本文介绍了如何在SpringBoot项目中整合Apache Shiro框架,包括创建SpringBoot项目、引入Shiro依赖、配置ShiroFilter、自定义Realm、处理认证与授权、数据库注册与认证、角色与权限的校验。详细步骤涵盖从基础配置到角色权限的数据库获取,涉及过滤器、标签库的使用,并提供了示例代码。
六、Spring Boot整合Shiro
6.1、整合思路
6.2、创建spring boot项目
main下新建webapp目录
6.3、引入shiro依赖
<!--引入Shiro依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.5.3</version>
</dependency>
6.4、配置shiro环境
创建配置类ShiroConfig
1.配置:shiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
//创建shiro的filter
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//给filter设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
return shiroFilterFactoryBean;
}
2.配置WebSecurityManager
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) { DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//给安全管理器设置
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
3.配置自定义Relam
@Bean
public Realm getRealm() {
CustomerRealm customerRealm = new CustomerRealm();
return customerRealm;
}
ShiroConfig
package com.hz52.springboot_jsp_shiro.config;
import com.hz52.springboot_jsp_shiro.shiro.realms.CustomerRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* @Program: springboot_jsp_shiro
* @Description: 用来整合shiro相关配置类
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:18 星期三
**/
@Configuration
public class ShiroConfig {
//1、shiroFilter //负责拦截所有请求(依赖2)
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//给filter设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//配置系统受限资源
Map<String, String> map = new HashMap<String, String>();
map.put("/index.jsp", "authc"); //authc请求这个资源需要认证和授权
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//默认认证界面路径
shiroFilterFactoryBean.setLoginUrl("/login.jsp");
//配置系统公共资源
return shiroFilterFactoryBean;
}
//2、创建安全管理器(依赖3)
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//给安全管理器设置
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//3、创建自定义realm(依赖Realms里面的自定义realm)
@Bean
public Realm getRealm() {
CustomerRealm customerRealm = new CustomerRealm();
return customerRealm;
}
}
配置自定义Realm
CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
return null;
}
}
6.5、常见过滤器
Shiro提供多个默认的过滤器,我们可以用这些过滤器来配置控制指定URL的权限,Shiro常见的过滤器如下:
| 配置缩写 | 对应的过滤器 | 功能 |
|---|---|---|
| 身份验证相关的 | ||
| anon | AnonymousFilter | 指定url可以匿名访问 |
| authc | FormAuthenticationFilter | 基于表单的拦截器;如“/**=authc”,如果没有登录会跳到相应的登录页面登录;主要属性:usernameParam:表单提交的用户名参数名( username); passwordParam:表单提交的密码参数名(password); rememberMeParam:表单提交的密码参数名(rememberMe); loginUrl:登录页面地址(/login.jsp);successUrl:登录成功后的默认重定向地址; failureKeyAttribute:登录失败后错误信息存储key(shiroLoginFailure) |
| authcBasic | BasicHttpAuthenticationFilter | Basic HTTP身份验证拦截器,主要属性: applicationName:弹出登录框显示的信息(application) |
| logout | authc.LogoutFilter | 退出拦截器,主要属性:redirectUrl:退出成功后重定向的地址(/) |
| user | UserFilter | 用户拦截器,用户已经身份验证/记住我登录的都可 |
| 授权相关的 | ||
| roles | RolesAuthorizationFilter | 角色授权拦截器,验证用户是否拥有所有角色;主要属性: loginUrl:登录页面地址(/login.jsp);unauthorizedUrl:未授权后重定向的地址;示例“/admin/**=roles[admin]” |
| perms | PermissionsAuthorizationFilter | 权限授权拦截器,验证用户是否拥有所有权限;属性和roles一样;示例“/user/**=perms[“user:create”]” |
| port | PortFilter | 端口拦截器,主要属性:port(80):可以通过的端口;示例“/test= port[80]”,如果用户访问该页面是非80,将自动将请求端口改为80并重定向到该80端口,其他路径/参数等都一样 |
| rest | HttpMethodPermissionFilter | rest风格拦截器,自动根据请求方法构建权限字符串(GET=read, POST=create,PUT=update,DELETE=delete,HEAD=read,TRACE=read,OPTIONS=read, MKCOL=create)构建权限字符串;示例“/users=rest[user]”,会自动拼出“user:read,user:create,user:update,user:delete”权限字符串进行权限匹配(所有都得匹配,isPermittedAll) |
| ssl | SslFilter | SSL拦截器,只有请求协议是https才能通过;否则自动跳转会https端口(443);其他和port拦截器一样 |
| noSessionCreation | NoSessionCreationAuthorizationFilter | 需要指定权限才能访问 |
6.6、认证和退出
修改UserController
package com.hz52.springboot_jsp_shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月20日 14:13 星期三
