今天介绍shiro安全框架的应用,主要简介登录相关,权限控制此次不做讲解.项目框架为Springboot,Maven管理jar包.(万字,要有耐心喔)
1.maven引入shiro相关依赖
<dependency>
<groupId>org.apache.shirogroupId>
<artifactId>shiro-springartifactId>
<version>${shiro-spring.version}version>
dependency>
<dependency>
<groupId>org.crazycakegroupId>
<artifactId>shiro-redisartifactId>
<version>${shiro-redis.version}version>
<exclusions>
<exclusion>
<groupId>org.apache.shirogroupId>
<artifactId>shiro-coreartifactId>
exclusion>
exclusions>
dependency>
版本号:
<shiro-spring.version>1.4.0shiro-spring.version>
<shiro-redis.version>3.1.0shiro-redis.version>
2.shiro 配置类
package com.ym.auth.framework.config;
import com.ym.auth.common.utils.redis.RedisKeyUtil;
import com.ym.auth.framework.shiro.KickoutSessionControlFilter;
import com.ym.auth.framework.shiro.MySessionManager;
import com.ym.auth.framework.shiro.MyShiroRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.annotation.Resource;
import javax.servlet.Filter;
import java.time.Duration;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
*
*/
@Configuration
public class ShiroConfig {
@Resource
private RedisProperties redisProperties;
private Duration redisExpire = Duration.ofHours(1L);
public KickoutSessionControlFilter kickoutSessionFilter(){
KickoutSessionControlFilter kickoutSessionFilter = new KickoutSessionControlFilter();
//使用cacheManager获取相应的cache来缓存用户登录的会话;用于保存用户—会话之间的关系的;//这里我们还是用之前shiro使用的ehcache实现的cacheManager()缓存管理//也可以重新另写一个,重新配置缓存时间之类的自定义缓存属性//用于根据会话ID,获取会话进行踢出操作的;
kickoutSessionFilter.setCacheManager(myCacheManager());
kickoutSessionFilter.setSessionManager(sessionManager());
//是否踢出后来登录的,默认是false;即后者登录的用户踢出前者登录的用户;踢出顺序。
kickoutSessionFilter.setKickoutAfter(false);
//同一个用户最大的会话数,默认1;比如2的意思是同一个用户允许最多同时两个人登录;
kickoutSessionFilter.setMaxSession(5);
//被踢出后重定向到的地址;
kickoutSessionFilter.setKickoutUrl("/kickout");
return kickoutSessionFilter;
}
@Bean
public