springboot和shiro整合

最新推荐文章于 2022-07-27 15:35:06 发布
最新推荐文章于 2022-07-27 15:35:06 发布
阅读量92 收藏
点赞数
文章标签: java web.xml python
原文链接:https://my.oschina.net/zjItLife/blog/761838
版权

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

虽然网上一大堆这方面的文章,可是自己去整合还是会遇到这样那样的问题。今天写出来等待和我一样遇到相同问题的人看见。

首先明白一点springboot之后,web.xml配置基本上就是用不上了。那么,我们的shiro整合需要将那些xml和web.xml文件里面的内容整合到系统中。

我把我这方面的代码全部贴出来,然后再一一阐述我遇到的问题。

package com.framework.demo.web.boot.shiro;

import com.framework.demo.web.controller.collection.MyFilter;
import org.apache.shiro.cache.spring.SpringCacheManagerWrapper;
import org.apache.shiro.realm.UserRealm;
import org.apache.shiro.session.mgt.OnlineSessionFactory;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.OnlineSessionDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.CustomFormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.filter.online.OnlineSessionFilter;
import org.apache.shiro.web.filter.sync.SyncOnlineSessionFilter;
import org.apache.shiro.web.filter.user.SysUserFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.OnlineWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.cache.ehcache.EhCacheCacheManager;
import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.core.io.support.ResourcePatternResolver;
import org.springframework.web.filter.DelegatingFilterProxy;

import javax.annotation.Resource;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * Created by demo .
 * Auth: hyssop
 * Date: 2016-09-28-17:50
 */
@Configuration
public class ShiroConfiguration {

    private final String key = "4AvVhmFLUs0KTA3Kprsdag==";
    private final String cookiename = "rememberMe";

    private final String cookiepath = "/";

    private final boolean httponly = true;

    private final Integer maxage = -1;

    private final String blockurl = "/user/login?blocked=1";

    private final String notfoundurl = "/user/login?notfound=1";

    private final String errorurl = "/user/login?unknown=1";

    private final String logouturl = "/user/login?forcelogout=1";

    private final String sucessurl = "/user/login";


    private final String asessioncachename = "shiro-activeSessionCache";

    private final Long globalSessionTimeout = Long.parseLong("1800000");

    private final String loginurl = "/user/login";

    private final String unauthurl = "/unauthorized";

    private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

    @Bean("sessionManager")
    public OnlineWebSessionManager getOnlineWebSessionManager(OnlineSessionDAO onlineSessionDAO, SpringCacheManagerWrapper shiroCacheManager) {
        OnlineWebSessionManager onlineWebSessionManager = new OnlineWebSessionManager();
        onlineWebSessionManager.setGlobalSessionTimeout(globalSessionTimeout);
        onlineWebSessionManager.setSessionFactory(getOnlineSessionFactory());
        onlineWebSessionManager.setSessionDAO(onlineSessionDAO);
        onlineWebSessionManager.setDeleteInvalidSessions(false);
        onlineWebSessionManager.setSessionValidationInterval(globalSessionTimeout);
        onlineWebSessionManager.setSessionValidationSchedulerEnabled(true);
        onlineWebSessionManager.setCacheManager(shiroCacheManager);
        onlineWebSessionManager.setSessionIdCookieEnabled(true);
        onlineWebSessionManager.setSessionIdCookie(getSimpleCookie());
        return onlineWebSessionManager;
    }

    @Bean(name = "shiroFilter")
    @Autowired
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(OnlineSessionDAO onlineSessionDAO, DefaultWebSecurityManager securityManager, OnlineSessionFilter onlineSessionFilter, LogoutFilter logoutFilter, SysUserFilter sysUserFilter, SyncOnlineSessionFilter syncOnlineSessionFilter) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean
                .setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl(loginurl);
        shiroFilterFactoryBean.setUnauthorizedUrl(unauthurl);
        Map<String, Filter> map = new HashMap<String, Filter>();
        map.put("authc", getCustomFormAuthenticationFilter());
        map.put("logout", logoutFilter);
        map.put("sysUser", sysUserFilter);
        map.put("onlineSession", onlineSessionFilter);
        map.put("syncOnlineSession", syncOnlineSessionFilter);
        map.put("myfilter", getMyFilter());
        shiroFilterFactoryBean.setFilters(map);

