shiro+SpringCloud
一.shiro
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。
主要功能
三个核心组件:Subject, SecurityManager 和 Realms.
- Subject:即“当前操作用户”。但是,在Shiro中,Subject这一概念并不仅仅指人,也可以是第三方进程、后台帐户(Daemon Account)或其他类似事物。它仅仅意味着“当前跟软件交互的东西”。Subject代表了当前用户的安全操作,SecurityManager则管理所有用户的安全操作。
- SecurityManager:它是Shiro框架的核心,典型的Facade模式,Shiro通过SecurityManager来管理内部组件实例,并通过它来提供安全管理的各种服务。
- Realm: Realm充当了Shiro与应用安全数据间的“桥梁”或者“连接器”。也就是说,当对用户执行认证(登录)和授权(访问控制)验证时,Shiro会从应用配置的Realm中查找用户及其权限信息。
1.实体类编写
1.1Role类
@Table(name = "tb_user")
public class User implements Serializable {
private static final long serialVersionUID = 4374725483383661051L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String username;
private String password;
private String name;
private Integer age;
private Integer sex;
private Date birthday;
private Date created;
private Date update
}
1.2User类
@ManyToMany(mappedBy = "roles")
private Set<User> users=new HashSet<>(0);
@ManyToMany(fetch = FetchType.EAGER)
private Set<com.zr0726.news.po.Permission> permissions=new HashSet<>(0);
1.3Permission类
@Entity
@Table(name="t_permission")
public class Permission implements Serializable {
private static final long serialVersionUID = 3210360881591198664L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String name;
private String code;
private String description;
2.编写realm
public class NewsRealm extends AuthorizingRealm {
public void setName(String name){setName("newsRealm");}
@Autowired
private UserService userService;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken)authenticationToken;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
User user = userService.checkUsers(username,password);
if(user!=null){
return new SimpleAuthenticationInfo(user,user.getPassword(),this.getName());
}
return null;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取认证用户数据
User user =(User)principalCollection.getPrimaryPrincipal();
//构造认证数据
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roles = user.getRoles();
for(Role role:roles){
//添加角色信息
info.addRole(role.getName());
for(Permission permission:role.getPermissions()){
//添加权限信息
info.addStringPermission(permission.getCode());
}
}
return info;
}
}
3.编写配置类
@Configuration
public class ShiroConfiguration {
//创建realm
@Bean
public NewsRealm getRealm(){return new NewsRealm();}
//创建安全管理器
@Bean
public SecurityManager securityManager(NewsRealm realm){
//使用默认的安全管理器
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);
//将自定义的realm交给安全管理器统一调度
return securityManager;
}
//配置shiro过滤工厂
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactory =new ShiroFilterFactoryBean();
shiroFilterFactory.setSecurityManager(securityManager);
//通用配置
shiroFilterFactory.setLoginUrl("/admin");
shiroFilterFactory.setUnauthorizedUrl("/admin");
/*
* key:请求路径
* value:过滤器类型
*/
Map<String,String> filterMap = new LinkedHashMap<>();
filterMap.put("/admin/types","perms[user-types]");
filterMap.put("/admin/news","perms[user-news]");
filterMap.put("/admin/tags","perms[user-tags]");
filterMap.put("/admin/login","anon");
filterMap.put("/admin/**","authc");
System.out.println(filterMap);
//设置过滤器
shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactory;
}
//开启shiro注解支持
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
二.SpringCloud微服务
1.创建工程
2.provider生产者
2.1实体类User
@Table(name = "tb_user")
public class User implements Serializable {
private static final long serialVersionUID = 4374725483383661051L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String username;
private String password;
private String name;
private Integer age;
private Integer sex;
private Date birthday;
private Date created;
private Date updated;
2.2服务层
@Service
public class UserService {
@Autowired(required = false)
private UserMapper userMapper;
public User queryById(Long id){
return this.userMapper.selectByPrimaryKey(id);
}
}
2.3Controller层
@Service
@RestController
@RequestMapping("user")
public class UserController {
@Autowired
private UserService userService;
@GetMapping("{id}")
public User queryById(@PathVariable("id") Long id){
return this.userService.queryById(id);
}
}
3.消费者
@Controller
@RequestMapping("consumer/user")
public class UserController {
@Autowired
private RestTemplate restTemplate;
@GetMapping
@ResponseBody
public User queryById(@RequestParam("id") Long id){
User user = this.restTemplate.getForObject("http://localhost:8081/user/"+id,User.class);
return user;
}
}
4.eureka注册
@SpringBootApplication
@EnableEurekaServer //声明当前springboot应用是一个eureka服务中心
public class EurekaApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaApplication.class, args);
}
}