- 加入maven依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
- 自定义Realm
package com.tally.auth;
import com.tally.modules.base.db.TUserInfoEntity;
import com.tally.modules.base.db.TUserTokenEntity;
import com.tally.modules.base.service.ITUserInfoService;
import com.tally.modules.base.service.ITUserTokenService;
import com.tally.shareEntity.ShareUserEntity;
import com.tally.utils.TLMap;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.Set;
@Component
public class AuthRealm extends AuthorizingRealm {
@Autowired
private ITUserInfoService itUserInfoService;
@Autowired
private ITUserTokenService itUserTokenService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
ShareUserEntity<TUserTokenEntity, TUserInfoEntity> shareUserEntity = (ShareUserEntity) principalCollection.getPrimaryPrincipal();
if (null == shareUserEntity) {
throw new LockedAccountException("当前用户权限过期,请重新登录!");
}
TUserTokenEntity tokenEntity = shareUserEntity.getT();
this.verifiedToken(tokenEntity);
TUserInfoEntity userEntity = shareUserEntity.getU();
this.verifiedUser(userEntity);
Set<String> permsSet = shareUserEntity.getPermsSet();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permsSet);
TLMap.setToken(tokenEntity.getToken());
TLMap.setUserId(userEntity.getUserId());
TLMap.setMobile(userEntity.getMobile());
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
String accessToken = String.valueOf(usernamePasswordToken.getPassword());
TUserTokenEntity tokenEntity = itUserTokenService.queryByToken(accessToken);
this.verifiedToken(tokenEntity);
TUserInfoEntity userInfoEntity = itUserInfoService.queryByUserId(tokenEntity.getUserId());
this.verifiedUser(userInfoEntity);
Set<String> permsSet = userInfoEntity.getPermSet();
ShareUserEntity<TUserTokenEntity, TUserInfoEntity> shareUserEntity = new ShareUserEntity();
shareUserEntity.setT(tokenEntity);
shareUserEntity.setU(userInfoEntity);
shareUserEntity.setPermsSet(permsSet);
ShareUserEntity<TUserTokenEntity, TUserInfoEntity> userEntity = new ShareUserEntity();
userEntity.setT(tokenEntity);
userEntity.setU(userInfoEntity);
TLMap.setToken(tokenEntity.getToken());
TLMap.setUserId(userInfoEntity.getUserId());
TLMap.setMobile(userInfoEntity.getMobile());
return new SimpleAuthenticationInfo(userEntity, tokenEntity.getToken(), this.getClass().getName());
}
private void verifiedUser(TUserInfoEntity userEntity) {
if (!userEntity.getStatus().equals("0")) {
try {
SecurityUtils.getSubject().logout();
} catch (Exception e) {
}
throw new LockedAccountException("账号已被禁用!申诉请联系管理员!");
}
if (!userEntity.getUserId().equals(TLMap.getUserId())) {
try {
SecurityUtils.getSubject().logout();
} catch (Exception e) {
}
throw new LockedAccountException("账号涉嫌违规或违法操作!");
}
}
private void verifiedToken(TUserTokenEntity tokenEntity) {
if (tokenEntity == null || tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()) {
try {
SecurityUtils.getSubject().logout();
} catch (Exception e) {
}
throw new IncorrectCredentialsException("token失效,请重新登录");
}
if (!tokenEntity.getToken().equals(TLMap.getToken())) {
try {
SecurityUtils.getSubject().logout();
} catch (Exception e) {
}
throw new IncorrectCredentialsException("token失效,请重新登录");
}
}
}
- 自定义CredentialMatcher
package com.tally.auth;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
public class CredentialMatcher extends SimpleCredentialsMatcher {
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
String password = new String(usernamePasswordToken.getPassword());
String dbPassword = (String) info.getCredentials();
return this.equals(password, dbPassword);
}
}
- 创建shiro配置(ShiroConfig)
package com.tally.config;
import com.tally.auth.AuthRealm;
import com.tally.auth.CredentialMatcher;
import com.tally.init.filter.OAuth2Filter;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
Map<String, Filter> filters = new HashMap<>();
filters.put("oauth2", new OAuth2Filter());
shiroFilter.setFilters(filters);