shiro整合流程示意图
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/3cde144458f28f580081e6ba9c639452.png)
常见过滤器
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/a14a75678a5687dc932427e37af31fbd.png)
shiro注解
@RequiresRoles(value={"admin","user"})
@RequiresPermissions("user:update:*")
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/dd48427ab0ec33b89750fb2b8feec7ed.png)
shiroConfig类
import com.wj.shiro.shirobag.realms.CustomerRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import java.util.HashMap;
import java.util.Map;
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
Map<String,String> map = new HashMap<>();
map.put("/index","authc");
map.put("/login","anon");
bean.setLoginUrl("/login.html");
bean.setFilterChainDefinitionMap(map);
return bean;
}
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(realm);
return manager;
}
@Bean
public Realm getRealm(){
CustomerRealm customerRealm = new CustomerRealm();
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("MD5");
matcher.setHashIterations(1024);
return customerRealm;
}
}
随机盐函数
import java.util.Random;
public class SaltUtils {
public static String getSalt(int n){
char[] chars = "111222333444555666#$%^&*()".toCharArray();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < n; i++) {
char aChar = chars[new Random().nextInt(chars.length-1)];
sb.append(aChar);
}
return sb.toString();
}
public static void main(String[] args) {
String salt = getSalt(3);
System.out.println(salt);
}
}
Controller示例
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("user")
public class UserController {
@RequestMapping("logout")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "login";
}
@RequestMapping("login")
public String login(String username,String password){
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username,password));
return "index.html";
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名出错");
}catch (IncorrectCredentialsException e){
e.printStackTrace();
System.out.println("密码出错");
}
return "login.html";
}
}
自定义realm
import com.wj.shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.ObjectUtils;
public class CustomerRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String principal = (String) principals.getPrimaryPrincipal();
if ("111".equals(principal)){
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermission("user:find:*");
info.addRole("user");
return info;
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String p = (String) token.getPrincipal();
User user = userService.findUserName(p);
if(!ObjectUtils.isEmpty(user)){
return new SimpleAuthenticationInfo("name",
"pwd",
ByteSource.Util.bytes("salt"),
this.getName());
}
return null;
}
}