Springboot整合shiro安全框架+swagger

于 2022-08-06 20:25:11 发布
阅读量1.4k 收藏 1
点赞数 1
分类专栏: Spring boot 文章标签: java springboot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_68509156/article/details/126198065
版权

1.创建项目

2.加入依赖

<dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring-boot-starter</artifactId>
            <version>1.7.0</version>
        </dependency>
        <dependency>
            <groupId>com.spring4all</groupId>
            <artifactId>swagger-spring-boot-starter</artifactId>
            <version>1.9.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>com.github.xiaoymin</groupId>
            <artifactId>swagger-bootstrap-ui</artifactId>
            <version>1.7.8</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>

        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.5.1</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

3.application配置文件

#配置数据源
spring.datasource.url=jdbc:mysql://localhost:3306/shiro?serverTimezone=Asia/Shanghai
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

#端口号
server.port=8081

#sql日志   属于mybatis-plus的
mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl


#如果你的springboot 是 2.6.x上的版本得加    2.3.12不需要
#spring.mvc.pathmatch.matching-strategy=ANT_PATH_MATCHER

4.创建ShiroProperties实体类

package com.wzh.entity;

import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

/**
 * @ProjectName: springboot
 * @Package: com.wzh.entity
 * @ClassName: ShiroProperties
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/6 17:40
 * @Version: 1.0
 */
@Data
@Component
@ConfigurationProperties(prefix = "shiro")//使用配置文件的内容
public class ShiroProperties {

    private String hashAlgorithmName="md5";

    private Integer hashIterations=2;

    private String loginUrl;

    private String unauthorizedUrl;

    private String [] anonUrls;

    private String  logoutUrl;

    private String [] authcUrls;
}

5.修改application配置文件

#shiro的配置
shiro.hash-algorithm-name:MD5
shiro.hash-iterations=1024
shiro.login-url=/index.html
shiro.unauthorized-url=/unauthorized.html
shiro.anon-urls[0]=/login/*
shiro.anon-urls[1]=/doc.html
shiro.anon-urls[2]=/swagger-ui.html
shiro.anon-urls[3]=/webjars/**
shiro.anon-urls[4]=/swagger/**
shiro.anon-urls[5]=/swagger-resources/**
shiro.anon-urls[6]=/v2/**
shiro.anon-urls[7]=/static/**
shiro.logout-url=/login/logout*
shiro.authc-urls[0]=/**

6.创建shiro配置类

package com.wzh.config;

import com.wzh.entity.ShiroProperties;
import com.wzh.filter.LoginFilter;
import com.wzh.realm.UserRealm;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.DelegatingFilterProxy;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.Map;

/**
 * @ProjectName: springboot
 * @Package: com.wzh.config
 * @ClassName: ShiroAutoConfiguration
 * @Author: 王振华
 * @Description: shiro配置类
 * @Date: 2022/8/6 17:37
 * @Version: 1.0
 */
@Configuration
public class ShiroAutoConfiguration {
    @Autowired
    private ShiroProperties shiroProperties;

    /**
     * 声明安全管理器
     * @return
     */
    @Bean
    public DefaultWebSecurityManager securityManager(){
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
        securityManager.setRealm(realm());
        return securityManager;
    }

    /**
     * 创建realm
     */
    @Bean
    public Realm realm(){
        UserRealm myRealm=new UserRealm();
        //注入凭证匹配器
        myRealm.setCredentialsMatcher(credentialsMatcher());
        return myRealm;
    }

    /**
     * 创建凭证匹配器
     */
    @Bean
    public HashedCredentialsMatcher credentialsMatcher(){
        HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher();
        credentialsMatcher.setHashAlgorithmName(shiroProperties.getHashAlgorithmName());
        credentialsMatcher.setHashIterations(shiroProperties.getHashIterations());
        return credentialsMatcher;
    }

    /**
     * 配置过滤器 Shiro 的Web过滤器 必须和下面的注册过滤器名称一样
     */
    @Bean(value = "shiroFilter")
    public ShiroFilterFactoryBean filterFactoryBean(){
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        //注入安全管理器
        factoryBean.setSecurityManager(securityManager());
        //注入登陆页面
        factoryBean.setLoginUrl(shiroProperties.getLoginUrl());
        //注入未授权的页面地址
        factoryBean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());

