配置时需要注意以下细节问题不然会发生配置不生效、302等问题
- 使用LinkedHashMap而不是HashMap
- anon必须在authc之前定义
shrio配置类:
@Configuration
public class ShiroConfig {
/**
* 配置自己的验证
* @return
*/
@Bean
public EmployeeRealm employeeRealm() {
EmployeeRealm employeeRealm = new EmployeeRealm();
return employeeRealm;
}
/**
* 权限管理,配置主要是Realm的管理认证
* @return
*/
@Bean("securityManager")
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(employeeRealm());
return securityManager;
}
/**
* Filter工厂,设置对应的过滤条件和跳转条件
* @param securityManager
* @return
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> filterMap = new LinkedHashMap<>();
//登出 logout退出标识
filterMap.put("/logout", "logout");
//anon 代表不验证
filterMap.put("/favicon.ico", "anon");
filterMap.put("/js/**", "anon");
filterMap.put("/css/**", "anon");
filterMap.put("/fonts/**", "anon");
filterMap.put("/images/**", "anon");
filterMap.put("/plugins/**", "anon");
filterMap.put("/webfonts/**", "anon");
filterMap.put("/login.html", "anon");
filterMap.put("/treeAdmin.json", "anon");
filterMap.put("/treeUser.json", "anon");
filterMap.put("/login", "anon");
//登录 设置登录映射地址
shiroFilterFactoryBean.setLoginUrl("/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("index.html");
//认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/");
//对所有用户认证 authc代表拦截
filterMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 加入注解的使用,不加入这个注解不生效
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
/**
* 不加这个注解不生效,具体不详
* @return
*/
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
}
[点击并拖拽以移动]
自定义的认证类:
/**
* @author cpm
* @Date: 2020/4/17 10:18
* @Description: 员工的realm管理
* shrio框架权限分为两个步骤:
* 1.认证
* 2.授权
*/
public class EmployeeRealm extends AuthorizingRealm {
@Autowired
private EmployeeService employeeService;
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取登录用户名
String username = (String)principalCollection.getPrimaryPrincipal();
//根据用户名去数据库查询用户信息
Employee employee = employeeService.getEmployeeWithEmpName(username);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
List<String> permissions = new ArrayList<>();
Logger logger = Logger.getGlobal();
if(employee.getEmpAdmin()){
logger.info("是管理员");
//代表所有权限
permissions.add("*:*");
}else {
logger.info("不是管理");
permissions.add("employee:employee");
}
simpleAuthorizationInfo.addStringPermissions(permissions);
//将当前用户存放到session中去
SecurityUtils.getSubject().getSession().setAttribute("currentUser",employee);
return simpleAuthorizationInfo;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取登录用户名
String username = (String) authenticationToken.getPrincipal();
//根据用户名去数据库查询用户信息
Employee employee = employeeService.getEmployeeWithEmpName(username);
if(employee == null) {
return null;
}else {
//验证账号密码
SimpleAuthenticationInfo simpleAuthenticationInfo =
new SimpleAuthenticationInfo(username, employee.getEmpPassword(), this.getName());
return simpleAuthenticationInfo;
}
}
}
pom依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>