版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/hzw2312/article/details/54612962 </div>
<link rel="stylesheet" href="https://csdnimg.cn/release/phoenix/template/css/ck_htmledit_views-5edb848729.css">
<div class="htmledit_views" id="content_views">
之前的文章中我们完成了基础框架的搭建,现在基本上所有的后台系统都逃不过权限管理这一块,这算是一个刚需了。现在我们来集成shiro来达到颗粒化权限管理,也就是从连接菜单到页面功能按钮,都进行权限都验证,从前端按钮的显示隐藏,到后台具体功能方法的权限验证。
首先要先设计好我们的数据库,先来看一张比较粗糙的数据库设计图:
具体的数据库设计代码,请查看:https://git.oschina.net/gzsjd/task/blob/master/sql/task.sql?dir=0&filepath=sql
下面我们开始根据之前的框架集成shiro
首先在pom.xml添加shiro的支持,先在properties中声明一下要倒入的版本:
-
<properties>
-
<shiro.version>1.3.2
</shiro.version>
-
<commons-logging.version>1.2
</commons-logging.version>
-
</properties>
-
<!-- shiro权限 -->
-
<dependency>
-
<groupId>org.apache.shiro
</groupId>
-
<artifactId>shiro-all
</artifactId>
-
<version>${shiro.version}
</version>
-
</dependency>
-
-
<!-- commons-logging -->
-
<dependency>
-
<groupId>commons-logging
</groupId>
-
<artifactId>commons-logging
</artifactId>
-
<version>${commons-logging.version}
</version>
-
</dependency>
-
<?xml version="1.0" encoding="UTF-8"?>
-
<beans xmlns="http://www.springframework.org/schema/beans"
-
xmlns:util=
"http://www.springframework.org/schema/util"
-
xmlns:aop=
"http://www.springframework.org/schema/aop"
-
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation=
"
-
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
-
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">
-
-
-
<!-- 缓存管理器 使用Ehcache实现 -->
-
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
-
<property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />
-
</bean>
-
-
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
-
<!--认证管理器-->
-
<property name="realm" ref="shiroSecurityRealm" />
-
<!-- 缓存管理器 -->
-
<property name="cacheManager" ref="cacheManager" />
-
<!-- rememberMe管理器 -->
-
<property name="rememberMeManager" ref="rememberMeManager"/>
-
</bean>
-
<!-- 会话ID生成器 -->
-
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
-
-
<!-- 会话Cookie模板 -->
-
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
-
<constructor-arg value="sid"/>
-
<property name="httpOnly" value="true"/>
-
<property name="maxAge" value="-1"/>
-
</bean>
-
-
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
-
<constructor-arg value="rememberMe"/>
-
<property name="httpOnly" value="true"/>
-
<property name="maxAge" value="2592000"/>
<!-- 30天 -->
-
</bean>
-
<!-- rememberMe管理器 -->
-
<bean id="rememberMeManager"
-
class=
"org.apache.shiro.web.mgt.CookieRememberMeManager">
-
<property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('7gzYfKjTASKdsai43ds==')}"/>
-
<property name="cookie" ref="rememberMeCookie"/>
-
</bean>
-
-
<!-- 会话DAO -->
-
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
-
<property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>
-
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
-
</bean>
-
<!-- 会话验证调度器 -->
-
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">
-
<property name="sessionValidationInterval" value="3000000"/>
-
<property name="sessionManager" ref="sessionManager"/>
-
</bean>
-
-
<!-- 会话管理器 -->
-
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
-
<property name="globalSessionTimeout" value="3000000"/>
-
<property name="deleteInvalidSessions" value="true"/>
-
<property name="sessionValidationSchedulerEnabled" value="true"/>
-
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
-
<property name="sessionDAO" ref="sessionDAO"/>
-
<property name="sessionIdCookieEnabled" value="true"/>
-
<property name="sessionIdCookie" ref="sessionIdCookie"/>
-
</bean>
-
-
<bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
-
