下面详述spring-boot+shiro+mybatis-plus+maven整合步骤及核心代码解析
重点在于 配置shiro
一、创建spring-boot 项目
二、导入依赖 pom.xml
<!-- 集成shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.1</version>
</dependency>
<!-- 添加其他依赖 -->
<!-- aop -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<!--代码生成器-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-generator</artifactId>
<version>3.5.3</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-engine-core</artifactId>
<version>2.1</version>
<scope>test</scope>
</dependency>
<!-- 集成Swagger -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
<!-- hutool工具 -->
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.5</version>
</dependency>
<!-- 参数校验 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
三、写配置(重点)
1、配置application.yml或者application.properties
# 配置shiro登录页路径
shiro:
loginUrl: login.html
# 配置web端口号
server:
port: 8081
spring:
# 配置数据库
datasource:
url: jdbc:mysql://127.0.0.1:3306/数据库
username: root
password: root
driver-class-name: com.mysql.cj.jdbc.Driver
# 配置日期格式
mvc:
format:
date: yyyy-MM-dd HH:mm:ss
jackson:
date-format: yyyy-MM-dd HH:mm:ss
time-zone: GMT+8
mybatis-plus:
# mybatis
configuration:
log-impl: org.apache.ibatis.logging.slf4j.Slf4jImpl
map-underscore-to-camel-case: true
# 配置实体类别名
type-aliases-package: com.xxx.model
# 使用mapper.xml时需要配置
mapper-locations: classpath*:mappers/**/*.xml
# 配置日志等级
logging:
level:
com.xxx.shirowithspringboot: debug
2、启动类配置包扫描注解
@MapperScan("com.xxx.dao")
3、创建一个ShiroRealm类,用于处理 认证 和 授权
@Slf4j
public class ShiroRealm extends AuthorizingRealm {
@Resource
private UserMapper userMapper;
@Resource
private RoleMapper roleMapper;
@Resource
private PremissionMapper premissionMapper;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//授权: 根据用户去查询 角色 + 权限
User user = (User) principals.getPrimaryPrincipal();
log.debug(">>>>>>>>1 {}",user);
//查找该用户所有的角色
List<Role> roleList = roleMapper.selectByUserId(user.getUserId());
log.debug(">>>>>>>>2 {}",roleList);
Set<String> strRoles = roleList.stream()
.map(r -> r.getRoleName())
.collect(Collectors.toSet());
log.debug(">>>>>>>>3 {}",strRoles);
List<String> permissions = new ArrayList<>();
if(roleList.size()>0) {
//查找该用户所有的权限
permissions = premissionMapper.selectPermInRoleIds(roleList);
}
log.debug(">>>>>>>>4 {}",permissions);
SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
authzInfo.setStringPermissions(new HashSet<>(permissions));
authzInfo.setRoles(strRoles);
log.debug(">>>>>>>>5 {}",authzInfo);
return authzInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
log.info("执行ShiroRealm#doGetAuthenticationInfo {}",token);
Object username = token.getPrincipal();
QueryWrapper<User> qw = new QueryWrapper<>();
qw.eq("username",username);
User user = userMapper.selectOne(qw);
return new SimpleAuthenticationInfo(user,user.getPwd(),getClass().getName());
}
}
4、创建一个配置类 用于提供shiro运行所需要的bean
@Configuration
public class SecurityConfig {
@Bean
public Realm shiroRealm(){
return new ShiroRealm();
}
//shiro过滤器链定义 用来决定哪些请求路径需要放行和鉴权
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition(){
DefaultShiroFilterChainDefinition sfcd = new DefaultShiroFilterChainDefinition();
sfcd.addPathDefinition("/","anon");
sfcd.addPathDefinition("/login","anon");
sfcd.addPathDefinition("/login.html","anon");
sfcd.addPathDefinition("/css/**","anon");
sfcd.addPathDefinition("/js/**","anon");
sfcd.addPathDefinition("/images/**","anon");
sfcd.addPathDefinition("/fonts","anon");
sfcd.addPathDefinition("/html/**","anon");
sfcd.addPathDefinition("/logout","logout");
sfcd.addPathDefinition("/**","user");
return sfcd;
}
@Bean
public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
/**
* setUsePrefix(false)用于解决一个奇怪的bug。在引入spring aop的情况下。
* 在@Controller注解的类的方法中加入@RequiresRole等shiro注解,会导致该方法无法映射请
* 求,导致返回404。
* 加入这项配置能解决这个bug
*/
defaultAdvisorAutoProxyCreator.setUsePrefix(true);
return defaultAdvisorAutoProxyCreator;
}
}
四、配置完成 可以在controller层使用对请求鉴权操作了
@RestController
@Slf4j
public class LoginController {
@PostMapping("/login")
public String login(String username,String password){
// 得到subject可用于登录、认证及权限的判断和操作
Subject subject = SecurityUtils.getSubject();
subject.login(new UsernamePasswordToken(username,password));
return "success";
}
//认证通过后可访问
@GetMapping("/authentication")
public String authentication(){
return "success";
}
//必须有对应权限才可访问
@GetMapping("checkAuthorization")
@RequiresPermissions("autho")
// @RequiresRoles()
public String checkAutho(){
return "success";
}
}