springboot环境下 shiro 的简单应用

最新推荐文章于 2024-09-11 08:40:19 发布

WSYCJY

最新推荐文章于 2024-09-11 08:40:19 发布

阅读量128

点赞数

本文链接：https://blog.csdn.net/Seeyou_y/article/details/100130332

版权

java 同时被 3 个专栏收录

15 篇文章 0 订阅

订阅专栏

web

3 篇文章 0 订阅

订阅专栏

shiro

1 篇文章 0 订阅

订阅专栏

啥也不说了，先导jar包吧

    <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-ehcache</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>

jar的信息在shiro官网都可以收到
注意：在使用缓存的时候需要导一个缓存依赖

 <!-- https://mvnrepository.com/artifact/org.ehcache/ehcache -->
        <dependency>
            <groupId>org.ehcache</groupId>
            <artifactId>ehcache</artifactId>
            <version>3.5.2</version>
        </dependency>

这里我就不说明原理了，直接应用

配置shiro的核心过滤器

注意： 千万认清jar的别倒错包了

package com.baizhi.conf;


import com.baizhi.realm.MyRealm;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;


import java.util.HashMap;

@Configuration
public class ShiroFilterConf {
    /**
     * 将shirofilter工厂交给spring工厂
     *
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean getShiroFilterBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //设置过滤器
        //过滤器链的集合
        // AnonymousFilter              匿名过滤器  anon
        //FormAuthenticationFilter    认证过滤器   authc
        HashMap<String, String> map = new HashMap<>();
        map.put("/login.jsp","anon");
        map.put("/user/login","anon");
        map.put("/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        shiroFilterFactoryBean.setLoginUrl("/login.jsp");
        return shiroFilterFactoryBean;
    }

    /**
     * 安全管理器
     *
     * @param realm
     * @param CacheManager
     * @return
     */

    @Bean
    public SecurityManager getSecurityManager(Realm realm, CacheManager CacheManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        securityManager.setCacheManager(CacheManager);
        return securityManager;
    }

    /**
     * 自定义realm
     *
     * @param credentialsMatcher
     * @return
     */
    @Bean
    public Realm getRealm(CredentialsMatcher credentialsMatcher) {
        MyRealm realm = new MyRealm();
        realm.setCredentialsMatcher(credentialsMatcher);
        return realm;
    }

    /**
     * 自定义凭证匹配器
     * 使用 md5 加密
     * 散列 1024 次
     *
     * @return
     */
    @Bean
    public CredentialsMatcher getCredentialsMatcher() {
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        credentialsMatcher.setHashAlgorithmName("md5");
        credentialsMatcher.setHashIterations(1024);
        return credentialsMatcher;
    }

    /**
     * 自定义缓存   开启缓存
     * 优化授权访问数据库次数
     *
     * @return
     */
    @Bean
    public CacheManager getEhCacheManager() {
        EhCacheManager ehCacheManager = new EhCacheManager();
        return ehCacheManager;
    }
}

实现realm

自定一个realm继承AuthorizingRealm类

package com.baizhi.realm;

import com.baizhi.dao.UserDAO;
import com.baizhi.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

public class MyRealm extends AuthorizingRealm {
    @Autowired
    private UserDAO userDAO;

    @Override //授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String principal = (String) principalCollection.getPrimaryPrincipal();
        User user = new User();
        user.setUsername(principal);
        User selectOne = userDAO.selectOne(user);
        SimpleAuthorizationInfo authorizationInfo = null;
        if (selectOne != null && selectOne.getRole().equals("vip")) {
            authorizationInfo = new SimpleAuthorizationInfo();
            //身份授权
            authorizationInfo.addRole(selectOne.getRole());
            //资源授权
            authorizationInfo.addStringPermission("user:add");
            authorizationInfo.addStringPermission("user:update");
            authorizationInfo.addStringPermission("user:query");
            return authorizationInfo;
        }
        return null;
    }

    @Override  //认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String principal = (String) authenticationToken.getPrincipal();
        User user = new User();
        user.setUsername(principal);
        User selectOne = userDAO.selectOne(user);
        if (selectOne != null) {
            AuthenticationInfo authenticationInfo =
                    new SimpleAuthenticationInfo(selectOne.getUsername(), selectOne.getPassword(),
                            ByteSource.Util.bytes(selectOne.getSalt()), this.getName());
            return authenticationInfo;
        }
        return null;
    }
}

shiro提供前台页面标签，十分人性化了！！！！

<shiro:principal></shiro:principal>  //用户的身份信息
<shiro:authenticated></shiro:authenticated> //认证成功  执行标签体的内容
<shiro:notAuthenticated></shiro:notAuthenticated> //未认证  执行标签体内容
//基于角色的权限管理
<shiro:hasRole name="super"></shiro:hasRole>
<shiro:hasAnyRoles name="admin,super"></shiro:hasAnyRoles>
//基于资源的权限管理
<shiro:hasPermission name="user:delete"></shiro:hasPermission>

搞完这些差不多就over了~~~~
下面的就是自己应用到自己的项目中去