        filterChainDefinitionMap.put("/static/**", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/css/**", "anon");
      /*  filterChainDefinitionMap.put("/favicon.ico", "anon");*/
        filterChainDefinitionMap.put("/images/**", "anon");
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/user/login", "authc");
        filterChainDefinitionMap.put("/**", "sysUser,onlineSession,syncOnlineSession,perms,roles");
        shiroFilterFactoryBean
                .setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    @Bean(name = "userRealm")
    @Autowired
    public UserRealm getShiroRealm(ApplicationContext ctx) {
        UserRealm userRealm = new UserRealm(ctx);
        return userRealm;
    }
    @Bean(name = "sessionIdGenerator")
    public JavaUuidSessionIdGenerator getJavaUuidSessionIdGenerator() {
        return new JavaUuidSessionIdGenerator();
    }

    @Bean(name = "OnlineSessionFactory")
    public OnlineSessionFactory getOnlineSessionFactory() {
        OnlineSessionFactory onlineSessionFactory = new OnlineSessionFactory();
        return onlineSessionFactory;
    }

    @Bean(name = "rememberMeManager")
    public CookieRememberMeManager getCookieRememberMeManager(SimpleCookie rememberMeCookie) {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCipherKey(org.apache.shiro.codec.Base64.decode(key));
        cookieRememberMeManager.setCookie(rememberMeCookie);
        return cookieRememberMeManager;
    }

    @Bean(name = "sessionIdCookie")
    public SimpleCookie getSimpleCookie() {
        SimpleCookie simpleCookie = new SimpleCookie(cookiename);
        simpleCookie.setPath(cookiepath);
        simpleCookie.setHttpOnly(httponly);
        simpleCookie.setMaxAge(maxage);
        return simpleCookie;
    }

    @Bean(name = "rememberMeCookie")
    public SimpleCookie getRemSimpleCookie() {
        SimpleCookie simpleCookie = new SimpleCookie(cookiename);
        simpleCookie.setPath(cookiepath);
        simpleCookie.setHttpOnly(httponly);
        simpleCookie.setMaxAge(maxage);
        return simpleCookie;
    }

    @Bean(name = "springCacheManager")
    @Resource
    public EhCacheCacheManager getSpringCacheManagerWrapper(EhCacheManagerFactoryBean ehCacheManagerFactoryBean) {
        EhCacheCacheManager ehCacheCacheManager = new EhCacheCacheManager();
        ehCacheCacheManager.setCacheManager(ehCacheManagerFactoryBean.getObject());
        return ehCacheCacheManager;
    }

    @Bean(name = "shiroCacheManager")
    public SpringCacheManagerWrapper getShiroCacheManager(EhCacheCacheManager ehCacheCacheManager) {
        SpringCacheManagerWrapper springCacheManagerWrapper = new SpringCacheManagerWrapper();
        springCacheManagerWrapper.setCacheManager(ehCacheCacheManager);
        return springCacheManagerWrapper;
    }


    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
        daap.setProxyTargetClass(false);
        return daap;
    }

    @Bean(name ="ehCacheManagerFactoryBean")
    public EhCacheManagerFactoryBean getEhCacheCacheManager() {
        EhCacheManagerFactoryBean ehCacheManagerFactoryBean = new EhCacheManagerFactoryBean();
        ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
        ehCacheManagerFactoryBean.setConfigLocation(resolver.getResource("classpath:conf/ehcache/ehcache_es.xml"));
        return ehCacheManagerFactoryBean;

    }

    @Bean(name = "securityManager")
    @Autowired
    public DefaultWebSecurityManager getDefaultWebSecurityManager(UserRealm userRealm, OnlineWebSessionManager onlineWebSessionManager, CookieRememberMeManager cookieRememberMeManager) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
        dwsm.setRealm(userRealm);
        dwsm.setSessionManager(onlineWebSessionManager);
        dwsm.setRememberMeManager(cookieRememberMeManager);
        return dwsm;
    }