        //注入过滤器
        Map<String, String> filterChainDefinition=new HashMap<>();
        //注入放行地址
        if(shiroProperties.getAnonUrls()!=null&&shiroProperties.getAnonUrls().length>0){
            String[] anonUrls = shiroProperties.getAnonUrls();
            for (String anonUrl : anonUrls) {
                filterChainDefinition.put(anonUrl,"anon");
            }
        }
        //注入登出的地址
        if(shiroProperties.getLogoutUrl()!=null){
            filterChainDefinition.put(shiroProperties.getLogoutUrl(),"logout");
        }

        //注入拦截的地址
        String[] authcUrls = shiroProperties.getAuthcUrls();
        if(authcUrls!=null&&authcUrls.length>0){
            for (String authcUrl : authcUrls) {
                filterChainDefinition.put(authcUrl,"authc");
            }
        }
        factoryBean.setFilterChainDefinitionMap(filterChainDefinition);


        //设置自定义认证过滤器
        HashMap<String, Filter> filterMap=new HashMap<String, Filter>();
        filterMap.put("authc",new LoginFilter());
        factoryBean.setFilters(filterMap);

        return factoryBean;
    }

    /**
     * 注册过滤器
     */
    @Bean //注册filter
    public FilterRegistrationBean<Filter> filterRegistrationBean(){
        FilterRegistrationBean<Filter> filterRegistrationBean=new FilterRegistrationBean<>();
        filterRegistrationBean.setName("shiroFilter");
        filterRegistrationBean.setFilter(new DelegatingFilterProxy());
        filterRegistrationBean.addUrlPatterns("/*");
        return filterRegistrationBean;
    }

}

7.创建controller service mapper entity

config:

ShiroAutoConfigurtion:就上面的

SwaggerConfig:

package com.wzh.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.Contact;
import springfox.documentation.service.VendorExtension;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;

import java.util.ArrayList;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.config
 * @ClassName: SwaggerConfig
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 19:54
 * @Version: 1.0
 */
@Configuration
public class SwaggerConfig {
    @Bean   //swagger中所有的功能都封装在Docket类中。
    public Docket docket(){
        Docket docket = new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo())  //设置api文档信息
                .select()
                .apis(RequestHandlerSelectors.basePackage("com.wzh.controller")) //指定为哪些包下的类生成接口文档
                .build()
                ;

        return docket;
    }

    //定义自己接口文档信息
    private ApiInfo apiInfo(){
        Contact DEFAULT_CONTACT = new Contact("王振华", "http://www/baidu.com", "13234@qq.com");
        ApiInfo apiInfo = new ApiInfo("在线文档", "世界上最牛的一个文档", "V1.0", "http://www/jd.com",
                DEFAULT_CONTACT, "xx科技有限公司", "http://www.apache.org/licenses/LICENSE-2.0", new ArrayList<VendorExtension>());
        return apiInfo;
    }

}

controller:

LoginController:

package com.wzh.controller;

import com.wzh.util.CommonResult;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.*;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.controller
 * @ClassName: LoginController
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 17:51
 * @Version: 1.0
 */
@RestController
@RequestMapping("/login")
@Api(tags = "登录的接口")
public class LoginController {

    @GetMapping("/toLogin")
    @ApiOperation(value = "登录方法")
    @ApiImplicitParams(
            {
                    @ApiImplicitParam(value = "用户名",name = "username"),
                    @ApiImplicitParam(value = "密码",name = "password")
            }
    )
    public CommonResult login( String username, String password){
        System.out.println(username+password);
    //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        try {
            subject.login(token);
            System.out.println("-------------");
            return CommonResult.LOGIN_SUCCESS;
        }catch(Exception e){
            e.printStackTrace();
            return CommonResult.LOGIN_ERROR;
        }
    }

    @PostMapping("logout")
    @ApiOperation(value = "退出方法")
    public CommonResult logout(){
        //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return new CommonResult(200,"退出成功",null);
    }
}

PermissionController:

package com.wzh.controller;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @ProjectName: shiro-ssm0805
 * @Package: com.wzh.controller
 * @ClassName: PermissionController
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 19:57
 * @Version: 1.0
 */
@RestController
@Api(tags = "权限接口")
public class PermissionController {