**/
@Controller
@RequestMapping("user")
public class UserController {
@RequestMapping("login")
public String login(String username, String password) {
//获取主体对象
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username, password));
return "redirect:/index.jsp";
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名出错");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("密码错误");
}
return "redirect:/login.jsp";
}
@RequestMapping("logout")
public String logout(String username, String password) {
//获取主体对象
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:/login.jsp";
}
}
修改ShiroConfig
package com.hz52.springboot_jsp_shiro.config;
import com.hz52.springboot_jsp_shiro.shiro.realms.CustomerRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* @Program: springboot_jsp_shiro
* @Description: 用来整合shiro相关配置类
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:18 星期三
**/
@Configuration
public class ShiroConfig {
//1、shiroFilter //负责拦截所有请求(依赖2)
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//给filter设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//配置系统受限资源
Map<String, String> map = new HashMap<String, String>();
map.put("/user/login","anon"); //anon设置为公共资源
map.put("/**", "authc"); //authc请求这个资源需要认证和授权
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//默认认证界面路径
shiroFilterFactoryBean.setLoginUrl("/login.jsp");
//配置系统公共资源
return shiroFilterFactoryBean;
}
//2、创建安全管理器(依赖3)
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//给安全管理器设置
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//3、创建自定义realm(依赖Realms里面的自定义realm)
@Bean
public Realm getRealm() {
CustomerRealm customerRealm = new CustomerRealm();
return customerRealm;
}
}
修改login.jsp
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>用户登录</h1>
<form action="${pageContext.request.contextPath}/user/login" method="post">
用户名:<input type="text" name="username"><br/>
密码:<input type="text" name="password"><br/>
<input type="submit" value="登录">
</form>
</body>
</html>
修改index.jsp
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>系统主页V1.0</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出登录</a>
<ul>
<li><a href="">用户管理</a></li>
<li><a href="">商品管理</a></li>
<li><a href="">订单管理</a></li>
<li><a href="">物流管理</a></li>
</ul>
</body>
</html>
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("===================");
String principal = (String) token.getPrincipal();
if ("xiaochen".equals(principal)) {
return new SimpleAuthenticationInfo(principal,"123",this.getName());
}
return null;
}
}
6.7、数据库注册和认证
注册
新建表
添加依赖pom
<!--mybatis相关组件-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.2</version>
</dependency>
<!--mysql组件-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<!--druid依赖-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.19</version>
</dependency>
配置application.properties
server.port=8080
server.servlet.context-path=/shiro
spring.application.name=shiro
spring.mvc.view.prefix=/
spring.mvc.view.suffix=.jsp
######Druid监控配置######
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.url=jdbc:mysql://localhost:3306/shiro?characterEncoding=utf8&useUnicode=true&useSSL=false&serverTimezone=GMT%2B8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
#dataSource Pool configuration
spring.datasource.initialSize=5
spring.datasource.minIdle=5
spring.datasource.maxActive=20
spring.datasource.maxWait=60000
spring.datasource.timeBetweenEvictionRunsMillis=60000
spring.datasource.minEvictableIdleTimeMillis=300000
spring.datasource.validationQuery=SELECT 1 FROM DUAL
spring.datasource.testWhileIdle=true
spring.datasource.testOnBorrow=false
spring.datasource.exceptionSorter=true
spring.datasource.testOnReturn=false