    @Bean(name = "sysUserFilter")
    public SysUserFilter getSysUserFilter() {
        SysUserFilter sysUserFilter = new SysUserFilter();
        sysUserFilter.setUserBlockedUrl(blockurl);
        sysUserFilter.setUserNotfoundUrl(notfoundurl);
        sysUserFilter.setUserUnknownErrorUrl(errorurl);
        return sysUserFilter;
    }

    @Autowired
    @Bean(name = "onlineSessionFilter")
    public OnlineSessionFilter getOnlineSessionFilter(OnlineSessionDAO onlineSessionDAO) {
        OnlineSessionFilter onlineSessionFilter = new OnlineSessionFilter();
        onlineSessionFilter.setForceLogoutUrl(logouturl);
        onlineSessionFilter.setOnlineSessionDAO(onlineSessionDAO);
        return onlineSessionFilter;
    }

    @Autowired
    @Bean(name = "syncOnlineSessionFilter")
    public SyncOnlineSessionFilter getSyncOnlineSessionFilter(OnlineSessionDAO onlineSessionDAO) {
        SyncOnlineSessionFilter syncOnlineSessionFilter = new SyncOnlineSessionFilter();
        syncOnlineSessionFilter.setOnlineSessionDAO(onlineSessionDAO);
        return syncOnlineSessionFilter;
    }

    public CustomFormAuthenticationFilter getCustomFormAuthenticationFilter() {
        CustomFormAuthenticationFilter customFormAuthenticationFilter = new CustomFormAuthenticationFilter();
        customFormAuthenticationFilter.setDefaultSuccessUrl(sucessurl);
        customFormAuthenticationFilter.setAdminDefaultSuccessUrl(sucessurl);
        customFormAuthenticationFilter.setUsernameParam("username");
        customFormAuthenticationFilter.setPasswordParam("password");
        customFormAuthenticationFilter.setRememberMeParam("rememberMe");
        return customFormAuthenticationFilter;
    }

    @Bean(name = "logoutFilter")
    public LogoutFilter getLogoutFilter() {
        LogoutFilter logoutFilter = new LogoutFilter();
        logoutFilter.setRedirectUrl(sucessurl);
        return logoutFilter;
    }

    @Bean(name = "onlineSessionDAO")
    public OnlineSessionDAO getOnlineSessionDAO(JavaUuidSessionIdGenerator sessionIdGenerator) {
        OnlineSessionDAO onlineSessionDAO = new OnlineSessionDAO();
        onlineSessionDAO.setSessionIdGenerator(sessionIdGenerator);
        onlineSessionDAO.setActiveSessionsCacheName(asessioncachename);
        return onlineSessionDAO;
    }

    @Bean
    @Autowired
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
        aasa.setSecurityManager(securityManager);
        return new AuthorizationAttributeSourceAdvisor();
    }

    /*给自己留了一个口加过滤器*/
    public MyFilter getMyFilter() {
        return new MyFilter();
    }

    public static Map<String, String> getFilterChainDefinitionMap() {
        return filterChainDefinitionMap;
    }

    public static void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) {
        ShiroConfiguration.filterChainDefinitionMap = filterChainDefinitionMap;
    }

    @Bean
    public FilterRegistrationBean filterRegistrationBean() {
        FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
        DelegatingFilterProxy delegatingFilterProxy = new DelegatingFilterProxy("shiroFilter");
        delegatingFilterProxy.setTargetFilterLifecycle(true);
        filterRegistration.setEnabled(true);
        filterRegistration.setFilter(delegatingFilterProxy); //  该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理  filterRegistration.addInitParameter("targetFilterLifecycle", "true");
        filterRegistration.addUrlPatterns("/*");
        filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
        return filterRegistration;
    }

