springboot整合shiro

最新推荐文章于 2024-04-10 10:50:21 发布
最新推荐文章于 2024-04-10 10:50:21 发布
阅读量1.7k 收藏
点赞数
分类专栏: Java 文章标签: spring boot java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lx960927/article/details/128578264
版权

#Shiro
shiro主要是对用户登录、用户角色以及用户对应的权限进行认证管理
本文主要分为单个realm和多个realm进行认证授权管理测试demo
直接上代码多的也没有意义,我这边是结合springboot为例的

##单个realm
代码格式布局

在这里插入图片描述

###pom文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>shiro_demo</artifactId>
        <groupId>com.lix</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>

    <modelVersion>4.0.0</modelVersion>

    <artifactId>shiro_springboot</artifactId>

    <dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring-boot-web-starter</artifactId>
            <version>1.5.3</version>
        </dependency>

        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.4.3.3</version>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.47</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.24</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
            <version>2.5.1</version>
        </dependency>
    </dependencies>
    
</project>

###property文件

#shiro
shiro.loginUrl=/myController/login

# properties
server.port=8081
spring.thymeleaf.cache=false
spring.datasource.name=shirodb
spring.datasource.driverClassName=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/shiro?useUnicode=true&serverTimezone=Asia/Shanghai&characterEncoding=utf8&autoReconnect=true&useSSL=false&allowMultiQueries=true
spring.datasource.username=root
spring.datasource.password=root

# mybatis config
mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
mybatis.mapper-locations=classpath:mapper/*Mapper.xml

###realm
这个文件主要是根据账号查询出用户的身份信息、角色以及权限信息封装返回由底层进行比较

package com.lix.shiro.realm;

import com.lix.shiro.entity.User;
import com.lix.shiro.entity.UserRole;
import com.lix.shiro.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import java.util.HashSet;
import java.util.List;

@Slf4j
@Component
public class MyRealm extends AuthorizingRealm {

    @Resource
    private UserService userService;

    // 自定义授权方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.info("MyRealm-固定用户角色权限测试");
        log.info("自定义授权方法-查询用户的角色以及对应拥有的权限");
        String username = principalCollection.getPrimaryPrincipal().toString();
        // 查询用户角色
        List<UserRole> userRole = userService.getUserRole(username);
        HashSet<String> set = new HashSet<>();
        for(UserRole userRoleInfo:userRole){
            String roleName = userRoleInfo.getRoleName();
            set.add(roleName);
        }
        log.info("用户["+username+"]拥有的角色为:"+set);
        // 查询用户权限
        List<String> userPermissions = userService.getUserPermission(username);

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addRoles(set);
        info.addStringPermissions(userPermissions);
        return info;
    }

    // 自定义登录认证方法
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.info("MyRealm--验证身份信息");
        log.info("自定义登录认证方法--查询用户的身份信息");
        // 获取用户身份信息
        String username = authenticationToken.getPrincipal().toString();
        String credentials = new String((char[])authenticationToken.getCredentials());
        // 获取持久化的用户信息
        User user = userService.getUserInfoByName(username);
        // 身份信息判断
        if(user==null){
            log.info("系统不存在该用户");
            return null;
        }
        // 封装身份信息返回认证
        AuthenticationInfo info = new SimpleAuthenticationInfo(
                username,
                user.getPassword(),
                ByteSource.Util.bytes(username),
                authenticationToken.getPrincipal().toString()
        );
        log.info("系统用户认证信息:"+username+"==="+credentials);
        return info;
    }
}

###shiroConfig
这个类主要功能就是shiro对请求进行拦截,规定需要通过身份认证才可以访问对应的页面或者具有相对的功能,以及还规定了认证需要的策略、加密方式、加密次数

package com.lix.shiro.config;

import com.lix.shiro.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;

@Configuration
public class ShiroConfig {

    @Resource
    private MyRealm myRealm;

    /**
     * 配置SecurityManager
     *
     * 认证策略
     * AtLeastOneSuccessfulStrategy--一个或多个Realm验证成功即可(默认认证策略)
     * FirstSuccessfulStrategy--第一个Realm验证成功 后续Realm忽略 视为成功
     * AllSuccessfulStrategy--所有Realm成功 认证视为成功
     */
    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(){
        // 1.创建defaultWebSecurityManager对象
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();

        // 2.创建加密对象,设置相关属性
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName("md5");
        //matcher.setHashSalted(true);
        // matcher.setHashIterations(3);