spring.datasource.poolPreparedStatements=true
spring.datasource.filters=stat,wall,log4j
spring.datasource.maxPoolPreparedStatementPerConnectionSize=20
spring.datasource.connectionProperties=druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
spring.datasource.useGlobalDataSourceStat=true
mybatis.type-aliases-package=com.hz52.springboot_jsp_shiro.entity
mybatis.mapper-locations=classpath:com/hz52/mapper/*.xml
新建SaltUtils
package com.hz52.Utils;
import java.util.Random;
/**
* @Program: springboot_jsp_shiro
* @Description: 生成salt的静态方法:传入几位返回几位
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:19 星期五
**/
public class SaltUtils {
public static String getSalt(int n) {
char[] chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()".toCharArray();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < n; i++) {
char aChar = chars[new Random().nextInt(chars.length)];
sb.append(aChar);
}
return sb.toString();
}
public static void main(String[] args) {
System.out.println(getSalt(32));
}
}
新建UserController
package com.hz52.springboot_jsp_shiro.controller;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月20日 14:13 星期三
**/
@Controller
@RequestMapping("user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("login")
public String login(String username, String password) {
//获取主体对象
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username, password));
return "redirect:/index.jsp";
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名出错");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("密码错误");
}
return "redirect:/login.jsp";
}
@RequestMapping("logout")
public String logout(String username, String password) {
//获取主体对象
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:/login.jsp";
}
/**
* @Description: 用户注册
* @Author: 52Hz
* @Date: 2021/10/22
* @Time: 15:29
*/
@RequestMapping("register")
public String register(User user) {
try {
userService.register(user);
return "redirect:/login.jsp";
} catch (Exception e) {
e.printStackTrace();
return "redirect:/register.jsp";
}
}
}
新建UserServiceImpl
package com.hz52.springboot_jsp_shiro.service.impl;
import com.hz52.Utils.SaltUtils;
import com.hz52.springboot_jsp_shiro.dao.UserDAO;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:14 星期五
**/
@Service
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
public void register(User user) {
//处理业务调用DAO
//明文密码进行MD5+Salt+Hash散列
//1、生成随机盐
String salt = SaltUtils.getSalt(8);
//2、将随机盐保存数据库
user.setSalt(salt);
//3、明文密码进行md5+salt+hash散列
Md5Hash md5Hash = new Md5Hash(user.getPassword(), salt, 1024);
user.setPassword(md5Hash.toHex());
//保存对象
userDAO.save(user);
}
}
新建register.jsp
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>用户注册</h1>
<form action="${pageContext.request.contextPath}/user/register" method="post">
用户名:<input type="text" name="username"><br/>
密码:<input type="text" name="password"><br/>
<input type="submit" value="立即注册">
</form>
</body>
</html>
新建UserDAOMapper.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.hz52.springboot_jsp_shiro.dao.UserDAO">
<insert id="save" parameterType="User" useGeneratedKeys="true" keyProperty="id">
insert into t_user
values (#{id}, #{username}, #{password}, #{salt})
</insert>
</mapper>
认证
修改UserDAO
package com.hz52.springboot_jsp_shiro.dao;
import com.hz52.springboot_jsp_shiro.entity.User;
import org.apache.ibatis.annotations.Mapper;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月20日 17:27 星期三
**/
@Mapper
public interface UserDAO {
void save(User user);
User findByUserName(String username);
}
修改UserService
package com.hz52.springboot_jsp_shiro.service;
import com.hz52.springboot_jsp_shiro.entity.User;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:13 星期五
