导入jar包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
认证
public class UserRealm extends AuthorizingRealm {
@Autowired
private SysUserDao sysUserDao;
@Autowired
private SysMenuDao sysMenuDao;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SysUserEntity user = (SysUserEntity) principals.getPrimaryPrincipal();
Long userId = user.getUserId();
List<String> permsList;
if (userId == Constant.SUPER_ADMIN) {
List<SysMenuEntity> menuList = sysMenuDao.queryList(new HashMap<>());
permsList = new ArrayList<>(menuList.size());
for (SysMenuEntity menu : menuList) {
permsList.add(menu.getPerms());
}
} else {
permsList = sysUserDao.queryAllPerms(userId);
}
Set<String> permsSet = new HashSet<String>();
if (permsList != null && permsList.size() != 0) {
for (String perms : permsList) {
if (StringUtils.isBlank(perms)) {
continue;
}
permsSet.addAll(Arrays.asList(perms.trim().split(",")));
}
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setStringPermissions(permsSet);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
String password = new String((char[]) token.getCredentials());
SysUserEntity user = sysUserDao.queryByUserName(username);
if (user == null) {
throw new UnknownAccountException("账号或密码不正确");
}
if (!password.equals(user.getPassword())) {
throw new IncorrectCredentialsException("账号或密码不正确");
}
if (user.getStatus() == 0) {
throw new LockedAccountException("账号已被锁定,请联系管理员");
}
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession(true);
session.setAttribute(Constant.CURRENT_USER, user);
List<String> permsList;
if (Constant.SUPER_ADMIN == user.getUserId()) {
List<SysMenuEntity> menuList = sysMenuDao.queryList(new HashMap<String, Object>());
permsList = new ArrayList<>(menuList.size());
for (SysMenuEntity menu : menuList) {
permsList.add(menu.getPerms());
}
} else {
permsList = sysUserDao.queryAllPerms(user.getUserId());
}
J2CacheUtils.put(Constant.PERMS_LIST + user.getUserId(), permsList);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
return info;
}
}
增加配置类
@Configuration
@Slf4j
public class ShiroConfig {
@Bean(name = "securityManager")
public SecurityManager securityManager(@Qualifier("userRealm") UserRealm userRealm,
@Qualifier("cookieRememberMeManager") CookieRememberMeManager cookieRememberMeManager) {
log.info("securityManager()");
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
securityManager.setRememberMeManager(cookieRememberMeManager);
return securityManager;
}
@Bean(name = "userRealm")
public UserRealm myAuthRealm(
@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
log.info("myShiroRealm()");
UserRealm myAuthorizingRealm = new UserRealm();
return myAuthorizingRealm;
}
@Bean
public SimpleCookie rememberMeCookie() {
log.info("rememberMeCookie()");
SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
simpleCookie.setMaxAge(259200);
return simpleCookie;
}
@Bean(name = "cookieRememberMeManager")
public CookieRememberMeManager rememberMeManager() {
System.out.println("rememberMeManager()");
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
return cookieRememberMeManager;
}
@Bean(name = "hashedCredentialsMatcher")
public HashedCredentialsMatcher hashedCredentialsMatcher() {
log.info("hashedCredentialsMatcher()");
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
hashedCredentialsMatcher.setHashIterations(1024);
return hashedCredentialsMatcher;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
@Qualifier("securityManager") SecurityManager securityManager) {
log.info("authorizationAttributeSourceAdvisor()");
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager) {
log.info("shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new LinkedHashMap<String, String>();
map.put("/sys/login", "anon");
map.put("/statics/**","anon");
map.put("/js/**","anon");
map.put("/captcha.jpg","anon");
map.put("/test.html","anon");
map.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/login.html");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index.html");
// 未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
}
Shiro工具类
public class ShiroUtils {
public static Session getSession() {
Subject subject=SecurityUtils.getSubject();
return subject.getSession();
}
public static Subject getSubject() {
return SecurityUtils.getSubject();
}
public static SysUserEntity getUserEntity() {
return (SysUserEntity) SecurityUtils.getSubject().getPrincipal();
}
public static Long getUserId() {
return getUserEntity().getUserId();
}
public static void setSessionAttribute(Object key, Object value) {
System.out.println(getSession());
getSession().setAttribute(key, value);
}
public static Object getSessionAttribute(Object key) {
return getSession().getAttribute(key);
}
public static boolean isLogin() {
return SecurityUtils.getSubject().getPrincipal() != null;
}
public static void logout() {
SecurityUtils.getSubject().logout();
}
public static String getKaptcha(String key) {
String kaptcha;
try {
kaptcha = getSessionAttribute(key).toString();
getSession().removeAttribute(key);
} catch (Exception e) {
return null;
}
return kaptcha;
}
}
登录授权
@ResponseBody
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public R login(String username, String password, String captcha) throws IOException {
String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
if(null == kaptcha){
return R.error("验证码已失效");
}
if (!captcha.equalsIgnoreCase(kaptcha)) {
return R.error("验证码不正确");
}
try {
Subject subject = ShiroUtils.getSubject();
password = new Sha256Hash(password).toHex();
log.info("password:{}",password);
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
log.info("token={}",token);
subject.login(token);
} catch (UnknownAccountException e) {
return R.error(e.getMessage());
} catch (IncorrectCredentialsException e) {
return R.error(e.getMessage());
} catch (LockedAccountException e) {
return R.error(e.getMessage());
} catch (AuthenticationException e) {
log.info("{}",e);
return R.error("账户验证失败");
}
return R.ok();
}