项目整合
pom.xml
导入所需依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
自定义 Realm
编写 授权 与 认证 部分代码
package com.sakura.shiro;
import com.sakura.pojo.SysPermissions;
import com.sakura.pojo.SysRoles;
import com.sakura.pojo.SysUsers;
import com.sakura.service.SysUsersService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
/**
* @program: spring_boot_shiro_stu
* @description:
* @author: Sakura_Li
* @create: 2021-07-10 11:09
**/
public class MyShiroRealm extends AuthorizingRealm {
@Autowired
private SysUsersService usi;
/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 获取登录用户名
String name= (String) principalCollection.getPrimaryPrincipal();
// 根据用户名查询用户信息
SysUsers users = usi.findByName(name);
// 添加角色和权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
/**
* 便利用户信息,添加用户的角色与权限信息
*/
for (SysRoles role : users.getRolesList()) {
simpleAuthorizationInfo.addRole(role.getRole());
for (SysPermissions permission : role.getPermissionsList()) {
simpleAuthorizationInfo.addStringPermission(permission.getPermission());
}
}
return simpleAuthorizationInfo;
}
/**
* 认证
* 加这一步的目的是在Post请求的时候会先进认证,然后在到请求
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
if (authenticationToken.getPrincipal() == null) {
return null;
}
//获取用户信息
String name = authenticationToken.getPrincipal().toString();
SysUsers users = usi.findByName(name);
if (users == null) {
//这里返回后会报出对应异常
return null;
} else {
//这里验证authenticationToken和simpleAuthenticationInfo的信息
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, users.getPassword(), getName());
return simpleAuthenticationInfo;
}
}
}
ShiroConfig
Shiro相关配置:
1、将自定义 Realm 添加到 IOC 容器
2、获取自定义 Realm 并添加至 securityManager
3、设置对应的过滤条件和跳转条件
4、开始注解使用
package com.sakura.shiro;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* @program: spring_boot_shiro_stu
* @description:
* @author: Sakura_Li
* @create: 2021-07-10 11:51
**/
@Configuration
public class ShiroConfiguration {
//将自己的验证方式加入容器
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
//权限管理,配置主要是Realm的管理认证
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> map = new HashMap<>();
// 登录
map.put("/userLogin","anon");
// Swagger
map.put("/swagger-ui.html","anon");
// 注销
map.put("/logout","logout");
// 对其他所有接口进行权限管控
map.put("/**","authc");
// 登录
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
//加入注解的使用,不加入这个注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
其他代码
pojo
SysUsers
package com.sakura.pojo;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import java.io.Serializable;
import java.util.List;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.ToString;
/**
*
* @TableName sys_users
*/
@Data
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class SysUsers implements Serializable {
/**
* 编号
*/
private Long usersid;
/**
* 用户名
*/
private String username;
/**
* 密码
*/
private String password;
/**
* 盐值
*/
private String salt;
/**
* 是否锁定
*/
private Boolean locked;
/**
* 角色列表
*/
List<SysRoles> rolesList;
private static final long serialVersionUID = 1L;
}
SysRoles
package com.sakura.pojo;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import java.io.Serializable;
import java.util.List;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.ToString;
/**
*
* @TableName sys_roles
*/
@Data
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class SysRoles implements Serializable {
/**
* 角色编号
*/
private Long rolesid;
/**
* 角色名称
*/
private String role;
/**
* 角色描述
*/
private String description;
/**
* 父节点
*/
private Long pid;
/**
* 是否锁定
*/
private Boolean available;
/**
* 权限列表
*/
List<SysPermissions> permissionsList;
private static final long serialVersionUID = 1L;
}
SysPermissions
package com.sakura.pojo;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import java.io.Serializable;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.ToString;
/**
*
* @TableName sys_permissions
*/
@Data
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class SysPermissions implements Serializable {
/**
* 编号
*/
private Long perid;
/**
* 权限编号
*/
private String permission;
/**
* 权限描述
*/
private String description;
/**
* 是否锁定
*/
private Boolean available;
private static final long serialVersionUID = 1L;
}
dao
SysUsersMapper.java
package com.sakura.mapper;
import com.sakura.pojo.SysUsers;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
/**
* @Entity com.sakura.pojo.SysUsers
*/
@Mapper
public interface SysUsersMapper extends BaseMapper<SysUsers> {
/**
* 根据用户名查询对应信息
* @param name 用戶名
* @return
*/
SysUsers queryUserByName(@Param("name") String name);
}
SysUsersMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.sakura.mapper.SysUsersMapper">
<resultMap id="BaseResultMap" type="com.sakura.pojo.SysUsers">
<id property="usersid" column="usersid" jdbcType="BIGINT"/>