**/
public interface UserService {
//代表注册用户
void register(User user);
User findByUserName(String username);
}
修改UserServiceImpl
package com.hz52.springboot_jsp_shiro.service.impl;
import com.hz52.Utils.SaltUtils;
import com.hz52.springboot_jsp_shiro.dao.UserDAO;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:14 星期五
**/
@Service
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
public void register(User user) {
//处理业务调用DAO
//明文密码进行MD5+Salt+Hash散列
//1、生成随机盐
String salt = SaltUtils.getSalt(8);
//2、将随机盐保存数据库
user.setSalt(salt);
//3、明文密码进行md5+salt+hash散列
Md5Hash md5Hash = new Md5Hash(user.getPassword(), salt, 1024);
user.setPassword(md5Hash.toHex());
//保存对象
userDAO.save(user);
}
@Override
public User findByUserName(String username) {
return userDAO.findByUserName(username);
}
}
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
修改UserDAOMapper.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.hz52.springboot_jsp_shiro.dao.UserDAO">
<insert id="save" parameterType="User" useGeneratedKeys="true" keyProperty="id">
insert into t_user
values (#{id}, #{username}, #{password}, #{salt})
</insert>
<select id="findByUserName" resultType="User" parameterType="String">
select id, username,password, salt
from t_user
where username = #{username}
</select>
</mapper>
修改ShiroConfig
package com.hz52.springboot_jsp_shiro.config;
import com.hz52.springboot_jsp_shiro.shiro.realms.CustomerRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* @Program: springboot_jsp_shiro
* @Description: 用来整合shiro相关配置类
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:18 星期三
**/
@Configuration
public class ShiroConfig {
//1、shiroFilter //负责拦截所有请求(依赖2)
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//给filter设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//配置系统受限资源
Map<String, String> map = new HashMap<String, String>();
map.put("/user/login", "anon"); //anon设置为公共资源
map.put("/user/register", "anon"); //anon设置为公共资源
map.put("/register.jsp", "anon"); //anon设置为公共资源
map.put("/**", "authc"); //authc请求这个资源需要认证和授权
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//默认认证界面路径
shiroFilterFactoryBean.setLoginUrl("/login.jsp");
//配置系统公共资源
return shiroFilterFactoryBean;
}
//2、创建安全管理器(依赖3)
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//给安全管理器设置
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//3、创建自定义realm(依赖Realms里面的自定义realm)
@Bean
public Realm getRealm() {
CustomerRealm customerRealm = new CustomerRealm();
//修改密码匹配器:默认最简单
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
//设置加密算法为md5
credentialsMatcher.setHashAlgorithmName("md5");
//设置散列次数
credentialsMatcher.setHashIterations(1024);
customerRealm.setCredentialsMatcher(
credentialsMatcher);
return customerRealm;
}
}
6.8、授权
基本使用
修改index.jsp
添加标签
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
单一角色标签
<shiro:hasRole name="admin">
<li><a href="">商品管理</a></li>
<li><a href="">订单管理</a></li>
<li><a href="">物流管理</a></li>
</shiro:hasRole>
多角色标签
<shiro:hasAnyRoles name="user,admin">
<li><a href="">用户管理</a></li>
</shiro:hasAnyRoles>
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>系统主页V1.0</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出登录</a>
<ul>
<li><a href="">用户管理</a></li>
<shiro:hasRole name="admin">
<li><a href="">商品管理</a></li>
<li><a href="">订单管理</a></li>
<li><a href="">物流管理</a></li>
</shiro:hasRole>
</ul>
</body>
</html>
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取身份信息
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
//根据主身份信息获取角色信息和权限信息
if ("xiaochen".equals(primaryPrincipal)) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("user");
return simpleAuthorizationInfo;
}
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
测试
