAGER)
private Set<Permission> permissions = new HashSet<>(0);
public static long getSerialVersionUID() {
return serialVersionUID;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public Set<User> getUsers() {
return users;
}
public void setUsers(Set<User> users) {
this.users = users;
}
public Set<Permission> getPermissions() {
return permissions;
}
public void setPermissions(Set<Permission> permissions) {
this.permissions = permissions;
}
}
Permission:
package com.guang.demo.po;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.persistence.*;
import java.io.Serializable;
@Entity
@Table(name = "t_permission")
@Data
@NoArgsConstructor
public class Permission implements Serializable {
private static final long serialVersionUID = -8743664143971550167L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String name;
private String code;
private String description;
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
2.realm
在项目中创建realm包,新建NewsRealm类继承AuthorizingRealm
package com.guang.demo.realm;
import com.guang.demo.po.Permission;
import com.guang.demo.po.Role;
import com.guang.demo.po.User;
import com.guang.demo.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.Set;
public class NewsRealm extends AuthorizingRealm {
public void setName(String name){setName("newsRealm");}
@Autowired
private UserService userService;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken)authenticationToken;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
User user = userService.checkUsers(username, password);
if (user!=null){
return new SimpleAuthenticationInfo(user,user.getPassword(),this.getName());
}
return null;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取用户认证信息
User user = (User)principalCollection.getPrimaryPrincipal();
//构造认证数据
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roles = user.getRoles();
for (Role role : roles) {
//获得角色信息
info.addRole(role.getName());
for (Permission permission : role.getPermissions()) {
//添加权限信息
info.addStringPermission(permission.getCode());
}
}
return info;
}
}
3.web层
在web包下新建ShiroConfiguration类,实现shiro的配置
package com.guang.demo;
import com.guang.demo.realm.NewsRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfiguration {
//创建realm
@Bean
public NewsRealm getRealm(){return new NewsRealm();}
//创建安全管理器
@Bean
public SecurityManager securityManager(NewsRealm realm){
//使用默认的安全管理器
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(realm);
//将定义的realm交给安全管理器统一调度管理
return defaultWebSecurityManager;
}
//配置shiro过滤器工厂
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();
shiroFilterFactory.setSecurityManager(securityManager);
//通用配置
shiroFilterFactory.setLoginUrl("/admin");
shiroFilterFactory.setUnauthorizedUrl("/admin");
/*
* key:请求路径
* value:过滤器类型
* */
Map<String ,String > filterMap = new LinkedHashMap<>();
filterMap.put("/admin/types","perms[user_types]");
filterMap.put("/admin/news","perms[user_news]");
filterMap.put("/admin/tags","perms[user_tags]");
filterMap.put("/admin/login","anon");
filterMap.put("/admin/**","authc");
shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactory;
}
//开启shiro注解支持
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
在LoginController用户登录中实现shiro的权限管理
try{
//构造登录令牌
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
//获取subject
Subject subject = SecurityUtils.getSubject();
subject.login(usernamePasswordToken);
User user = (User) subject.getPrincipal();
session.setAttribute("user",user);
return "admin/index";
}catch (Exception e){
attributes.addFlashAttribute("message","用户名或密码错误");
return "redirect:/admin";
}
}
4.功能实现
不同用户的角色不同,权限也不同,登录的用户只有新闻权限,就只能进入新闻页面,进入不了分类和标签页面
点击新闻