SHIRO权限管理
- ShiroConfiguration
@Configuration
public class ShiroConfiguration {
//创建realm
@Bean
public NewsRealm getRealm(){return new NewsRealm();}
//创建安全管理器
@Bean
public SecurityManager securityManager(NewsRealm realm){
//使用默认的安全管理器
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);
//将自定义的realm交给安全管理器统一调度
return securityManager;
}
//配置shiro过滤工厂
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactory =new ShiroFilterFactoryBean();
shiroFilterFactory.setSecurityManager(securityManager);
//通用配置
shiroFilterFactory.setLoginUrl("/admin");
shiroFilterFactory.setUnauthorizedUrl("/admin");
/*
* key:请求路径
* value:过滤器类型
*/
Map<String,String> filterMap = new LinkedHashMap<>();
filterMap.put("/admin/types","perms[user-types]");
filterMap.put("/admin/news","perms[user-news]");
filterMap.put("/admin/tags","perms[user-tags]");
filterMap.put("/admin/login","anon");
filterMap.put("/admin/**","authc");
System.out.println(filterMap);
//设置过滤器
shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactory;
}
//开启shiro注解支持
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
- NewRealm
public class NewsRealm extends AuthorizingRealm {
public void setName(String name){setName("newsRealm");}
@Autowired
private UserService userService;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken)authenticationToken;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
User user = userService.checkUsers(username,password);
if(user!=null){
return new SimpleAuthenticationInfo(user,user.getPassword(),this.getName());
}
return null;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取认证用户数据
User user =(User)principalCollection.getPrimaryPrincipal();
//构造认证数据
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roles = user.getRoles();
for(Role role:roles){
//添加角色信息
info.addRole(role.getName());
for(Permission permission:role.getPermissions()){
//添加权限信息
info.addStringPermission(permission.getCode());
}
}
return info;
}
}
- loginController
@PostMapping("/login")
public String login(@RequestParam String username, @RequestParam String password,
HttpSession session, RedirectAttributes attributes){
// User user = userService.checkUsers(username,password);
// if(user!=null){
// user.setPassword(null);
// session.setAttribute("user",user);
// return "admin/index";
// }else {
// attributes.addFlashAttribute("message","用户名或密码错误");
// return "redirect:/admin";
// }
try{
//构造登录令牌
UsernamePasswordToken upToken = new UsernamePasswordToken(username,password);
//获取subject
Subject subject = SecurityUtils.getSubject();
subject.login(upToken);
User user = (User) subject.getPrincipal();
session.setAttribute("user",user);
return "admin/index";
}catch (Exception e){
attributes.addFlashAttribute("message","用户名或密码错误");
return "redirect:/admin";
}
}
- 数据库
- 结果演示
仅可以对新闻进行操作
对标签和分类是不能操作的。
微服务
1.创建工程
2.provider
- application.yml配置
server:
port: 8081
spring:
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/db?serverTimezone=Asia/Shanghai
username: root
password: 123456
application:
name: service-provider
mybatis:
type-aliases-package: com.lin.service.provider.po
eureka:
client:
service-url:
defaultZone: http://localhost:10086/eureka
- 实体类User
@Table(name = "tb_user")
public class User implements Serializable {
private static final long serialVersionUID = 4374725483383661051L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String username;
private String password;
private String name;
private Integer age;
private Integer sex;
private Date birthday;
private Date created;
private Date update
}
- UserMapper
@org.apache.ibatis.annotations.Mapper
public interface UserMapper extends Mapper<User> {
}
- UserService
@Service
public class UserService {
@Autowired(required = false)
private UserMapper userMapper;
public User queryById(Long id){
return this.userMapper.selectByPrimaryKey(id);
}
}
5.UserController
@RestController
@RequestMapping("user")
public class UserController {
@Autowired
private UserService userService;
@GetMapping("{id}")
public User queryById(@PathVariable("id") Long id){
return this.userService.queryById(id);
}
}
- 运行结果
3.consumer
- application.yml
server:
port: 80
- ConsumerApplication
@SpringBootApplication
public class ConsumerApplication {
//注册RestTemplate
@Bean
public RestTemplate restTemplate(){
return new RestTemplate();
}
public static void main(String[] args) {
SpringApplication.run(ConsumerApplication.class, args);
}
}
- UserController
@Controller
@RequestMapping("consumer/user")
public class UserController {
@Autowired
private RestTemplate restTemplate;
@GetMapping
@ResponseBody
public User queryById(@RequestParam("id") Long id){
User user = this.restTemplate.getForObject("http://localhost:8081/user/"+id,User.class);
return user;
}
}
- 实体类跟provider一样
- 运行结果
3.eureka
- application.yml
server:
port: 10086
spring:
application:
name: eureka-server
eureka:
client:
service-url:
defaultZone: http://localhost:${server.port}/eureka
- EurekaApplication
@SpringBootApplication
@EnableEurekaServer //声明当前springboot应用是一个eureka服务中心
public class EurekaApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaApplication.class, args);
}
}
- 运行结果