}

问题1:filter造成了一个死循环的局面

刚开始整合完毕的时候,我迫不及待的而启动项目,发现我的filter过滤器在无限次的执行,一遍一遍执行停不下来。

我跟了下代码发现了每次请求的时候shiro是通过类AdviceFilter的doFilterInternal方法在执行过滤。

截图我的过滤器形式是:

sysUserFilter->onlineSessionFilter->syncOnlineSessionFilter->formAuthenticationFilter->logoutFilter->myFilter->Jetty_WebSocketUpgradeFilter->dispatcherServlet@7ef5559e==org.springframework.web.servlet.DispatcherServlet,-1,true

很明显,sysUserFilter是一个代理过滤器,它代理了后面的过滤器,而这些过滤器貌似又让我配置到的spring环境中,这样在sysUserFilter中调用后面的过滤器,后面的过滤器后能通过DispatcherServlet找到sysUserFilter过滤器,这样会造成一个死循环的局面。究其原因,是我配置有误:我把所有的过滤器生成类都用@Bean标注了。我将其删除问题消失。

问题2:remeber base64是shiro的类,且不可将其配置成其他的base64(比如common包里的或者jdk里的)。

欢迎加入微信公众号:hyssop的后花园

转载于:https://my.oschina.net/zjItLife/blog/761838

weixin_33894640
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
SpringBoot整合shiro
xk147258的博客
09-19 126
1、添加shiro依赖 <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.3.2</...
SpringBoot-Shiro整合权限管理源码
04-24
SpringBoot整合Shiro使得权限管理变得简单易行,它提供了灵活的认证和授权机制。通过阅读和理解`springboot-shiro`的源码,开发者可以快速上手,并在实际项目中实现高效的权限管理功能。记得在实际操作中,根据项目...
java web项目里ehcache.xml的参数说明
涂作权的博客
02-23 1572
name:缓存名称。        maxElementsInMemory:缓存最大个数。        eternal:对象是否永久有效,一但设置了,timeout将不起作用。        timeToIdleSeconds:设置对象在失效前的允许闲置时间(单位:秒)。仅当eternal=false对象不是永久有效时使用,可选属性,默认值是0,也就是可闲置时间无穷大。        t
Spring Cache 学习笔记
Adeluoo的博客
07-27 289
是一个框架,实现了基于注解的缓存功能,只需要简单地加一个注解,就能实现缓存功能。SpringCahce提供了一层抽象,底层可以切换不同的cache实现。具体就是通过CacheManager接口来统一不同的缓存技术。CacheManager是Spring提供的各种缓存技术抽象接口。...
Shiro 设置session超时时间
zsg88的专栏
04-06 5万+
系统默认超时时间是180000毫秒(30分钟),可以通过下面2中方式设置自定义的超时时间。 一: 配置文件 二:通过api Shiro的Session接口有一个setTimeout()方法,登录后,可以用如下方式取得session SecurityUtils.getSubject().get
彻底解决session设置timeout不起作用、自动失效的方法
yangfz8899的专栏
04-20 1万+
[转帖]彻底解决session设置timeout不起作用、自动失效的方法 系统运行环境:win2003+iis6.0+asp做了多次测试,居然不好用,这是为什么呢,上网找了许多资料,但是都属于session的基础篇,所以狠下心来,也不找了,自己研究吧,但是无论多少次测试却都无效,没办法了,换个方法试试吧,用cookies配合下session,看看效果,这一试问题居然解决了,结果出来了,得出论证了,原来如此,下面我来说下解决方法:以下是代码片段:’-- 用户登录成功后将用户名及用户级别等一些信息存入sessi
SpringBoot整合Shiro+JWT
05-15
以上就是SpringBoot整合Shiro和JWT实现用户认证的基本流程。这个Demo案例提供了一个完整的实现,包括代码注释和SQL文件,下载后只需刷新依赖就可以直接运行。通过这种方式,开发者可以快速理解和实践这一安全认证...
springboot整合shiro
03-30
总之,SpringBoot整合Shiro可以有效地帮助我们构建权限管理体系,实现用户的认证和授权。结合ZTree,我们可以提供直观的权限分配界面,提升管理效率。在实际开发过程中,要根据项目需求定制Shiro的配置,确保安全性...
Springboot整合Shiro的代码实例
08-25
Springboot 整合 Shiro 的代码实例是指在 Springboot 项目中集成 Shiro 框架来实现身份验证和授权管理的过程。Shiro 是一个功能强大且灵活的身份验证和授权框架,可以帮助开发者快速实现身份验证和授权管理。 一、...
