spring-boot集成shiro代码解析(认证、权限控制)

下面详述spring-boot+shiro+mybatis-plus+maven整合步骤及核心代码解析

重点在于  配置shiro


一、创建spring-boot 项目

 

 

二、导入依赖        pom.xml

        <!--    集成shiro    -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring-boot-web-starter</artifactId>
            <version>1.4.1</version>
        </dependency>
        <!--   添加其他依赖     -->
        <!--   aop     -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-aop</artifactId>
        </dependency>
        <!--代码生成器-->
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-generator</artifactId>
            <version>3.5.3</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.velocity</groupId>
            <artifactId>velocity-engine-core</artifactId>
            <version>2.1</version>
            <scope>test</scope>
        </dependency>
        <!--   集成Swagger     -->
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger2</artifactId>
            <version>2.9.2</version>
        </dependency>
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger-ui</artifactId>
            <version>2.9.2</version>
        </dependency>
        <!--   hutool工具     -->
        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-all</artifactId>
            <version>5.8.5</version>
        </dependency>
        <!--   参数校验     -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>

三、写配置(重点)

1、配置application.yml或者application.properties

# 配置shiro登录页路径
shiro:
  loginUrl: login.html
# 配置web端口号
server:
  port: 8081

spring:
# 配置数据库
  datasource:
    url: jdbc:mysql://127.0.0.1:3306/数据库
    username: root
    password: root
    driver-class-name: com.mysql.cj.jdbc.Driver
# 配置日期格式
  mvc:
    format:
      date: yyyy-MM-dd HH:mm:ss
  jackson:
    date-format: yyyy-MM-dd HH:mm:ss
    time-zone: GMT+8

mybatis-plus:
# mybatis
  configuration:
    log-impl: org.apache.ibatis.logging.slf4j.Slf4jImpl
    map-underscore-to-camel-case: true
# 配置实体类别名
  type-aliases-package: com.xxx.model
#  使用mapper.xml时需要配置
  mapper-locations: classpath*:mappers/**/*.xml

# 配置日志等级
logging:
  level:
    com.xxx.shirowithspringboot: debug




2、启动类配置包扫描注解

@MapperScan("com.xxx.dao")

3、创建一个ShiroRealm类,用于处理 认证 和 授权 

@Slf4j
public class ShiroRealm extends AuthorizingRealm {
    @Resource
    private UserMapper userMapper;
    @Resource
    private RoleMapper roleMapper;
    @Resource
    private PremissionMapper premissionMapper;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        //授权: 根据用户去查询  角色 + 权限  
        User user = (User) principals.getPrimaryPrincipal();
        log.debug(">>>>>>>>1 {}",user);

        //查找该用户所有的角色
        List<Role> roleList = roleMapper.selectByUserId(user.getUserId());
        log.debug(">>>>>>>>2 {}",roleList);

        Set<String> strRoles = roleList.stream()
                .map(r -> r.getRoleName())
                .collect(Collectors.toSet());
        log.debug(">>>>>>>>3 {}",strRoles);

        List<String> permissions = new ArrayList<>();
        if(roleList.size()>0) {
            //查找该用户所有的权限
            permissions =  premissionMapper.selectPermInRoleIds(roleList);
        }
        log.debug(">>>>>>>>4 {}",permissions);

        SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
        authzInfo.setStringPermissions(new HashSet<>(permissions));
        authzInfo.setRoles(strRoles);
        log.debug(">>>>>>>>5 {}",authzInfo);
        return authzInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        log.info("执行ShiroRealm#doGetAuthenticationInfo {}",token);
        Object username = token.getPrincipal();

        QueryWrapper<User> qw = new QueryWrapper<>();
        qw.eq("username",username);
        User user = userMapper.selectOne(qw);

        return new SimpleAuthenticationInfo(user,user.getPwd(),getClass().getName());
    }
}

4、创建一个配置类 用于提供shiro运行所需要的bean

@Configuration
public class SecurityConfig {
    @Bean
    public Realm shiroRealm(){
        return new ShiroRealm();
    }

    //shiro过滤器链定义  用来决定哪些请求路径需要放行和鉴权
    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition(){
        DefaultShiroFilterChainDefinition sfcd = new DefaultShiroFilterChainDefinition();
        sfcd.addPathDefinition("/","anon");
        sfcd.addPathDefinition("/login","anon");
        sfcd.addPathDefinition("/login.html","anon");
        sfcd.addPathDefinition("/css/**","anon");
        sfcd.addPathDefinition("/js/**","anon");
        sfcd.addPathDefinition("/images/**","anon");
        sfcd.addPathDefinition("/fonts","anon");
        sfcd.addPathDefinition("/html/**","anon");
        sfcd.addPathDefinition("/logout","logout");
        sfcd.addPathDefinition("/**","user");
        return sfcd;
    }

    @Bean
    public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();

        /**
         * setUsePrefix(false)用于解决一个奇怪的bug。在引入spring aop的情况下。
         * 在@Controller注解的类的方法中加入@RequiresRole等shiro注解,会导致该方法无法映射请        
         * 求,导致返回404。
         * 加入这项配置能解决这个bug
         */
        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
        return defaultAdvisorAutoProxyCreator;
    }

}

四、配置完成 可以在controller层使用对请求鉴权操作了

@RestController
@Slf4j
public class LoginController {
    @PostMapping("/login")
    public String login(String username,String password){
//    得到subject可用于登录、认证及权限的判断和操作
        Subject subject = SecurityUtils.getSubject();
        subject.login(new UsernamePasswordToken(username,password));
        return "success";
    }

    //认证通过后可访问
    @GetMapping("/authentication")
    public String authentication(){
        return "success";
    }

    //必须有对应权限才可访问
    @GetMapping("checkAuthorization")
    @RequiresPermissions("autho")
//  @RequiresRoles()
    public String checkAutho(){
        return "success";
    }
}

  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值