        // 3.将加密对戏存储到myRealm中
        myRealm.setCredentialsMatcher(matcher);
        // 4.将myRealm存入创建defaultWebSecurityManager对象
        defaultWebSecurityManager.setRealm(myRealm);

        // 5.设置rememberme
        defaultWebSecurityManager.setRememberMeManager(rememberMeManager());

        // 6.返回
        return  defaultWebSecurityManager;
    }

    // 配置shiro内置过滤器拦截范围
    @Bean
    public DefaultShiroFilterChainDefinition shiroFilterChainDefinition(){
        DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
        // 设置不认证可以访问的资源
        definition.addPathDefinition("/myController/userLogin","anon");
        definition.addPathDefinition("/myController/login","anon");

        // 设置登出过滤器
        definition.addPathDefinition("/logout","logout");

        // 设置需要登录认证的拦截资源
        definition.addPathDefinition("/**","authc");
        definition.addPathDefinition("/**","user");

        return  definition;
    }

    // 创建shiro的cookie管理对象
    private RememberMeManager rememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        cookieRememberMeManager.setCipherKey("1234567890987654".getBytes());
        return cookieRememberMeManager;
    }

    // cookie属性设置
    private Cookie rememberMeCookie() {
        SimpleCookie cookie = new SimpleCookie("rememberMe");
        // 设置跨域
        //cookie.setDomain(domain);
        cookie.setPath("/");
        cookie.setHttpOnly(true);
        cookie.setMaxAge(30*24*60*60);
        return cookie;
    }
}

###controller

package com.lix.shiro.controller;

import com.lix.shiro.entity.User;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;

@Controller
@RequestMapping("myController")
@Slf4j
public class UserController {

    @GetMapping("login")
    public String login() {
        return "login";
    }

    @GetMapping("userLogin")
    public String userLogin(User user, HttpSession session,
                            @RequestParam(defaultValue = "false")Boolean rememberMe){
        log.info("是否记住密码="+rememberMe);
        // 1.获取subject对象
        Subject subject = SecurityUtils.getSubject();
        // 2.封装数据到token
        AuthenticationToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword(),rememberMe);
        // 3.调用login方法进行认证
        try {
            subject.login(token);
            session.setAttribute("user",token.getPrincipal().toString());
            log.info("登录成功!");

        }catch (AuthenticationException e){
            log.info("登录失败!");
            e.printStackTrace();
        }
        return "main";
    }

    @GetMapping("userLoginRm")
    public String userLoginRm(HttpSession session){
        Subject subject = SecurityUtils.getSubject();
        String s = subject.getPrincipal().toString();
        log.info("===记住账号密码验证测试===");
        log.info("subject账号信息:"+s);
        return "main";
    }

    @RequiresRoles("role:admin")
    @GetMapping("userLoginRole")
    @ResponseBody
    public String userLoginRole(){
        log.info("测试角色认证成功");
        return "测试角色认证成功";
    }

    @RequiresPermissions("user:add")
    @GetMapping("userLoginPermissions")
    @ResponseBody
    public String userLoginPermissions(){
        log.info("测试权限认证成功");
        return "测试权限认证成功";
    }
}

###service

package com.lix.shiro.service;

import com.lix.shiro.entity.User;
import com.lix.shiro.entity.UserRole;

import java.util.List;

public interface UserService {
    // 用户登录
    User getUserInfoByName(String username);

    // 角色查询
    List<UserRole> getUserRole(String username);

    // 权限查询
    List<String> getUserPermission(String username);
}

###serviceImpl

package com.lix.shiro.service;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.lix.shiro.entity.User;
import com.lix.shiro.entity.UserRole;
import com.lix.shiro.mapper.UserMapper;
import org.springframework.stereotype.Service;

import javax.annotation.Resource;
import java.util.List;

@Service
public class UserServiceImpl implements UserService{

    @Resource
    private UserMapper userMapper;

    @Override
    public User getUserInfoByName(String username) {
        QueryWrapper<User> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("username",username);
        User user = userMapper.selectOne(queryWrapper);
        return user;
    }

    @Override
    public List<UserRole> getUserRole(String username) {
        List<UserRole> list = userMapper.rolesQryByName(username);
        return list;
    }

    @Override
    public List<String> getUserPermission(String username) {
        List<String> strings = userMapper.permissionQryByName(username);
        return strings;
    }
}

