这里简单完成一个shiro的单点登陆(用redis)启动两个节点

首先最开始就是springboot整合shiro
这个网上蛮多的，这里我先不弄
看到网上蛮多资料都是shiro单点登陆整合redis
说白了就是shiro登陆后将登陆信息给session了 可是另外一个节点的shiro没有这个session的信息 于是干脆把第一个登陆的信息保存到session中然后再交给一个公共的redis。另外一个节点的shiro也整合这个redis,所以他们的session里面的登陆信息是共享的.于是登陆另一个节点，就可以直接登陆了
大致就是这个情况
有空再写个shiro源码的分析

这里做一个简单的所以很多东西做一个最简化的操作，密码会加密一下
这里用的springboot
我项目中用的分布式整合dobbox这里不做介绍 先把消费端展示

这里ckwesm-controller-c4和ckwesm-controller-c6是一样的代码 ，这里就是做了一个集群操作完成单点登陆
分布式方面暂时不考虑 ，以后抽空再写一个

pom.xml这是maven导包
application.properties 这是配置 我这里主要配置下redis的端口
ShiroConfiguration 这里是一个shiro的配置类
LoginRealm是做的一个ream这个可以看成realm的dao层数据源
UserContoroller这里是登陆页的后端接口

先说pom.xml，这里是spring整合redis redis整合shiro spring整合shiro的包 ，其他包暂时没有测过，不过这个是可以的

	<dependency>
		<groupId>org.springframework.data</groupId>
		<artifactId>spring-data-redis</artifactId>
	</dependency> 
	<dependency>
        <groupId>org.crazycake</groupId>
        <artifactId>shiro-redis</artifactId>
        <version>2.4.2.1-RELEASE</version>
    </dependency>
    <!--shiro  -->
	<dependency>
	    <groupId>org.apache.shiro</groupId>
	    <artifactId>shiro-spring</artifactId>
	    <version>1.3.2</version>
	</dependency>

这里我暂时在window上面操作测试的
redis服务端用的这个版本

启动redis服务端和redis客户端,只启动服务端就行。这里启动客户端是为了便于观测

再来说application.properties,下面是redis的端口和ip配置，这里由于是本机操作所以ip是127.0.0.1

spring.redis.database=0
spring.redis.host=127.0.0.1
spring.redis.port=6379
#spring.redis.password=gzsendi1!
#spring.redis.pool.max-active=10
#spring.redis.pool.max-wait=-1
#spring.redis.pool.max-idle=8
#spring.redis.pool.min-idle=0
spring.redis.timeout=0

然后再说shiro的filter核心配置ShiroConfiguration
package com.management.config;

import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.mindrot.jbcrypt.BCrypt;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.management.reaml.LoginRealm;

@Configuration
public class ShiroConfiguration {

@Value("${spring.redis.host}")
private String host;

@Value("${spring.redis.port}")
private int port;

@Bean
public Realm securityRealm() {
	LoginRealm loginRealm = new LoginRealm();
	loginRealm.setCredentialsMatcher(new CredentialsMatcher() {
		//@Override
		public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
			// TODO Auto-generated method stub
			UsernamePasswordToken userToken=(UsernamePasswordToken)token;
			//要验证的明文密码
			String plaintext = new String(userToken.getPassword());
			//数据库中加密后的密文
			String hashed=info.getCredentials().toString();
			return BCrypt.checkpw(plaintext, hashed);
		}
	});
	
	loginRealm.setCachingEnabled(false);
	return loginRealm;
}

@Bean(name="securityManager")
public SecurityManager securityManager() {
	DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
	securityManager.setRealm(securityRealm());
	securityManager.setSessionManager(sessionManager());
	return securityManager;
}

@Bean
public SessionManager sessionManager() {
	DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
	sessionManager.setSessionDAO(sessionDao());
	return sessionManager;
}

@Bean
SessionDAO sessionDao() {
	 RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
	 redisSessionDAO.setRedisManager(redisManager());
	 System.out.println("是否使用redis缓存");
      return redisSessionDAO;		
}

@Bean
public RedisManager redisManager() {
	System.out.println("交给redis");
	RedisManager redisManager = new RedisManager();
	redisManager.setHost(host);
	redisManager.setPort(port);
	redisManager.setExpire(1800);
	return redisManager;
}