<property name="rememberMeParam" value="rememberMe"/>
-
</bean>
-
-
-
<bean id="sysUserFilter" class="yfkj.gz.task.security.SysUserFilter"/>
-
-
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
-
<property name="securityManager" ref="securityManager"/>
-
<property name="loginUrl" value="/login.jsp"/>
-
<property name="successUrl" value="/page/main.action"/>
-
<property name="filters">
-
<util:map>
-
<entry key="authc">
-
<bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter"/>
-
</entry>
-
<entry key="sysUser" value-ref="sysUserFilter"/>
-
</util:map>
-
</property>
-
<property name="filterChainDefinitions">
-
<value>
-
/static/** = anon
-
/login.jsp = anon
-
/sysuser/login.action = anon
-
/sysuser/register.action = anon
-
/sysuser/getEMailCount.action = anon
-
/sysuser/getUserNameCount.action = anon
-
/sysuser/logout.action = logout
-
/** = user,sysUser
<!-- 表示访问该地址的用户是身份验证通过或RememberMe登录的都可以 -->
-
<!-- /** = authc 表示访问该地址用户必须身份验证通过-->
-
</value>
-
</property>
-
</bean>
-
-
<!-- Post processor that automatically invokes init() and destroy() methods -->
-
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
-
-
</beans>
上面的
/static/** = anon,/login.jsp = anon...这些等于anon的就是默认不做权限验证的,我们的登录,注册,静态资源等,不需要权限验证。
-
<?xml version="1.0" encoding="UTF-8"?>
-
<ehcache name="shirocache">
-
-
<diskStore path="java.io.tmpdir/yfkj-shiro-ehcache"/>
-
-
<!-- 默认缓存 -->
-
<defaultCache maxElementsInMemory="1000" eternal="false"
-
overflowToDisk=
"true"
timeToIdleSeconds=
"300"
timeToLiveSeconds=
"180"
-
diskPersistent=
"false"
diskExpiryThreadIntervalSeconds=
"120" />
-
-
<!-- 登录记录缓存 -->
-
<cache name="passwordRetryCache"
-
maxEntriesLocalHeap=
"2000"
-
eternal=
"false"
-
timeToIdleSeconds=
"3600"
-
timeToLiveSeconds=
"0"
-
overflowToDisk=
"false"
-
statistics=
"true">
-
</cache>
-
-
<!-- 授权缓存 -->
-
<cache name="authorizationCache"
-
maxEntriesLocalHeap=
"2000"
-
eternal=
"false"
-
timeToIdleSeconds=
"3600"
-
timeToLiveSeconds=
"0"
-
overflowToDisk=
"false"
-
statistics=
"true">
-
</cache>
-
-
<!-- 认证缓存 -->
-
<cache name="authenticationCache"
-
maxEntriesLocalHeap=
"2000"
-
eternal=
"false"
-
timeToIdleSeconds=
"3600"
-
timeToLiveSeconds=
"0"
-
overflowToDisk=
"false"
-
statistics=
"true">
-
</cache>
-
-
<cache name="shiro-activeSessionCache"
-
maxEntriesLocalHeap=
"2000"
-
eternal=
"false"
-
timeToIdleSeconds=
"3600"
-
timeToLiveSeconds=
"0"
-
overflowToDisk=
"false"
-
statistics=
"true">
-
</cache>
-
-
<cache name="shiro-kickout-session"
-
maxEntriesLocalHeap=
"2000"
-
eternal=
"false"
-
timeToIdleSeconds=
"3600"
-
timeToLiveSeconds=
"0"
-
overflowToDisk=
"false"
-
statistics=
"true">
-
</cache>
-
-
</ehcache>
-
import yfkj.gz.task.service.ISysUserService;
-
-
import org.apache.shiro.web.filter.PathMatchingFilter;
-
-
import javax.annotation.Resource;
-
import javax.servlet.ServletRequest;
-
import javax.servlet.ServletResponse;
-
-
/**
-
* 自定义用户过滤器
-
* @author 胡汉三
-
*
-
*/
-
public
class SysUserFilter extends PathMatchingFilter {
-
-
@Resource
-
private ISysUserService sysUserService;
-
-
@Override
-
protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
-
//可以参考http://jinnianshilongnian.iteye.com/blog/2025656
-
return
true;
-
}
-
}
-
import javax.annotation.Resource;
-
-
import org.apache.shiro.authc.AuthenticationException;
-
import org.apache.shiro.authc.AuthenticationInfo;
-
import org.apache.shiro.authc.AuthenticationToken;
-
import org.apache.shiro.authc.SimpleAuthenticationInfo;
-
import org.apache.shiro.authc.UsernamePasswordToken;
-
import org.apache.shiro.authc.credential.Sha256CredentialsMatcher;
-
import org.apache.shiro.authz.AuthorizationInfo;
-
import org.apache.shiro.authz.SimpleAuthorizationInfo;