SpringBootShiro整合.docx
02-09
SpringBootShiro整合】课程主要关注的是如何在SpringBoot环境下集成Apache Shiro框架,以实现高效且灵活的权限管理。SpringBoot是基于Spring框架的简化开发工具,旨在简化Spring应用的初始搭建以及开发过程,它...
Shiro】2、Shiro实现Session会话过期时间控制
Asurplus
05-22 20万+
一般我们的 session 过期时间默认为 30 分钟,有的用户认为 30 分钟太短了,有时候临时有事出去了,回来已经过期了,工作还没完成就只能登出了,非常不方便,于是要求我们改变 session 的过期时间 1、指定本系统 sessionid /** * 指定本系统sessionid, 问题: 与servlet容器名冲突, 如jetty, tomcat 等默认jsessionid, * 当跳出shiro servlet时如error-page容器会为jsessionid重新分配值导致登录会话丢失!
shiro安全框架设置session超时
开发者导航
08-29 1736
系统默认超时时间是180000毫秒(30分钟)longtimeout=SecurityUtils.getSubject().getSession().getTimeout(); System.out.println(timeout+"毫秒");可以通过下面2中方式设置自定义的超时时间。1、配置文件<!--会话管理器--> <beani...
Shiro 深度理解解析
嗜血幽灵的专栏
05-10 466
SessionFactory SessionFactory是创建会话的工厂,根据相应的Subject上下文信息来创建会话;默认提供了SimpleSessionFactory用来创建SimpleSession会话 public interface SessionFactory { /** * 创建一个新的session */ Sessi...
Springcloud_ad-ad-common通用配置:http消息转换器响应数据等(如响应json数据)
qq_39246466的博客
05-02 400
package com.imooc.ad.conf; import org.springframework.context.annotation.Configuration; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json....
springboot报错org.apache.shiro.session.UnknownSessionException: There is no session with id [XXX]问题解决
菜鸟小木干的博客
01-20 9943
springboot项目使用多线程的时候经常报 根据网上的说法是因为在shiro的DefaultWebSessionManager类中,默认Cookie名称是JSESSIONID,这样的话与servlet容器名冲突, 如jetty, tomcat等默认JSESSIONID, 当跳出shiro servlet时如error-page容器会为JSESSIONID重新分配值导致登录会话丢失! ...
设置session超时的三种方式
技术人生
06-21 2万+
1. 在容器中设置:如在tomcat-5.0.28\conf\web.xml中设置 Tomcat默认session超时时间为30分钟,可以根据需要修改,负数或0为不限制session失效时间。 30 2.在工程的web.xml中设置 15 3.通过Java代码设置 session.setMaxInactiveInterval(30*60);/
springbootshiro详细整合(redis缓存)
qq_42298793的博客
07-07 516
ShiroConfig的配置 package cc.mrbird.febs.common.authentication; import at.pollux.thymeleaf.shiro.dialect.ShiroDialect; import cc.mrbird.febs.common.properties.FebsProperties; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.StringUti.
在前后端分离的SpringBoot项目中集成Shiro权限框架
热门推荐
Ian的博客
12-12 24万+
项目背景 公司在几年前就采用了前后端分离的开发模式,前端所有请求都使用ajax。这样的项目结构在与CAS单点登录等权限管理框架集成时遇到了很多问题,使得权限部分的代码冗长丑陋,CAS的各种重定向也使得用户体验很差,在前端使用vue-router管理页面跳转时,问题更加尖锐。于是我就在寻找一个解决方案,这个方案应该对代码的侵入较少,开发速度快,实现优雅。最近无意中看到springbo...
SpringBootShiro整合教程:权限管理实战解析
"该文档是关于《SpringBootShiro整合-权限管理实战》的课堂笔记,涵盖了SpringBoot快速入门,以及如何利用SpringBootShiro实现用户认证和授权的详细教程。此外,还介绍了如何将thymeleaf模板引擎与Shiro的权限...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值