shiro授权的使用
之前我们搭建好了sso与shiro的环境 其中的配置文件如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd "
default-lazy-init="true">
<description>Shiro CAS配置</description>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="${casServer}/login?service=${appServer}/shiro-cas" />
<property name="filters">
<util:map>
<!-- 添加casFilter到shiroFilter -->
<entry key="casFilter" value-ref="casFilter"></entry>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/shiro-cas = casFilter
/** = authc
</value>
</property>
</bean>
<!--
/** = casFilter
-->
<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
<!-- 配置验证错误时的失败页面 -->
<property name="failureUrl" value="/WEB-INF/views/error.jsp"></property>
<property name="successUrl" value="/WEB-INF/views/index.jsp" />
</bean>
<!-- <bean id="casRealm" class="org.apache.shiro.cas.CasRealm">
<property name="casServerUrlPrefix" value="${casServer}"></property>
<property name="casService" value="${appServer}/shiro-cas"></property>
</bean> -->
<bean id="casRealm" class="main.java.service.shiroServiceRealm">
<property name="casServerUrlPrefix" value="${casServer}"></property>
<property name="casService" value="${appServer}/shiro-cas"></property>
</bean>
<!-- 用户授权信息Cache, 采用EhCache -->
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache/ehcache-shiro.xml"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--设置自定义realm -->
<property name="cacheManager" ref="shiroEhcacheManager" />
<property name="realm" ref="casRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- securityManager -->
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager" />
<property name="arguments" ref="securityManager" />
</bean>
</beans>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd "
default-lazy-init="true">
<description>Shiro CAS配置</description>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="${casServer}/login?service=${appServer}/shiro-cas" />
<property name="filters">
<util:map>
<!-- 添加casFilter到shiroFilter -->
<entry key="casFilter" value-ref="casFilter"></entry>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/shiro-cas = casFilter
/** = authc
</value>
</property>
</bean>
<!--
/** = casFilter
-->
<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
<!-- 配置验证错误时的失败页面 -->
<property name="failureUrl" value="/WEB-INF/views/error.jsp"></property>
<property name="successUrl" value="/WEB-INF/views/index.jsp" />
</bean>
<!-- <bean id="casRealm" class="org.apache.shiro.cas.CasRealm">
<property name="casServerUrlPrefix" value="${casServer}"></property>
<property name="casService" value="${appServer}/shiro-cas"></property>
</bean> -->
<bean id="casRealm" class="main.java.service.shiroServiceRealm">
<property name="casServerUrlPrefix" value="${casServer}"></property>
<property name="casService" value="${appServer}/shiro-cas"></property>
</bean>
<!-- 用户授权信息Cache, 采用EhCache -->
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache/ehcache-shiro.xml"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--设置自定义realm -->
<property name="cacheManager" ref="shiroEhcacheManager" />
<property name="realm" ref="casRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- securityManager -->
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager" />
<property name="arguments" ref="securityManager" />
</bean>
</beans>
存配置文件中可以看出来 我们用的casRealm域对象是自己实现的类,下面看看这个类的具体内容:
package main.java.service;
import java.util.HashSet;
import java.util.Set;
import main.java.beans.Member;
import main.java.beans.Operation;
import main.java.beans.Role;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cas.CasRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
/**
* TODO 此处描写类的信息
*
* @time Nov 18, 2016 10:25:02 AM
* @author cuixx
* @since JDK1.7
*/
public class shiroServiceRealm extends CasRealm {
@Autowired
private UserService userService;
public shiroServiceRealm() {
super();
}
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Member user = SecurityUtils.getSubject().getPrincipals().oneByType(Member.class);
Set <String>permissions =new HashSet<String>();
for(Role role:user.getRoleSet()) {
info.addRole(role.getRole_name());
for(Operation opt:role.getOperSet()) {
String opt_name=opt.getOpt_name();
permissions.add(opt_name);
}
}
info.addStringPermissions(permissions);
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
SimpleAuthenticationInfo authInfo = (SimpleAuthenticationInfo)super.doGetAuthenticationInfo(token);
String userName = (String)authInfo.getPrincipals().iterator().next();
Member user = null;;
try{
user = userService.findByUsername(userName);
}catch(Exception e){
e.printStackTrace();
}
PrincipalCollection principalCollection = new SimplePrincipalCollection(user, getName());
return new SimpleAuthenticationInfo(principalCollection, authInfo.getCredentials());
}
@Override
public String getName() {
return getClass().getName();
}
}
import java.util.HashSet;
import java.util.Set;
import main.java.beans.Member;
import main.java.beans.Operation;
import main.java.beans.Role;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cas.CasRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
/**
* TODO 此处描写类的信息
*
* @time Nov 18, 2016 10:25:02 AM
* @author cuixx
* @since JDK1.7
*/
public class shiroServiceRealm extends CasRealm {
@Autowired
private UserService userService;
public shiroServiceRealm() {
super();
}
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Member user = SecurityUtils.getSubject().getPrincipals().oneByType(Member.class);
Set <String>permissions =new HashSet<String>();
for(Role role:user.getRoleSet()) {
info.addRole(role.getRole_name());
for(Operation opt:role.getOperSet()) {
String opt_name=opt.getOpt_name();
permissions.add(opt_name);
}
}
info.addStringPermissions(permissions);
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
SimpleAuthenticationInfo authInfo = (SimpleAuthenticationInfo)super.doGetAuthenticationInfo(token);
String userName = (String)authInfo.getPrincipals().iterator().next();
Member user = null;;
try{
user = userService.findByUsername(userName);
}catch(Exception e){
e.printStackTrace();
}
PrincipalCollection principalCollection = new SimplePrincipalCollection(user, getName());
return new SimpleAuthenticationInfo(principalCollection, authInfo.getCredentials());
}
@Override
public String getName() {
return getClass().getName();
}
}
这里的内容主要分为两部分 第一部分为认证用户,第二部分为授权 shiro主要提供 认证,授权,加密,会话管理的功能。
会话管理就是在代码中随时都可以获取session信息,非web环境都可以:
//获取当前用户
Subject currentUser=SecurityUtils.getSubject();
可以随时获取当前用户
Subject currentUser=SecurityUtils.getSubject();
可以随时获取当前用户
由上面的代码在授权中 把角色权限都初始化之后 在前台标签中也可以直接使用:
如初始化之后我们可以这样使用:
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<td width="15%">
<shiro:hasRole name="角色管理员">
admin
</shiro:hasRole>
</td>