-
import org.apache.shiro.realm.AuthorizingRealm;
-
import org.apache.shiro.subject.PrincipalCollection;
-
import org.springframework.stereotype.Component;
-
-
import yfkj.gz.task.dao.ISysUserDao;
-
import yfkj.gz.task.entity.SysRole;
-
import yfkj.gz.task.entity.SysUser;
-
import yfkj.gz.task.service.ISysUserService;
-
-
/**
-
* 权限认证
-
* @author 胡汉三
-
* @date 2017年1月19日 上午10:52:17
-
*/
-
@SuppressWarnings(
"deprecation")
-
@Component
-
public
class ShiroSecurityRealm extends AuthorizingRealm {
-
-
@Resource
-
private ISysUserService userService;
-
-
@Resource
-
private ISysUserDao sysUserDao;
-
-
public ShiroSecurityRealm() {
-
setName(
"ShiroSecurityRealm");
// This name must match the name in the SysUser class's getPrincipals() method
-
setCredentialsMatcher(
new Sha256CredentialsMatcher());
-
}
-
-
/**
-
* 登录认证
-
*/
-
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
-
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
-
SysUser user = userService.getByProerties(
new String[]{
"loginAccount"},
new String[]{token.getUsername()},
null);
-
if (user !=
null) {
-
return
new SimpleAuthenticationInfo(user.getUserId(), user.getLoginPass(), getName());
-
}
else {
-
return
null;
-
}
-
}
-
-
-
/**
-
* 权限认证
-
*/
-
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-
Long userId = (Long) principals.fromRealm(getName()).iterator().next();
-
SysUser user = userService.get(userId);
-
if (user !=
null) {
-
SimpleAuthorizationInfo info =
new SimpleAuthorizationInfo();
-
for (SysRole role : user.getRoles()) {
-
info.addRole(role.getRoleKey());
-
info.addStringPermissions(role.getPermissions());
-
}
-
return info;
-
}
else {
-
return
null;
-
}
-
}
-
-
}
-
<!-- 加载spring配置文件 -->
-
<context-param>
-
<param-name>contextConfigLocation
</param-name>
-
<param-value>classpath:spring.xml,classpath:spring-hibernate.xml,classpath:spring-shiro.xml
</param-value>
-
</context-param>
-
-
<!-- shiro权限过滤器 -->
-
<filter>
-
<filter-name>shiroFilter
</filter-name>
-
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
-
<init-param>
-
<param-name>targetFilterLifecycle
</param-name>
-
<param-value>true
</param-value>
-
</init-param>
-
</filter>
-
<filter-mapping>
-
<filter-name>shiroFilter
</filter-name>
-
<url-pattern>/*
</url-pattern>
-
</filter-mapping>
-
//存入session
-
Subject subject = SecurityUtils.getSubject();
-
//记得传入明文密码
-
subject.login(
new UsernamePasswordToken(userInfo.getLoginAccount(), user.getLoginPass(), rememberMe));
-
/**
-
* 用户登录
-
* @param response
-
* @param user
-
* @throws IOException
-
*/
-
@RequestMapping(value =
"/login", method = { RequestMethod.POST, RequestMethod.GET })
-
public void login(SysUser user,boolean rememberMe) throws IOException{
-
//用户登录
-
SysUser userInfo = userService.getByProerties(
new String[]{
"loginAccount"},
new String[]{user.getLoginAccount()},
null);
-
if(userInfo==
null){
-
result.setMessage(
"用户名错误");
-
super.writeJSON(result);
-
return;
-
}
-
if(!userInfo.getLoginPass().equals(
new Sha256Hash(user.getLoginPass()).toHex())){
-
result.setMessage(
"密码错误");
-
super.writeJSON(result);
-
return;
-
}
-
//存入session
-
Subject subject = SecurityUtils.getSubject();
-
//记得传入明文密码
-
subject.login(
new UsernamePasswordToken(userInfo.getLoginAccount(), user.getLoginPass(), rememberMe));
-
session.setAttribute(USER_SESSION, userInfo);
-
result.setMessage(
"登录成功");
-
result.setSuccess(
true);
-
super.writeJSON(result);
-
}
jsp页面引入page指令:
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
-
<shiro:hasPermission name="${ROLE_KEY}:role:role_add">
-
<button id="btn_add" type="button" class="btn btn-default">
-
<span class="glyphicon glyphicon-plus" aria-hidden="true">