<result property="username" column="username" jdbcType="VARCHAR"/>
<result property="password" column="password" jdbcType="VARCHAR"/>
<result property="salt" column="salt" jdbcType="VARCHAR"/>
<result property="locked" column="locked" jdbcType="BOOLEAN"/>
<collection property="rolesList" ofType="com.sakura.pojo.SysRoles">
<id property="rolesid" column="rolesid" jdbcType="BIGINT"/>
<result property="role" column="role" jdbcType="VARCHAR"/>
<result property="description" column="description" jdbcType="VARCHAR"/>
<result property="pid" column="pid" jdbcType="BIGINT"/>
<result property="available" column="available" jdbcType="BOOLEAN"/>
<collection property="permissionsList" ofType="com.sakura.pojo.SysPermissions">
<id property="perid" column="perid" jdbcType="BIGINT"/>
<result property="permission" column="permission" jdbcType="VARCHAR"/>
<result property="description" column="description" jdbcType="VARCHAR"/>
<result property="available" column="available" jdbcType="BOOLEAN"/>
</collection>
</collection>
</resultMap>
<select id="queryUserByName" resultMap="BaseResultMap">
SELECT
*
FROM
sys_users users
LEFT JOIN sys_users_roles ur
ON users.usersid = ur.`user_id`
LEFT JOIN `sys_roles` roles
ON ur.`role_id` = roles.`rolesid`
LEFT JOIN `sys_roles_permissions` rp
ON roles.`rolesid` = rp.`role_id`
LEFT JOIN `sys_permissions` permissions
ON rp.`permission_id` = permissions.`perid`
WHERE
users.`username` = #{name}
</select>
</mapper>
service
SysUsersService
package com.sakura.service;
import com.sakura.pojo.SysUsers;
import com.baomidou.mybatisplus.extension.service.IService;
/**
*
*/
public interface SysUsersService {
/**
* 根据账号查询对应用户信息
* @param name 账号
* @return
*/
SysUsers findByName(String name);
}
SysUsersServiceImpl
package com.sakura.service.impl;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.sakura.pojo.SysUsers;
import com.sakura.service.SysUsersService;
import com.sakura.mapper.SysUsersMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
/**
*
*/
@Service
public class SysUsersServiceImpl implements SysUsersService {
@Autowired
private SysUsersMapper um;
@Override
public SysUsers findByName(String name) {
return um.queryUserByName(name);
}
}
controller
LoginController
package com.sakura.controller;
import com.sakura.common.vo.JsonResult;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletResponse;
/**
* @program: spring_boot_shiro_stu
* @description:
* @author: Sakura_Li
* @create: 2021-07-10 13:25
**/
@Controller
public class LoginController {
// 未登录调用API时,执行此接口,跳转至前端登录页面
@RequestMapping("/login")
public String login(){
return "redirect:http://localhost:63342/authorityWeb/shiro/login.html";
}
// 注销账号,并跳转至前端登录页面
@GetMapping(value = "/logout")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:http://localhost:63342/authorityWeb/shiro/login.html";
}
// 用户登录方法
@GetMapping("/userLogin")
@ResponseBody
public JsonResult login(String username, String password){
//添加用户认证信息
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
//进行验证,这里可以捕获异常,然后返回对应信息
subject.login(usernamePasswordToken);
return new JsonResult("登录成功");
}
}
UserController
package com.sakura.controller;
import com.sakura.common.vo.JsonResult;
import com.sakura.pojo.SysRoles;
import com.sakura.pojo.SysUsers;
import com.sakura.service.SysUsersService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
/**
* @program: spring_boot_shiro_stu
* @description:
* @author: Sakura_Li
* @create: 2021-07-10 11:43
**/
@RestController
public class UserController {
@Autowired
private SysUsersService usi;
//数据初始化
@RequiresRoles("超管")
@RequiresPermissions("users:add")
@GetMapping(value = "/addUser")
public String addUser(){
return "添加用户成功!";
}
//角色初始化
@RequiresRoles("admin")
@RequiresPermissions("roles:add")
@GetMapping(value = "/addRole")
public String addRole(){
return "添加角色成功!";
}
}
全局异常捕获
GlobalExceptionHandler
package com.sakura.common.globalExceptionHandler;
import com.sakura.common.vo.JsonResult;
import org.apache.shiro.authz.AuthorizationException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.server.MethodNotAllowedException;
/**
* @program: spring_boot_shiro_stu
* @description: 全局异常捕获
* @author: Sakura_Li
* @create: 2021-07-10 14:04
**/
@RestControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler(AuthorizationException.class)
public JsonResult handlerAuthorizationException(AuthorizationException e){
return new JsonResult(500,"暂无权限!请联系IT帮忙开通!");
}
@ExceptionHandler(MethodNotAllowedException.class)
public JsonResult handlerMethodNotAllowedException(MethodNotAllowedException e){
return new JsonResult(500,"暂无权限!请联系IT帮忙开通!");
}
@ExceptionHandler(Exception.class)
public JsonResult handlerException(Exception e){
return new JsonResult(500,"当前服务器繁忙!请稍后再试!");
}
}