###dao

package com.lix.shiro.mapper;

import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.lix.shiro.entity.User;
import com.lix.shiro.entity.UserRole;
import org.springframework.stereotype.Repository;

import java.util.List;

@Repository
public interface UserMapper extends BaseMapper<User> {

    public List<UserRole> rolesQryByName(String name);

    public List<String> permissionQryByName(String name);
}

###mapper.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">

<mapper namespace="com.lix.shiro.mapper.UserMapper">
    <resultMap id="BaseResultMap" type="com.lix.shiro.entity.UserRole">
        <id column="id" jdbcType="BIGINT" property="Id"/>
        <result column="userName" jdbcType="VARCHAR" property="userName"/>
        <result column="roleName" jdbcType="VARCHAR" property="roleName"/>
    </resultMap>


    <select id="rolesQryByName" parameterType="java.lang.String" resultMap="BaseResultMap">
        select
        distinct a.id id ,a.username userName,c.name rolename
        from sys_user a
        left join sys_user_role b on a.id=b.user_id
        left join sys_role c on b.role_id=c.id
        where a.username = #{username}
    </select>

    <select id="permissionQryByName" parameterType="java.lang.String" resultType="java.lang.String">
        select
        distinct f.permission permission
        from sys_user a
        left join sys_user_role b on a.id=b.user_id
        left join sys_role c on b.role_id=c.id
        left join sys_role_resources d on c.id=d.role_id
		left join sys_resources f on d.resources_id=f.id
        where a.username = #{username} and f.permission is not null and f.permission !=''
    </select>

</mapper>

###entity实体类

package com.lix.shiro.entity;

import com.baomidou.mybatisplus.annotation.TableName;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@NoArgsConstructor
@AllArgsConstructor
@TableName("sys_user")
public class User {
    private Integer id;
    private String username;
    private String password;
}


package com.lix.shiro.entity;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@NoArgsConstructor
@AllArgsConstructor
public class UserRole {
    private Integer Id;
    private String userName;
    private String roleName;
}

###html
login.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en" xml:th="http://www.thymeleaf.org" >
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>Shiro登录认证页面</h1>
<br>
<form action="/myController/userLogin">
    <div>用户名:<input type="text" name="username" value=""></div>
    <div>密码:<input type="password" name="password" value=""></div>
    <div>记住用户:<input type="checkbox" name="rememberMe" value="true"></div>
    <div><input type="submit"  value="登录"></div>
</form>
</body>
</html>

main.html

<!DOCTYPE html>
<html lang="en" xml:th="http://www.thymeleaf.org" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>Shiro登录认证成功后主页面</h1>
<br>
登录用户名为:<span th:text="${session.user}"></span>
<br>
<a href="/logout">登出</a>
<br>
<a href="/myController/userLoginRole">测试-角色</a>
<br>
<a href="/myController/userLoginPermissions">测试-权限</a>
</body>
</html>

##多个realms
代码结构
在这里插入图片描述

只添加改动或者新增的地方

###多个realms

package com.lix.shiro.realm;

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;


@Slf4j
@Component
public class EmailRealm extends AuthorizingRealm {

    // 自定义授权方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    // 自定义登录认证方法
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.info("EmailRealm--验证身份信息");
        // 获取用户身份信息
        String email = authenticationToken.getPrincipal().toString();
        String password = new String((char[])authenticationToken.getCredentials());
        // 根据邮箱获取用户信息-模拟就是用户前台输入的邮箱密码
        log.info("EmailRealm:"+email+"==="+password);

        // 封装身份信息返回认证
        AuthenticationInfo info = new SimpleAuthenticationInfo(
                email,
                password,
                authenticationToken.getPrincipal().toString()
        );
        return info;
    }
}


package com.lix.shiro.realm;

import com.lix.shiro.entity.User;
import com.lix.shiro.entity.UserRole;
import com.lix.shiro.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import java.util.HashSet;
import java.util.List;

@Slf4j
@Component
public class NameRealm extends AuthorizingRealm {

    @Resource
    private UserService userService;

    // 自定义授权方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.info("MyRealm-固定用户角色权限测试");
        log.info("自定义授权方法-查询用户的角色以及对应拥有的权限");
        String username = principalCollection.getPrimaryPrincipal().toString();
        // 查询用户角色
        List<UserRole> userRole = userService.getUserRole(username);
        HashSet<String> set = new HashSet<>();
        for(UserRole userRoleInfo:userRole){
            String roleName = userRoleInfo.getRoleName();
            set.add(roleName);
        }
        log.info("用户["+username+"]拥有的角色为:"+set);
        // 查询用户权限
        List<String> userPermissions = userService.getUserPermission(username);