</span>新增
-
</button>
-
</shiro:hasPermission>
${ROLE_KEY}角色
role是指菜单(页面)
role_add指的功能
联合起来就是,当前角色在role菜单(页面)中有没有role_add新增的功能,如果有就会显示,没有就不显示这个按钮啦。
在后台方法中验证:
在对应的方法中加入代码:
-
Subject subject = SecurityUtils.getSubject();
-
subject.checkPermission(getCurrentRoleKey()+
":role:role_add");
实体Base类BaseEntity:
-
import java.io.Serializable;
-
import java.util.LinkedHashMap;
-
import java.util.Map;
-
-
/**
-
* 实体父类
-
* @author 胡汉三
-
* @date 2017年1月18日 上午11:03:11
-
*/
-
public
class BaseEntity implements Serializable{
-
-
/**
-
*
-
*/
-
private
static
final
long serialVersionUID =
3730369554400423966L;
-
-
/**
-
* 排序
-
*/
-
private Map<String, String> sortedConditions =
new LinkedHashMap<String, String>();
-
-
public Map<String, String> getSortedConditions() {
-
return sortedConditions;
-
}
-
public void setSortedConditions(Map<String, String> sortedConditions) {
-
this.sortedConditions = sortedConditions;
-
}
-
-
-
}
用户实体SysUser:
-
import java.util.HashSet;
-
import java.util.Set;
-
-
import javax.persistence.Column;
-
import javax.persistence.Entity;
-
import javax.persistence.FetchType;
-
import javax.persistence.GeneratedValue;
-
import javax.persistence.Id;
-
import javax.persistence.JoinTable;
-
import javax.persistence.JoinColumn;
-
import javax.persistence.ManyToMany;
-
import javax.persistence.Table;
-
-
import org.hibernate.annotations.Cache;
-
import org.hibernate.annotations.CacheConcurrencyStrategy;
-
-
import yfkj.gz.support.BaseEntity;
-
-
-
/**
-
* 用户的实体类
-
*/
-
@Entity
-
@Table(name =
"sys_user")
-
public
class SysUser extends BaseEntity{
-
-
/**
-
*
-
*/
-
private
static
final
long serialVersionUID =
2491111485758197830L;
-
-
/**主键**/
-
@Id
-
@GeneratedValue
-
@Column(name =
"user_id")
-
private Long userId;
-
-
/**登录账号**/
-
@Column(name =
"login_account" ,length =
30 , unique =
true )
-
private String loginAccount;
-
-
/**登录密码**/
-
@Column(name =
"login_pass" ,length =
65)
-
private String loginPass;
-
-
/**昵称**/
-
@Column(name =
"user_name" ,length =
20)
-
private String userName;
-
-
/**头像**/
-
@Column(name =
"user_head" ,length =
30)
-
private String userHead;
-
-
/**手机**/
-
@Column(name =
"user_phone" ,length =
20)
-
private String userPhone;
-
-
/**邮箱**/
-
@Column(name =
"user_email" ,length =
30)
-
private String userEmail;
-
-
/**性别**/
-
@Column(name =
"user_sex")
-
private Integer userSex;
-
-
/**生日**/
-
@Column(name =
"user_birthday" ,length =
30)
-
private String userBirthday;
-
-
/**注册时间**/
-
@Column(name =
"register_time" ,length =
30)
-
private String registerTime;
-
-
/**部门编码**/
-
@Column(name =
"department_key" ,length =
20)
-
private String departmentKey;
-
-
-
/**用户角色**/
-
@ManyToMany(fetch = FetchType.EAGER)
-
@JoinTable(name =
"sys_user_role", joinColumns = {
@JoinColumn(name =
"user_id") }, inverseJoinColumns = {
@JoinColumn(name =
"role_id") })
-
@Cache(region =
"all", usage = CacheConcurrencyStrategy.READ_WRITE)
-
private Set<SysRole> roles =
new HashSet<SysRole>();
-
-
-
/**get/set**/
-
-
-
/**主键**/
-
public Long getUserId(){
-
return userId;
-
}
-
/**主键**/
-
public void setUserId(Long userId){
-
this.userId= userId;
-
}
-
/**登录账号**/
-
public String getLoginAccount(){
-
return loginAccount;
-
}
-
/**登录账号**/
-
public void setLoginAccount(String loginAccount){
-
this.loginAccount= loginAccount;
-
}
-
/**登录密码**/
-
public String getLoginPass(){
-
return loginPass;
-
}
-
/**登录密码**/
-
public void setLoginPass(String loginPass){
-
this.loginPass= loginPass;
-
}
-
/**昵称**/
-
public String getUserName(){
-
return userName;
-
}
-
/**昵称**/
-
public void setUserName(String userName){
-
this.userName= userName;
-
}
-
/**头像**/
-
public String getUserHead(){