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取身份信息
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
//根据主身份信息获取角色信息和权限信息
if ("xiaochen".equals(primaryPrincipal)) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("admin");
return simpleAuthorizationInfo;
}
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
修改index.jsp
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>系统主页V1.0</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出登录</a>
<ul>
<shiro:hasAnyRoles name="user,admin">
<li><a href="">用户管理</a></li>
</shiro:hasAnyRoles>
<shiro:hasRole name="admin">
<li><a href="">商品管理</a></li>
<li><a href="">订单管理</a></li>
<li><a href="">物流管理</a></li>
</shiro:hasRole>
</ul>
</body>
</html>
测试
测试2
测试3
修改index.jsp
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>系统主页V1.0</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出登录</a>
<ul>
<shiro:hasAnyRoles name="user,admin">
<li><a href="">用户管理</a></li>
<ul>
<shiro:hasPermission name="user:add:*">
<li><a href="">添加</a></li>
</shiro:hasPermission>
<shiro:hasPermission name="user:delete:*">
<li><a href="">删除</a></li>
</shiro:hasPermission>
<shiro:hasPermission name="user:update:*">
<li><a href="">修改</a></li>
</shiro:hasPermission>
<shiro:hasPermission name="user:find:*">
<li><a href="">查询</a></li>
</shiro:hasPermission>
</ul>
</shiro:hasAnyRoles>
<shiro:hasRole name="admin">
<li><a href="">商品管理</a></li>
<li><a href="">订单管理</a></li>
<li><a href="">物流管理</a></li>
</shiro:hasRole>
</ul>
</body>
</html>
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取身份信息
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
//根据主身份信息获取角色信息和权限信息
if ("xiaochen".equals(primaryPrincipal)) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//添加角色
simpleAuthorizationInfo.addRole("user");
//添加角色字符串
simpleAuthorizationInfo.addStringPermission("user:*:*");
return simpleAuthorizationInfo;
}
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
演示订单添加校验
角色校验
添加orderController
package com.hz52.springboot_jsp_shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月23日 9:47 星期六
**/
@Controller
@RequestMapping("order")
public class orderController {
//方式三:注解
@RequiresRoles(value = {"admin","user"}) //用来判断角色
@RequestMapping("save")
public String save() {
System.out.println("进入方法");
//获取主体对象
Subject subject = SecurityUtils.getSubject();
//方式一:代码方式
if (subject.hasRole("admin")) {
System.out.println("保存订单");
} else {
System.out.println("无权访问");
}
//方式二:基于权限字符串...
return "redirect:/index.jsp";
}
}
权限字符串
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取身份信息
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
//根据主身份信息获取角色信息和权限信息
if ("xiaochen".equals(primaryPrincipal)) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//添加角色
simpleAuthorizationInfo.addRole("admin");
simpleAuthorizationInfo.addRole("user");
//添加角色字符串
// simpleAuthorizationInfo.addStringPermission("user:*:*");
simpleAuthorizationInfo.addStringPermission("user:add:*");
simpleAuthorizationInfo.addStringPermission("user:update:01");
return simpleAuthorizationInfo;
}
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
修改orderController
package com.hz52.springboot_jsp_shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月23日 9:47 星期六
**/
@Controller
@RequestMapping("order")
public class orderController {
//方式三:注解
//@RequiresRoles("admin") //用来判断角色(单一)
//@RequiresRoles(value = {"admin","user"}) //用来判断角色表示同时具有
@RequiresPermissions("user:update:01") //权限字符串
@RequestMapping("save")
public String save() {
System.out.println("进入方法");
//获取主体对象
Subject subject = SecurityUtils.getSubject();
//方式一:代码方式
if (subject.hasRole("admin")) {
System.out.println("保存订单");
} else {
System.out.println("无权访问");
}
//方式二:基于权限字符串...