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addRoles(set);
        info.addStringPermissions(userPermissions);
        return info;
    }

    // 自定义登录认证方法
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.info("MyRealm--验证身份信息");
        log.info("自定义登录认证方法--查询用户的身份信息");
        // 获取用户身份信息
        String username = authenticationToken.getPrincipal().toString();
        String credentials = new String((char[])authenticationToken.getCredentials());
        // 获取持久化的用户信息
        User user = userService.getUserInfoByName(username);
        // 身份信息判断
        if(user==null){
            log.info("系统不存在该用户");
            return null;
        }
        // 封装身份信息返回认证
        AuthenticationInfo info = new SimpleAuthenticationInfo(
                username,
                user.getPassword(),
                ByteSource.Util.bytes(username),
                authenticationToken.getPrincipal().toString()
        );
        log.info("系统用户认证信息:"+username+"==="+credentials);
        return info;
    }
}


package com.lix.shiro.realm;

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;

@Slf4j
@Component
public class PhoneRealm extends AuthorizingRealm {

    // 自定义授权方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    // 自定义登录认证方法
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.info("PhoneRealm--验证身份信息");
        // 获取用户身份信息
        String phone = authenticationToken.getPrincipal().toString();
        String password = new String((char[])authenticationToken.getCredentials());
        // 根据手机号获取用户信息-模拟就是用户前台输入的手机号密码
        log.info("PhoneRealm系统用户认证信息:"+phone+"==="+password);

        // 封装身份信息返回认证
        AuthenticationInfo info = new SimpleAuthenticationInfo(
                phone,
                password,
                authenticationToken.getPrincipal().toString()
        );
        return info;
    }
}

###config
这个方法是重写的 主要就是告诉shiro需要调用哪些realm

package com.lix.shiro.config;

import java.util.ArrayList;
import java.util.Collection;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.pam.AuthenticationStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.Realm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * 自定义身份认证realm控制器
 *
 * @ClassName: MyModularRealmAuthenticator
 * @Description 用于告诉shiro使用哪个realm处理
 */
public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(ModularRealmAuthenticator.class);

    @Override
    protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        // 判断getRealms()是否返回为空
        assertRealmsConfigured();
        // 强制转换回自定义的CustomizedToken
        MyUsernamePasswordToken userToken = (MyUsernamePasswordToken) authenticationToken;
        // 登录类型
        String loginType = userToken.getLoginType();
        // 所有Realm
        Collection<Realm> realms = getRealms();
        // 登录类型对应的所有Realm
        Collection<Realm> typeRealms = new ArrayList<>();
        for (Realm realm : realms) {
            if (realm.getName().contains(loginType)) {
                typeRealms.add(realm);
            }
        }

        // 判断是单Realm还是多Realm
        if (typeRealms.size() == 1) {
            //单realm处理
            return doSingleRealmAuthentication(((ArrayList<Realm>) typeRealms).get(0), userToken);
        } else {
            //多realm处理,需满足全部realm认证
            return doMultiRealmAuthentication(typeRealms, userToken);
        }
    }

    /**
     * 重写doMultiRealmAuthentication,修复多realm联合认证只出现AuthenticationException异常,而未处理其他异常
     */
    protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) throws AuthenticationException {

        AuthenticationStrategy strategy = getAuthenticationStrategy();

        AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);

        if (log.isTraceEnabled()) {
            log.trace("Iterating through {} realms for PAM authentication", realms.size());
        }

        for (Realm realm : realms) {

            aggregate = strategy.beforeAttempt(realm, token, aggregate);

            if (realm.supports(token)) {

                log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);

                AuthenticationInfo info = null;
                Throwable t = null;
                try {
                    info = realm.getAuthenticationInfo(token);
                } catch (Throwable throwable) {
                    t = throwable;
                    if (log.isDebugEnabled()) {
                        String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
                        log.debug(msg, t);
                    }
                }
                //处理只提示AuthenticationException异常问题
                if(t instanceof AuthenticationException) {
                    log.debug("realmName:"+realm.getName(), t);
                    throw ((AuthenticationException)t);
                }
                aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);