@Bean(name="shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	shiroFilterFactoryBean.setSecurityManager(securityManager);
	shiroFilterFactoryBean.setLoginUrl("/oo");
	shiroFilterFactoryBean.setSuccessUrl("suceess.html");
	shiroFilterFactoryBean.setUnauthorizedUrl("/403.html");
	Map<String,String>filterChainDefinitionMap=new LinkedHashMap<String,String>();
	filterChainDefinitionMap.put("/favicon.ico","anon");
	filterChainDefinitionMap.put("/getcode","anon");
	filterChainDefinitionMap.put("/getExcel","anon");
	filterChainDefinitionMap.put("/js","anon");
	filterChainDefinitionMap.put("/css","anon");
	filterChainDefinitionMap.put("/jpg","anon");
	filterChainDefinitionMap.put("/gif","anon");
	filterChainDefinitionMap.put("/map","anon");
	filterChainDefinitionMap.put("/fonts/*","anon");
	filterChainDefinitionMap.put("/png","anon");
	filterChainDefinitionMap.put("/shutdown","anon");
	filterChainDefinitionMap.put("/getMan","anon");
	filterChainDefinitionMap.put("/addDoument","anon");
	filterChainDefinitionMap.put("/shenll","anon");
	filterChainDefinitionMap.put("/delDoument","anon");
	filterChainDefinitionMap.put("/sendMsg","anon");
	filterChainDefinitionMap.put("/delDoument","anon");
	filterChainDefinitionMap.put("/updateDoument","anon");
	filterChainDefinitionMap.put("/InputTest.html","anon");
	filterChainDefinitionMap.put("/jquery-2.2.4/jquery.js","anon");
	filterChainDefinitionMap.put("/getKeyWord","anon");
	filterChainDefinitionMap.put("/getFullMatch","anon");
	filterChainDefinitionMap.put("/getBlankExcel","anon");
	filterChainDefinitionMap.put("/druid/login.html","anon");
	filterChainDefinitionMap.put("/tologin*","anon");
    filterChainDefinitionMap.put("/**", "authc");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
	return shiroFilterFactoryBean;
}

}

下面一个个来做说明

这样我们的shiroconfig的配置就完成了
下面我们来看登陆接口
package com.management.controller.user;

import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.imageio.ImageIO;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.mindrot.jbcrypt.BCrypt;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.management.base.ApiResponse;
import com.management.base.Status;
import com.management.domain.user.User;
import com.management.utils.CodeUtil;
import io.swagger.annotations.ApiParam;

@Controller
public class UserController {

private static final String GET_CODE="/getcode";//验证码
private static final String TO_LOGIN="/tologin";//登陆
private static final String LOG_OUT="/logOut";//退出
private static final String LOG="login1.html";//登陆页
public static final String COOKIE_KEY="LOGIN_COOKIE";//cookie键
public static final String REQUEST_USER="REQUEST_USER";

@Autowired
private RedisTemplate<String, String> redisTemplate;

//生成BCrypt盐
public String encodeByBCrypt(String password) {
	String gensalt = BCrypt.gensalt();
    return BCrypt.hashpw(password, BCrypt.gensalt());
}

@RequestMapping("ii")
@ResponseBody
public String getII() {
	return "Hello World";
}

//生成验证码
@GetMapping(value=GET_CODE)
public void getCode(HttpServletRequest request,HttpServletResponse response,HttpSession session,Exception e) throws IOException {
	
	String uuid = UUID.randomUUID().toString();
	Cookie cookie = new Cookie(COOKIE_KEY, uuid);
	cookie.setHttpOnly(true);
	response.addCookie(cookie);
	try {
	} catch (Exception e1) {
		// TODO Auto-generated catch block
	  e1.printStackTrace();
	}
	
	System.out.println("第六个验证码======================================");
	System.out.println("六 sesssionID"+session.getId());
	
	Object[] objs = CodeUtil.createImage();
	String mm = (String) objs[0];
	System.out.println("code"+mm);
	redisTemplate.opsForValue().set(uuid, (String) objs[0], 1,TimeUnit.MINUTES);
	BufferedImage image = (BufferedImage)objs[1];
	response.setContentType("image/png");
	OutputStream outputStream = response.getOutputStream();
	ImageIO.write(image, "png", outputStream);
}