-
return userHead;
-
}
-
/**头像**/
-
public void setUserHead(String userHead){
-
this.userHead= userHead;
-
}
-
/**手机**/
-
public String getUserPhone(){
-
return userPhone;
-
}
-
/**手机**/
-
public void setUserPhone(String userPhone){
-
this.userPhone= userPhone;
-
}
-
/**邮箱**/
-
public String getUserEmail(){
-
return userEmail;
-
}
-
/**邮箱**/
-
public void setUserEmail(String userEmail){
-
this.userEmail= userEmail;
-
}
-
/**性别**/
-
public Integer getUserSex(){
-
return userSex;
-
}
-
/**性别**/
-
public void setUserSex(Integer userSex){
-
this.userSex= userSex;
-
}
-
/**生日**/
-
public String getUserBirthday(){
-
return userBirthday;
-
}
-
/**生日**/
-
public void setUserBirthday(String userBirthday){
-
this.userBirthday= userBirthday;
-
}
-
/**注册时间**/
-
public String getRegisterTime(){
-
return registerTime;
-
}
-
/**注册时间**/
-
public void setRegisterTime(String registerTime){
-
this.registerTime= registerTime;
-
}
-
-
public Set<SysRole> getRoles() {
-
return roles;
-
}
-
public void setRoles(Set<SysRole> roles) {
-
this.roles = roles;
-
}
-
-
-
}
角色实体SysRole:
-
import java.util.Set;
-
-
import javax.persistence.Column;
-
import javax.persistence.ElementCollection;
-
import javax.persistence.Entity;
-
import javax.persistence.GeneratedValue;
-
import javax.persistence.Id;
-
import javax.persistence.JoinColumn;
-
import javax.persistence.JoinTable;
-
import javax.persistence.Table;
-
-
import org.hibernate.annotations.Cache;
-
import org.hibernate.annotations.CacheConcurrencyStrategy;
-
-
-
import yfkj.gz.support.BaseEntity;
-
-
/**
-
* 角色的实体类
-
*/
-
@Entity
-
@Table(name =
"sys_role")
-
@Cache(region =
"all", usage = CacheConcurrencyStrategy.READ_WRITE)
-
public
class SysRole extends BaseEntity{
-
-
// 各个字段的含义请查阅文档的数据库结构部分
-
private
static
final
long serialVersionUID =
6019103858711599150L;
-
@Id
-
@GeneratedValue
-
@Column(name =
"role_id")
-
private Long roleId;
-
@Column(name =
"role_key", length =
40, nullable =
false, unique =
true)
-
private String roleKey;
-
@Column(name =
"role_value", length =
40, nullable =
false)
-
private String roleValue;
-
@Column(name =
"create_time", length =
30)
-
private String createTime;
-
@Column(name =
"description", length =
200)
-
private String description;
-
-
@ElementCollection
-
@JoinTable(name =
"sys_role_permission", joinColumns = {
@JoinColumn(name =
"role_id") })
-
@Cache(region =
"all", usage = CacheConcurrencyStrategy.READ_WRITE)
-
private Set<String> permissions;
-
-
@Column(name=
"company_id")
-
private Long companyId;
-
-
public SysRole() {
-
-
}
-
-
-
-
public Long getRoleId() {
-
return roleId;
-
}
-
-
public void setRoleId(Long roleId) {
-
this.roleId = roleId;
-
}
-
-
public String getRoleKey() {
-
return roleKey;
-
}
-
-
public void setRoleKey(String roleKey) {
-
this.roleKey = roleKey;
-
}
-
-
public String getRoleValue() {
-
return roleValue;
-
}
-
-
public void setRoleValue(String roleValue) {
-
this.roleValue = roleValue;
-
}
-
-
public String getCreateTime() {
-
return createTime;
-
}
-
-
public void setCreateTime(String createTime) {
-
this.createTime = createTime;
-
}
-
-
public String getDescription() {
-
return description;
-
}
-
-
public void setDescription(String description) {
-
this.description = description;
-
}
-
-
public Set<String> getPermissions() {
-
return permissions;
-
}
-
-
public void setPermissions(Set<String> permissions) {
-
this.permissions = permissions;
-
}
-
-
public Long getCompanyId() {
-
return companyId;
-
}
-
-
public void setCompanyId(Long companyId) {
-
this.companyId = companyId;
-
}
-
-
}
源码地址: https://git.oschina.net/gzsjd/task
扫一扫
65
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