            } else {
                log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
            }
        }

        aggregate = strategy.afterAllAttempts(token, aggregate);

        return aggregate;
    }
}


package com.lix.shiro.config;

import org.apache.shiro.authc.UsernamePasswordToken;

/**
 *
 * @ClassName: MyUsernamePasswordToken
 * @Description 自定义用户名密码凭证类,携带登录类型信息
 * @version
 *
 */
public class MyUsernamePasswordToken extends UsernamePasswordToken {
    private static final long serialVersionUID = 1L;
    //登录类型
    private String loginType;

    public MyUsernamePasswordToken(String username, final String password, String loginType) {
        super(username, password);
        this.loginType = loginType;
    }

    public String getLoginType() {
        return loginType;
    }

    public void setLoginType(String loginType) {
        this.loginType = loginType;
    }

}


package com.lix.shiro.config;

import com.lix.shiro.realm.EmailRealm;
import com.lix.shiro.realm.NameRealm;
import com.lix.shiro.realm.PhoneRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;

@Configuration
public class ShiroConfig {

    @Resource
    private NameRealm nameRealm;

    @Resource
    private PhoneRealm poneRealm;

    @Resource
    private EmailRealm emailRealm;

    /**
     * 配置SecurityManager
     *
     * 认证策略
     * AtLeastOneSuccessfulStrategy--一个或多个Realm验证成功即可(默认认证策略)
     * FirstSuccessfulStrategy--第一个Realm验证成功 后续Realm忽略 视为成功
     * AllSuccessfulStrategy--所有Realm成功 认证视为成功
     */
    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(){
        // 1.创建defaultWebSecurityManager对象
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();

        // 2.创建加密对象,设置相关属性
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName("md5");
        //matcher.setHashSalted(true);
        // matcher.setHashIterations(3);

        // 3.将加密对戏存储到nameRealm中
        nameRealm.setCredentialsMatcher(matcher);
        // 4.将nameRealm存入创建defaultWebSecurityManager对象
        defaultWebSecurityManager.setRealm(nameRealm);

        //===========================================================================================
        // 测试多个Realm认证
        // 创建认证对象,并设置认证策略
        // MyModularRealmAuthenticator-自己重写的需要认证对象
        MyModularRealmAuthenticator modularRealmAuthenticator = new MyModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        defaultWebSecurityManager.setAuthenticator(modularRealmAuthenticator);
        List<Realm> list = new ArrayList<>();
        list.add(nameRealm);
        list.add(poneRealm);
        list.add(emailRealm);
        defaultWebSecurityManager.setRealms(list);
        //===========================================================================================

        // 5.设置rememberme
        defaultWebSecurityManager.setRememberMeManager(rememberMeManager());

        // 6.返回
        return  defaultWebSecurityManager;
    }

    // 配置shiro内置过滤器拦截范围
    @Bean
    public DefaultShiroFilterChainDefinition shiroFilterChainDefinition(){
        DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
        // 设置不认证可以访问的资源
        definition.addPathDefinition("/myController/userLogin","anon");
        definition.addPathDefinition("/myController/login","anon");

        // 设置登出过滤器
        definition.addPathDefinition("/logout","logout");

        // 设置需要登录认证的拦截资源
        definition.addPathDefinition("/**","authc");
        definition.addPathDefinition("/**","user");

        return  definition;
    }

    // 创建shiro的cookie管理对象
    private RememberMeManager rememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        cookieRememberMeManager.setCipherKey("1234567890987654".getBytes());
        return cookieRememberMeManager;
    }

    // cookie属性设置
    private Cookie rememberMeCookie() {
        SimpleCookie cookie = new SimpleCookie("rememberMe");
        // 设置跨域
        //cookie.setDomain(domain);
        cookie.setPath("/");
        cookie.setHttpOnly(true);
        cookie.setMaxAge(30*24*60*60);
        return cookie;
    }
}

###controller

package com.lix.shiro.controller;

import com.lix.shiro.config.MyUsernamePasswordToken;
import com.lix.shiro.entity.User;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;

