SpringBoot整合Shiro权限框架
1.导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.1</version>
</dependency>
2.开始整合
把CustomRealm和SecurityManager等加入到spring容器:
import com.wsl.shiro.CustomRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class shiroConfig {
//不加这个注解不生效,具体不详
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
//将自己的验证方式加入容器
@Bean
public CustomRealm myShiroRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
//权限管理,配置主要是Realm的管理认证
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
//登出
map.put("/logout", "logout");
//对所有用户认证
map.put("/**", "authc");
//登录
shiroFilterFactoryBean.setLoginUrl("/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("/index");
//错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
//加入注解的使用,不加入这个注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
3.自己的Realm
public class MyRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Autowired
RolesService rolesService;
@Autowired
PermissionService permissionService;
/**
* 认证
*
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//封装用户信息的类
ActiviUser activiUser = new ActiviUser();
//查询用户的基本信息(用户名、密码、性别、地址等)
ShiroUser shiroUser = userService.getShiroUserByUserName(principal);
//查询用户的角色
List<String> rolesByUserId = rolesService.getRolesByUserId(shiroUser.getUserid());
//查询用户的权限
List<ShiroPermission> permission = permissionService.getPermissionByUserId(shiroUser.getUserid());
activiUser.setShiroUser(shiroUser);
activiUser.setShiroRoles(rolesByUserId);
activiUser.setShiroPermissions(permission);
System.out.println("doGetAuthenticationInfo------------_____------->" + activiUser);
//加密凭证中盐Salt:使用用户名和用户ID作为盐
ByteSource credentialsSalt = new SimpleByteSource(shiroUser.getUsername() + shiroUser.getUserid());
//第一个参数用户传给授权部分。也可以使用subject.getPrincipal()获取到
AuthenticationInfo info = new SimpleAuthenticationInfo(activiUser, shiroUser.getUserpwd(), credentialsSalt, this.getName());
return info;
}
/***
* 授权
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取认证后传过来的值
ActiviUser primaryPrincipal = (ActiviUser) principals.getPrimaryPrincipal();
System.out.println("doGetAuthorizationInfo------------_____------->" + primaryPrincipal);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//给用户添加角色
info.addRoles(primaryPrincipal.getShiroRoles());
//把权限对象的权限值提取出来
List<String> permissions = new ArrayList<String>();
for (ShiroPermission p : primaryPrincipal.getShiroPermissions()) {
permissions.add(p.getPercode());
}
//给用户添加权限
info.addStringPermissions(permissions);
return info;
}
}