授权/角色认证
1、ShiroConfig
@Configuration
public class ShiroConfig {
/**
* 创建ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
Map<String, String> filerMap = new LinkedHashMap<>();
//注意直接通过登录请求!!!
filerMap.put("/login","anon");
//1、认证过滤器,左地址右权限
filerMap.put("/testThymeleaf","authc");
filerMap.put("/login","authc");
//2、授权过滤器,必须放在filerMap.put("/*","authc");之前!!!左地址右自定义授权user:add
filerMap.put("/add","perms[user:add]");
filerMap.put("/update","perms[user:update]");
filerMap.put("/*","authc"); //全部但不包含前面已经指定的页面
//设置登录的页面!!!
shiroFilterFactoryBean.setLoginUrl("/toLogin");
//设置未授权的页面!!!
shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth");
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
return shiroFilterFactoryBean;
}
/**
* 创建DefaultWebSecurityManager安全管理器
*/
@Bean(name = "defaultWebSecurityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//关联Reaml
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
/**
* 创建Realm
*/
@Bean(name = "userRealm")
public UserRealm getReaml(){
return new UserRealm();
}
}
多realm三种情况
2、UserRealm
//继承AuthorizingRealm
public class UserRealm extends AuthorizingRealm {
/**
* 执行授权逻辑
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//1、资源权限
//获取当前登录用户
Subject subject = SecurityUtils.getSubject();
//获得Principal,见倒数第一行代码!!
User user = (User)subject.getPrincipal();
User dbUser = userService.findById(user.getId());
//对用户进行授权
info.addStringPermission(dbUser.getPerms());
return info;
//2、角色权限
//获得Principal,见倒数第一行代码!!
User user = (User)subject.getPrincipal();
//设置角色
Set<String> roles = new HashSet<>();
roles.add("user");
//设置SimpleAuthorizationInfo及roles属性
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
return info;
}
/**
* 执行认证逻辑
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取token
UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
User user = userService.findByName(token.getUsername());
//1、判断用户名
if(user == null){
//用户名不存在,shiro底层会抛出UnKnowAccountException
return null;
}
//2、自动判断密码,第1个为Principal,第二位密码,第三为shiro名字
return new SimpleAuthenticationInfo(user,user.getPassword(),getName());
}
}
多realm只要一个通过即可