//登陆权限认证
@GetMapping(value=TO_LOGIN)
@ResponseBody
public ApiResponse login(User user,@ApiParam("密码") @RequestParam("code")String code,HttpServletRequest request,HttpServletResponse response) {
	
    String uuid=null;
	for(Cookie cookie:request.getCookies()) {
		String name = cookie.getName();
		if(COOKIE_KEY.equals(name)) {
		uuid=cookie.getValue();
		}
	}
	
	if(user.getUsername()!=null&&user.getUsername().trim()!=""&&user.getPassword()!=null&&user.getPassword().trim()!="") {
        String imgcode = redisTemplate.opsForValue().get(uuid);
		 if(code==null) {
			 return ApiResponse.ofStatus(Status.NO_CODE);
		 }
		 if(imgcode==null) {
			 return ApiResponse.ofStatus(Status.CODE_OVERTIME);
		 }
		 if(!imgcode.equals(code)) {
			 return ApiResponse.ofStatus(Status.ERROR_CONDE);
		 }
		 
		Subject subject = SecurityUtils.getSubject();
		if(subject.isAuthenticated()) {
			return ApiResponse.ofStatus(Status.USER_LOGINED);
		}
		AuthenticationToken token=new UsernamePasswordToken(user.getUsername(), user.getPassword());
		try {
			subject.login(token);
			Cookie cookie = new Cookie(REQUEST_USER, user.getUsername());
			cookie.setHttpOnly(true);
			response.addCookie(cookie);
			System.out.println("sessionid"+subject.getSession().getId());
			return ApiResponse.ofSuccess();
		} catch (AuthenticationException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
			return ApiResponse.ofStatus(Status.ERROR_USERNAMW_PASSWORD);
		}
	}
	else {
		
		return ApiResponse.ofStatus(Status.NO_USERNAME_PASSWORD);
	}
}

//退出登陆
@GetMapping(value=LOG_OUT)
@ResponseBody
public ApiResponse outLogin() {
	
	Subject subject = SecurityUtils.getSubject();
	if(subject.isAuthenticated()) {
		subject.logout();
		return ApiResponse.ofStatus(Status.LOGOUT_SUCCESS);
	}
	return ApiResponse.ofStatus(Status.LOGING_NOW);
}

}

还是一个个讲

这就是登陆操作
下面是我们的自定义realm
package com.management.reaml;

import java.util.List;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.alibaba.dubbo.config.annotation.Reference;
import com.management.domain.user.Permission;
import com.management.domain.user.Role;
import com.management.domain.user.User;
import com.management.interfer.user.PermissionServiceinterfer;
import com.management.interfer.user.RoleServiceinterfer;
import com.management.interfer.user.UserServiceInterfer;

@Component(“loginRealm”)
public class LoginRealm extends AuthorizingRealm{

@Autowired
private UserServiceInterfer userService;

@Reference
private RoleServiceinterfer roleService;

@Reference
private PermissionServiceinterfer permissionService;

@Autowired
private LoginRealm loginRealm;

@Override
//授权
public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
	// TODO Auto-generated method stub
	System.out.println("授权");
	SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
	Subject subject = SecurityUtils.getSubject();
	User user = (User)subject.getPrincipal();
	List<Role>roles=roleService.findByUser(user);
	List<Permission> permission = permissionService.findByUser(user);
	return simpleAuthorizationInfo;
}


@Override 
//认证
public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	
	UsernamePasswordToken usernamePasswordToken=(UsernamePasswordToken)token;
	String username = usernamePasswordToken.getUsername();
	User user=userService.findByUsername(username);
	if(user==null)  {
		return null;
		
	}else {
		return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
	}
} 

}
下面一个个说
这里先不说授权操作，只说登陆操作

这里也把service和dao层一并沾上来
这里是service层

这里是dao层

我用的是mybatis所以下面是mapper

下面是数据库储存信息


另外一个节点代码一模一样

这里我们开始测试

先启动8089这个节点
获取密码

用户名密码登陆成功

这个节点登陆成功
下面我们来我们来反问另外一个节点信息，注意我们另外一个节点并没有做登陆操作哦，我们来访问一个没有登陆就没有访问权限的url

说明我们单点登陆操作成功，另外一个节点成功登陆