return "redirect:/index.jsp";
}
}
角色信息数据库获取
shiro数据库
/*
Navicat Premium Data Transfer
Source Server : MySQL
Source Server Type : MySQL
Source Server Version : 80013
Source Host : localhost:3306
Source Schema : shiro
Target Server Type : MySQL
Target Server Version : 80013
File Encoding : 65001
Date: 23/10/2021 10:53:50
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for t_pers
-- ----------------------------
DROP TABLE IF EXISTS `t_pers`;
CREATE TABLE `t_pers` (
`id` int(6) NOT NULL AUTO_INCREMENT,
`name` varchar(60) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_pers
-- ----------------------------
-- ----------------------------
-- Table structure for t_role
-- ----------------------------
DROP TABLE IF EXISTS `t_role`;
CREATE TABLE `t_role` (
`id` int(6) NOT NULL AUTO_INCREMENT,
`name` varchar(60) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_role
-- ----------------------------
-- ----------------------------
-- Table structure for t_role_perms
-- ----------------------------
DROP TABLE IF EXISTS `t_role_perms`;
CREATE TABLE `t_role_perms` (
`id` int(6) NOT NULL AUTO_INCREMENT,
`roleid` int(6) NULL DEFAULT NULL,
`permsid` int(6) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_role_perms
-- ----------------------------
-- ----------------------------
-- Table structure for t_user
-- ----------------------------
DROP TABLE IF EXISTS `t_user`;
CREATE TABLE `t_user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`password` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`salt` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_user
-- ----------------------------
INSERT INTO `t_user` VALUES (1, '13185020807', '90d43ef551bf0d455024b24f1f5760a1', '90^MZwku');
INSERT INTO `t_user` VALUES (2, 'xiaochen', 'aed28391070e3c36918f2d4d08f38089', '!Tr5*JpZ');
-- ----------------------------
-- Table structure for t_user_roles
-- ----------------------------
DROP TABLE IF EXISTS `t_user_roles`;
CREATE TABLE `t_user_roles` (
`id` int(6) NOT NULL AUTO_INCREMENT,
`userid` int(6) NULL DEFAULT NULL,
`roleid` int(6) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_user_roles
-- ----------------------------
SET FOREIGN_KEY_CHECKS = 1;
新建表
t_role
t_pers
t_role_perms
t_user_role
新建Role
package com.hz52.springboot_jsp_shiro.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.Accessors;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月23日 11:10 星期六
**/
@Data
@Accessors(chain = true)
@AllArgsConstructor
@NoArgsConstructor
public class Role {
private String id;
private String name;
}
新建Perms
package com.hz52.springboot_jsp_shiro.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.Accessors;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月23日 11:10 星期六
**/
@Data
@Accessors(chain = true)
@AllArgsConstructor
@NoArgsConstructor
public class Perms {
private String id;
private String name;
private String url;
}
修改User
package com.hz52.springboot_jsp_shiro.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.Accessors;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月20日 17:20 星期三
**/
@Data
@Accessors(chain = true)
@AllArgsConstructor
@NoArgsConstructor
public class User {
private String id;
private String username;
private String password;
private String salt;
/**
* @Description: 定义角色集合
* @Author: 52Hz
* @Date: 2021/10/23
* @Time: 11:14
*/
private List<Role> roles;
}
修改UserDAO
package com.hz52.springboot_jsp_shiro.dao;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import org.apache.ibatis.annotations.Mapper;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月20日 17:27 星期三
**/
@Mapper
public interface UserDAO {
void save(User user);
User findByUserName(String username);
//根据用户查询所有角色
User findRolesByUserName(String username);
}
修改UserDAOMapper.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.hz52.springboot_jsp_shiro.dao.UserDAO">
<insert id="save" parameterType="User" useGeneratedKeys="true" keyProperty="id">
insert into t_user
values (#{id}, #{username}, #{password}, #{salt})
</insert>
<select id="findByUserName" resultType="User" parameterType="String">