    @PostMapping("/query")
    @ApiOperation(value = "查询方法")
    //使用shiro注解
    @RequiresPermissions(value = {"user:query","user:aaa"},logical = Logical.OR)
    public String query(){
        return "query";
    }

    @ApiOperation(value = "添加方法")
    @PostMapping("/add")
    @RequiresPermissions(value = {"user:add"})
    public String add(){
        return "add";
    }

    @ApiOperation(value = "删除方法")
    @PostMapping("/delete")
    @RequiresPermissions(value = {"user:delete"})
    public String delete(){
        return "delete";
    }

    @ApiOperation(value = "修改方法")
    @PostMapping("/update")
    @RequiresPermissions(value = {"user:update"})
    public String update(){
        return "update";
    }

    @ApiOperation(value = "导出方法")
    @PostMapping("/export")
    @RequiresPermissions(value = {"user:export"})
    public String export(){
        return "export";
    }
}

Service:

PermissionService:

package com.wzh.Service;

import java.util.List;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.service
 * @ClassName: PermissionService
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:27
 * @Version: 1.0
 */
public interface PermissionService {
    List<String> findPermissionById(Integer userid);
}

RoleService:

package com.wzh.Service;

import java.util.List;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.service
 * @ClassName: RoleService
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:27
 * @Version: 1.0
 */
public interface RoleService {

    List<String> findRolesById(Integer userid);
}

UserService:

package com.wzh.Service;

import com.wzh.entity.User;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.Service
 * @ClassName: UserService
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 17:51
 * @Version: 1.0
 */
public interface UserService {
    User findByUsername(String username);
}

PermissionServiceImpl:

package com.wzh.Service.impl;

import com.wzh.Service.PermissionService;
import com.wzh.mapper.PermissionMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.service.impl
 * @ClassName: PermissionServiceImpl
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:28
 * @Version: 1.0
 */
@Service
public class PermissionServiceImpl implements PermissionService {
    @Autowired
    private PermissionMapper permissionMapper;

    @Override
    public List<String> findPermissionById(Integer userid) {
        List<String> list = permissionMapper.selectPercodeByUserId(userid);
        return list;
    }
}

RoleServiceImpl:

package com.wzh.Service.impl;

import com.wzh.Service.RoleService;
import com.wzh.mapper.RoleMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.service.impl
 * @ClassName: RoleServiceImpl
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:28
 * @Version: 1.0
 */
@Service
public class RoleServiceImpl implements RoleService {
    @Autowired
    private RoleMapper roleMapper;
    @Override
    public List<String> findRolesById(Integer userid) {
        List<String> list = roleMapper.selectRolenameByUserId(userid);
        return list;
    }
}

UserServiceImpl:

package com.wzh.Service.impl;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.wzh.Service.UserService;
import com.wzh.entity.User;
import com.wzh.mapper.UserMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.Service.impl
 * @ClassName: UserServiceImpl
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 17:52
 * @Version: 1.0
 */
@Service
public class UserServiceImpl implements UserService {
    @Autowired
    private UserMapper userMapper;

    @Override
    public User findByUsername(String username) {
        QueryWrapper<User> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("username",username);
        User user = userMapper.selectOne(queryWrapper);
        return user;
    }
}

mapper:

PermissionMapper:

package com.wzh.mapper;

import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.wzh.entity.Permission;
import org.apache.ibatis.annotations.Select;


import java.util.List;

/**

@ProjectName: ssm-shiro
@Package: com.wzh.mapper
@ClassName: PermissionMapper
@Author: 王振华
@Description: 
@Date: 2022/8/4 22:21
@Version: 1.0
*/
public interface PermissionMapper extends BaseMapper<Permission> {
    @Select("select percode from user_role ur" +
            "            join role_permission rp on ur.roleid=rp.roleid" +
            "            join permission p on p.perid=rp.perid" +
            "        where ur.userid = #{userid}")
    List<String> selectPercodeByUserId(Integer userid);
}

RoleMapper:

package com.wzh.mapper;



import org.apache.ibatis.annotations.Select;

import java.util.List;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.mapper
 * @ClassName: RoleMapper
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:21
 * @Version: 1.0
 */

public interface RoleMapper {
    @Select("select rolename from user_role ur" +
            "            join role r on ur.roleid=r.roleid" +
            "        where ur.userid = #{userid}")
    List<String> selectRolenameByUserId(Integer userid);
}

