Shiro
贯穿整个项目
权限管理:oa系统
Java安全框架,不属于三层框架的任何一层
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。
三个核心组件:Subject, SecurityManager 和 Realms.
shiro的基本流程:
以上都是shiro的基本流程,接下来以spring boot中添加shiro框架为例子阐述其用法
springboot整合shiro
第一步:
导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.4.1</version>
</dependency>
第二步:
编写自己的realm
public class MyRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
//要用service去调用dao
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//授权
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//认证
String name = token.getPrincipal().toString(); //获取到account
User user = userService.findUser(name); //根据account去检索用户信息
AuthenticationInfo info =null;
if(user!=null){
info = new SimpleAuthenticationInfo //将token中的密码和数据库的密码对比
(user.getUname(), user.getPassword(), getName());
}
return info;
}
}
第三步:
配置安全管理器,spring boot用类配置,而不用xml配置了,注意注解config
而且还需要像controller一样在application类中扫包
@Configuration
public class ShiroConfig {
@Bean(name = "myRealm1")
public MyRealm getMyRealm(){
return new MyRealm();
}
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("myRealm1") MyRealm realm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//注入安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
//认证失败需要跳转的地址,也是项目空url默认路径
shiroFilterFactoryBean.setLoginUrl("/html/login.html");
//授权失败需要跳转的地址
shiroFilterFactoryBean.setUnauthorizedUrl("/html/fail.html");
//设置访问路径的权限,hashmap是无序的,不能在权限判断这儿用,只能LinkedHashMap
Map<String,String> fmap = new LinkedHashMap<String,String>();
fmap.put("/html/login.html","anon");
fmap.put("/html/register.html","anon");
fmap.put("/register","anon");
fmap.put("/allUser","anon");
fmap.put("/login","anon");
fmap.put("html/main.html","authc");
fmap.put("/loginout","logout");
fmap.put("/**","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(fmap);
return shiroFilterFactoryBean;
}