select id, username, password, salt
from t_user
where username = #{username}
</select>
<resultMap id="userMap" type="User">
<id column="uid" property="id"/>
<result column="uname" property="username"/>
<!--角色信息-->
<collection property="roles" javaType="list" ofType="Role">
<id column="rid" property="id"/>
<result column="rname" property="name"/>
</collection>
</resultMap>
<select id="findRolesByUserName" parameterType="String" resultMap="userMap">
SELECT u.id uid,
u.username uname,
r.id rid,
r.NAME rname
FROM t_user u
LEFT JOIN t_user_role ur ON u.id = ur.userid
LEFT JOIN t_role r ON ur.roleid = r.id
WHERE u.username = #{username}
</select>
</mapper>
测试SQL
修改UserService
package com.hz52.springboot_jsp_shiro.service;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:13 星期五
**/
public interface UserService {
//代表注册用户
void register(User user);
User findByUserName(String username);
User findRolesByUserName(String username);
}
修改UserServiceImpl
package com.hz52.springboot_jsp_shiro.service.impl;
import com.hz52.springboot_jsp_shiro.Utils.SaltUtils;
import com.hz52.springboot_jsp_shiro.dao.UserDAO;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:14 星期五
**/
@Service("userService")
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
public void register(User user) {
//处理业务调用DAO
//明文密码进行MD5+Salt+Hash散列
//1、生成随机盐
String salt = SaltUtils.getSalt(8);
//2、将随机盐保存数据库
user.setSalt(salt);
//3、明文密码进行md5+salt+hash散列
Md5Hash md5Hash = new Md5Hash(user.getPassword(), salt, 1024);
user.setPassword(md5Hash.toHex());
//保存对象
userDAO.save(user);
}
@Override
public User findByUserName(String username) {
return userDAO.findByUserName(username);
}
@Override
public User findRolesByUserName(String username) {
return userDAO.findRolesByUserName(username);
}
}
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.commons.collections.ListUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.util.CollectionUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取身份信息
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
System.out.println("调用授权认证:" + primaryPrincipal);
//根据主身份信息获取角色信息和权限信息
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findRolesByUserName(primaryPrincipal);
//授权角色信息
if (!CollectionUtils.isEmpty(user.getRoles())) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
user.getRoles().forEach(role -> {
simpleAuthorizationInfo.addRole(role.getName());
});
return simpleAuthorizationInfo;
}
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
测试
权限信息数据库获取
修改Role
package com.hz52.springboot_jsp_shiro.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.Accessors;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月23日 11:10 星期六
**/
@Data
@Accessors(chain = true)
@AllArgsConstructor
@NoArgsConstructor
public class Role {
private String id;
private String name;
/**
*@Description: 定义权限集合
*@Author: 52Hz
*@Date: 2021/10/23
*@Time: 13:43
*/
private List<Perms> perms;
}
修改t_pers
修改t_role_perms
修改UserService
package com.hz52.springboot_jsp_shiro.service;
import com.hz52.springboot_jsp_shiro.entity.Perms;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:13 星期五
**/
public interface UserService {
//代表注册用户
void register(User user);
User findByUserName(String username);
User findRolesByUserName(String username);
//根据角色id查询权限集合
List<Perms> findPermsByRid(String id);
}
修改UserServiceImpl
package com.hz52.springboot_jsp_shiro.service.impl;
import com.hz52.springboot_jsp_shiro.Utils.SaltUtils;
import com.hz52.springboot_jsp_shiro.dao.UserDAO;
import com.hz52.springboot_jsp_shiro.entity.Perms;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description:
* @Author: 52Hz
* @CreationTime: 2021年10月22日 10:14 星期五
**/
@Service("userService")
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
public void register(User user) {
//处理业务调用DAO
//明文密码进行MD5+Salt+Hash散列
//1、生成随机盐
String salt = SaltUtils.getSalt(8);
//2、将随机盐保存数据库
user.setSalt(salt);
//3、明文密码进行md5+salt+hash散列
Md5Hash md5Hash = new Md5Hash(user.getPassword(), salt, 1024);
user.setPassword(md5Hash.toHex());
//保存对象