@Controller
@RequestMapping("myController")
@Slf4j
public class UserController {

    @GetMapping("login")
    public String login() {
        return "login";
    }

    @GetMapping("userLogin")
    public String userLogin(User user,
                            String loginType,
                            HttpSession session,
                            @RequestParam(defaultValue = "false")Boolean rememberMe){

        log.info("是否记住密码="+rememberMe);
        // 1.获取subject对象
        Subject subject = SecurityUtils.getSubject();
        // 2.封装数据到token
        // AuthenticationToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword(),rememberMe);
        MyUsernamePasswordToken token = new MyUsernamePasswordToken(user.getUsername(), user.getPassword(), loginType);
        // 3.调用login方法进行认证
        try {
            subject.login(token);
            session.setAttribute("user",token.getPrincipal().toString());
            log.info("登录成功!");

        }catch (UnknownAccountException uae) {
            // 用户名未知...
            log.info("用户不存在!");
        } catch (IncorrectCredentialsException ice) {
            // 凭据不正确,例如密码不正确 ...
            log.info("密码不正确!");
        } catch (LockedAccountException lae) {
            // 用户被锁定,例如管理员把某个用户禁用...
            log.info("用户被锁定!");
        } catch (ExcessiveAttemptsException eae) {
            // 尝试认证次数多余系统指定次数 ...
            log.info("尝试认证次数过多,请稍后重试!");
        } catch (AuthenticationException ae) {
            // 其他未指定异常
            log.info("未知异常!");
        }
        return "main";
    }

    @GetMapping("userLoginRm")
    public String userLoginRm(HttpSession session){
        Subject subject = SecurityUtils.getSubject();
        String s = subject.getPrincipal().toString();
        log.info("===记住账号密码验证测试===");
        log.info("subject账号信息:"+s);
        return "main";
    }

    @RequiresRoles("role:admin")
    @GetMapping("userLoginRole")
    @ResponseBody
    public String userLoginRole(){
        log.info("测试角色认证成功");
        return "测试角色认证成功";
    }

    @RequiresPermissions("user:add")
    @GetMapping("userLoginPermissions")
    @ResponseBody
    public String userLoginPermissions(){
        log.info("测试权限认证成功");
        return "测试权限认证成功";
    }
}

###html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en" xml:th="http://www.thymeleaf.org" >
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>Shiro登录认证页面</h1>
<br>
<form action="/myController/userLogin">
    <div>账号:<input type="text" name="username" value=""></div>
    <div>密码:<input type="password" name="password" value=""></div>
    <table>
        <td>用户类型</td>
        <td>
            <select name="loginType" id="loginType">
                <option value="Name">用户名登录</option>
                <option value="Phone">手机号登录</option>
                <option value="Email">邮箱登录</option>
            </select>
        </td>
    </table>
    <div>记住用户:<input type="checkbox" name="rememberMe" value="true"></div>
    <div><input type="submit"  value="登录"></div>
</form>
</body>
</html>

