SSM整合Shiro
基础版
基础版主要是将Shiro整合到SSM中,实现用户登录时通过Shiro进行验证以及授权。后面会一步步加上记住登录、Shiro+Redis实现Session共享、控制一个账号同时可以登录的人数等功能。
引入jar包
这里只列出Shiro用到的jar,其它的都是SSM项目常用jar。
<!-- Shiro start -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.2</version>
</dependency>
<!-- Shiro end -->
自定义Realm,实现认证和授权
自定义的Realm要继承AuthorizingRealm类,重写doGetAuthenticationInfo()方法进行认证,重写doGetAuthorizationInfo()方法进行授权,重写getCredentialsMatcher()方法设置加密规则。
package com.demo.realm;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import com.demo.model.LearnShiroUser;
import com.demo.service.LearnShiroPermissionService;
import com.demo.service.LearnShiroRoleService;
import com.demo.service.LearnShiroUserService;
/**
*
* 根据UserId认证和授权<br>
* <br>
* -------------------------------------<br>
* 创建人员: ToBeNumberTwo<br>
* 创建时间: 2020年5月17日 下午8:42:15<br>
* -------------------------------------<br>
* 修改人员: ToBeNumberTwo<br>
* 修改时间: 2020年5月17日 下午8:42:15<br>
* -------------------------------------<br>
*/
public class UserIdRealm extends AuthorizingRealm {
@Autowired
private LearnShiroUserService learnShiroUserService;
@Autowired
private LearnShiroRoleService learnShiroRoleService;
@Autowired
private LearnShiroPermissionService learnShiroPermissionService;
@Override
public String getName() {
return "UserIdRealm";
}
/**
* 认证
*
* @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
SimpleAuthenticationInfo authenticationInfo = null;
if (token.getPrincipal() != null && StringUtils.isNumeric(token.getPrincipal().toString())) {
LearnShiroUser user = null;
try {
user = learnShiroUserService.selByUserId(Integer.valueOf(token.getPrincipal()