userDAO.save(user);
}
@Override
public User findByUserName(String username) {
return userDAO.findByUserName(username);
}
@Override
public User findRolesByUserName(String username) {
return userDAO.findRolesByUserName(username);
}
@Override
public List<Perms> findPermsByRid(String id) {
return userDAO.findPermsByRid(id);
}
}
修改CustomerRealm
package com.hz52.springboot_jsp_shiro.shiro.realms;
import com.hz52.springboot_jsp_shiro.Utils.ApplicationContextUtils;
import com.hz52.springboot_jsp_shiro.entity.Perms;
import com.hz52.springboot_jsp_shiro.entity.Role;
import com.hz52.springboot_jsp_shiro.entity.User;
import com.hz52.springboot_jsp_shiro.service.UserService;
import org.apache.commons.collections.ListUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.util.CollectionUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.util.ObjectUtils;
import java.util.List;
/**
* @Program: springboot_jsp_shiro
* @Description: 自定义realm
* @Author: 52Hz
* @CreationTime: 2021年10月20日 9:40 星期三
**/
public class CustomerRealm extends AuthorizingRealm {
//处理授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取身份信息
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
System.out.println("调用授权认证:" + primaryPrincipal);
//根据主身份信息获取角色信息和权限信息
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findRolesByUserName(primaryPrincipal);
//授权角色信息
if (!CollectionUtils.isEmpty(user.getRoles())) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
user.getRoles().forEach(role -> {
//角色信息
simpleAuthorizationInfo.addRole(role.getName());
//权限信息
List<Perms> perms = userService.findPermsByRid(role.getId());
if (!CollectionUtils.isEmpty(perms)) {
perms.forEach(perm -> {
simpleAuthorizationInfo.addStringPermission(perm.getName());
});
}
});
return simpleAuthorizationInfo;
}
return null;
}
//处理认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
//在工厂中 获取service对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
}
return null;
}
}
修改UserDAOMapper.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.hz52.springboot_jsp_shiro.dao.UserDAO">
<insert id="save" parameterType="User" useGeneratedKeys="true" keyProperty="id">
insert into t_user
values (#{id}, #{username}, #{password}, #{salt})
</insert>
<select id="findByUserName" resultType="User" parameterType="String">
select id, username, password, salt
from t_user
where username = #{username}
</select>
<resultMap id="userMap" type="User">
<id column="uid" property="id"/>
<result column="uname" property="username"/>
<!--角色信息-->
<collection property="roles" javaType="list" ofType="Role">
<id column="rid" property="id"/>
<result column="rname" property="name"/>
</collection>
</resultMap>
<select id="findRolesByUserName" parameterType="String" resultMap="userMap">
SELECT u.id uid,
u.username uname,
r.id rid,
r.NAME rname
FROM t_user u
LEFT JOIN t_user_role ur ON u.id = ur.userid
LEFT JOIN t_role r ON ur.roleid = r.id
WHERE u.username = #{username}
</select>
<select id="findPermsByRid" parameterType="String" resultType="Perms">
SELECT p.id,
p.NAME,
p.url,
r.NAME
FROM t_role r
LEFT JOIN t_role_perms rp ON r.id = rp.roleid
LEFT JOIN t_pers p ON rp.permsid = p.id
WHERE r.id = #{id}
</select>
</mapper>
修改index.jsp
<%@page contentType="text/html; UTF-8%" pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<h1>系统主页V1.0</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出登录</a>
<ul>
<shiro:hasAnyRoles name="user,admin">
<li><a href="">用户管理</a></li>
<ul>
<shiro:hasPermission name="user:add:*">
<li><a href="">添加</a></li>
</shiro:hasPermission>
<shiro:hasPermission name="user:delete:*">
<li><a href="">删除</a></li>
</shiro:hasPermission>
<shiro:hasPermission name="user:update:*">
<li><a href="">修改</a></li>
</shiro:hasPermission>
<shiro:hasPermission name="order:find:*">
<li><a href="">查询</a></li>
</shiro:hasPermission>
</ul>
</shiro:hasAnyRoles>
<shiro:hasRole name="admin">
<li><a href="">商品管理</a></li>
<li><a href="">订单管理</a></li>
<li><a href="">物流管理</a></li>
</shiro:hasRole>
</ul>
</body>
</html>
测试
xiaochen
zhangsan
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