完整代码跳转地址

阿呆il
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
SpringBootShiro整合
fangliangke的博客
02-01 6091
本文章介绍了Spring bootshiro与thymeleaf、mybatis的整合过程,Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理
SpringBoot整合Shiro(最详细)
热门推荐
m0_67392273的博客
06-12 2万+
pom.xml 2.3 创建前端页面 在webapp文件夹创建index.jsp和login.jsp index.jsp login.jsp 2.4 配置视图信息 application.properties 2.5 解决IDEA冲突问题 JSP 与IDEA 与SpringBoot存在一定的不兼容,修改此配置即可解决 pom.xml 3.2 自定义Realm 在shiro文件夹下创建realm文件夹 3.3 Shiro配置 在config文件夹创建ShiroConfig.java 3.4 启动测试 输入
Springboot整合shiro_springboot shiro,2024年最新网络安全初级开发是如何一步步成为高级开发
最新发布
2401_84183033的博客
04-10 1073
在结束之际,我想重申的是,学习并非如攀登险峻高峰,而是如滴水穿石般的持久累积。尤其当我们步入工作岗位之后,持之以恒的学习变得愈发不易,如同在茫茫大海独自划舟,稍有松懈便可能被巨浪吞噬。然而,对于我们程序员而言,学习是生存之本,是我们在激烈市场竞争立于不败之地的关键。一旦停止学习,我们便如同逆水行舟,不进则退,终将被时代的洪流所淘汰。因此,不断汲取新知识,不仅是对自己的提升,更是对自己的一份珍贵投资。让我们不断磨砺自己,与时代共同进步,书写属于我们的辉煌篇章。需要完整版PDF学习资源私我。
Springboot整合shiro,带你学会shiro,入门级别教程,由浅入深,完整代码案例,各位项目想加这个模块的人也可以看这个,又或者不会mybatis-plus的也可以看这个
m0_63251896的博客
11-02 491
Springboot整合shiro,带你学会shiro,入门级别教程,由浅入深,完整代码案例,各位项目想加这个模块的人也可以看这个,又或者不会mybatis-plus的也可以看这个
Springboot整合Shiro
不惧困难 顽强拼搏
07-07 775
springboot整合shiro完成登录,权限。完成前后端分离。shiro权限对象缓存到redis+使用Swagger2接口文档测试
SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录
06-19
SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录 SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录 SpringBoot整合Shiro示例实现动态权限加载更新+Session共享+单点登录 ...
Springboot整合Shiro的代码实例
08-25
Springboot 整合 Shiro 的代码实例 Springboot 整合 Shiro 的代码实例是指在 Springboot 项目集成 Shiro 框架来实现身份验证和授权管理的过程。Shiro 是一个功能强大且灵活的身份验证和授权框架,可以帮助开发者...
SpringBoot_Shiro_JWT_Redis:SpringBoot整合Shiro、JWT和Redis实现token登录授权验证以及token刷新
05-14
SpringBoot整合Shiro、JWT和Redis实现token登录授权验证以及token刷新 前端代码为一个博客页面,使用了Semantic UI框架结合thymeleaf模板 SpringBoot结合JWT+Shiro+Redis实现token无状态登录授权 [TOC] 一、引言 ​ ...
Shiro教程(二):Springboot整合Shiro全网最全教程
WwLK123的博客
07-12 1458
Apache Shiro是一个Java的安全权限框架。Shiro可以非常容易的开发出足够好的应用,其不仅可以用在JavaSE环境,也可以用在JavaEE环境。- Shiro可以完成认证、授权、加密、会话管理、Web集成、缓存等。这里是SpringBoot整合Shiro最完整最详细教程。
spring-boot集成shiro
ltx1143181624的博客
09-15 627
spring-boot集成shiro
SpringBoot集成Shiro安全框架
begefefsef的博客
04-26 3376
SpringBoot集成Shiro安全框架 1.shiro的定义 2.SpringBoot集成shiro的步骤 3.完成的效果 1.shiro的定义 1.shiro的作用 认证、授权、加密、会话管理、Web集成、缓存 2.shiro的名词 Authentication:身份认证/登录,验证用户是不是拥有相应的身份 Authorization:授权,即权限 管理,验证某个人已经登录的人是否拥有某些权限 Session Management:会话管理,即用户登录后就是一次会话,在没有退出之前所有的
SpringBoot整合Shiro_HelloWorld
CBeann的博客
12-25 5398
Shiro介绍 Apache Shiro是一个功能强大、灵活的,开源的安全框架。它可以干净利落地处理身份验证、授权、企业会话管理和加密。 Apache Shiro的首要目标是易于使用和理解。安全通常很复杂,甚至让人感到很痛苦,但是Shiro却不是这样子的。一个好的安全框架应该屏蔽复杂性,向外暴露简单、直观的API,来简化开发人员实现应用程序安全所花费的时间和精力。 Shiro能做...
Spring boot整合Shiro
qq_52589982的博客
08-11 170
Spring boot整合Shiro
SpringBoot整合Shiro
AG.『Feng』的博客
02-01 750
SpringBoot整合Shiro
SpringBoot整合Shiro安全框架完整实现
欢迎来到 Baret~H 的博客
11-04 4412
目录一、环境搭建1. 导入shiro-spring依赖2. 编写首页及其controller3. 编写shiro配置类二、Shiro实现登录拦截1. 编写页面及其controller2. 实现登录拦截3. 编写拦截后的登录页面三、Shiro实现用户认证四、整合MyBatis1. 导入依赖2. 创建数据库&连接3. 配置数据源4. 编写pojo实体类5. 编写Mapper层6. 编写service层(可省略)7. 测试8. 更改伪造数据为真实数据五、Shiro请求授权实现1. 添加授权2. 编写未授.
springboot 整合 shiro
08-20
Spring Boot整合Shiro,需要进行以下几个步骤: 1. 在application.properties文件配置Shiro相关的属性,如服务器端口号、上下文路径、视图前缀和后缀等。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *2* *3* [SpringBoot整合Shiro(最详细)](https://blog.csdn.net/m0_67392273/article/details/125243717)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 100%"] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值