UserMapper:

package com.wzh.mapper;

import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.wzh.entity.User;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.mapper
 * @ClassName: UserMapper
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 17:52
 * @Version: 1.0
 */
public interface UserMapper extends BaseMapper<User> {
}

entity:

Permission:

package com.wzh.entity;

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.entity
 * @ClassName: Permission
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:22
 * @Version: 1.0
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
@ApiModel("权限实体类")
public class Permission {
    @ApiModelProperty(value = "id属性")
    private Integer perid;
    @ApiModelProperty(value = "权限名")
    private String pername;
    @ApiModelProperty(value = "权限码")
    private String percode;
}

Role:

package com.wzh.entity;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.entity
 * @ClassName: Role
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:22
 * @Version: 1.0
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
public class Role {
    private Integer roleid;

    private String rolename;
}

User:

package com.wzh.entity;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * @ProjectName: ssm-shiro
 * @Package: com.wzh.entity
 * @ClassName: User
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/4 22:19
 * @Version: 1.0
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
public class User {
    private Integer userid;

    private String username;

    private String userpwd;

    private String sex;

    private String address;

    private String salt;

}

filter:

LoginFilter:

package com.wzh.filter;

import com.fasterxml.jackson.databind.ObjectMapper;

import com.wzh.util.CommonResult;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.PrintWriter;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.filter
 * @ClassName: LoginFilter
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 17:47
 * @Version: 1.0
 */
public class LoginFilter extends FormAuthenticationFilter {
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        response.setContentType("application/json;charset=utf-8");
        PrintWriter writer = response.getWriter();
        CommonResult commonResult = CommonResult.UNLOGIN;
        ObjectMapper objectMapper = new ObjectMapper();
        String json = objectMapper.writeValueAsString(commonResult);
        writer.print(json);
        writer.flush();
        writer.close();
        return  false;
    }
}

handler:

MyException:

package com.wzh.handler;

import com.wzh.util.CommonResult;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.handler
 * @ClassName: MyException
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 19:02
 * @Version: 1.0
 */
@ControllerAdvice
public class MyException {
    @ExceptionHandler(value = UnauthorizedException.class)
    @ResponseBody
    public CommonResult Unauth(UnauthorizedException e){
       e.printStackTrace();
       return CommonResult.UNAUTHORIZED;
    }
}

util:

CommonResult:

package com.wzh.util;

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * @ProjectName: springboot-shiro-swagger
 * @Package: com.wzh.util
 * @ClassName: CommonResult
 * @Author: 王振华
 * @Description:
 * @Date: 2022/8/5 18:03
 * @Version: 1.0
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
@ApiModel("统一返回json对象")
public class CommonResult {
    @ApiModelProperty("状态码")
    private Integer code;
    @ApiModelProperty("响应的信息内容")
    private String msg;
    @ApiModelProperty("响应的数据")
    private Object data;

    public static final CommonResult UNLOGIN = new CommonResult(403,"未登录",null);
    public static final CommonResult UNAUTHORIZED = new CommonResult(405,"未授权",null);
    public static final CommonResult LOGIN_SUCCESS = new CommonResult(200,"登录成功",null);
    public static final CommonResult LOGIN_ERROR = new CommonResult(-1,"登录失败",null);
}

8.创建realm

package com.wzh.realm;

import com.wzh.Service.PermissionService;
import com.wzh.Service.RoleService;
import com.wzh.Service.UserService;
import com.wzh.entity.User;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * @ProjectName: springboot
 * @Package: com.wzh.realm
 * @ClassName: UserRealm
 * @Author: 王振华
 * @Description: 自定义realm
 * @Date: 2022/8/6 17:50
 * @Version: 1.0
 */
public class UserRealm extends AuthorizingRealm {
    @Autowired
    private UserService userService;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private RoleService roleService;

    //当你进行权限校验时会执行该方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        User user = (User) principals.getPrimaryPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //根据账号查找该用户具有哪些权限
        List<String> list = permissionService.findPermissionById(user.getUserid());
        if(list!=null&&list.size()>0){
            info.addStringPermissions(list);
        }
        List<String> roles = roleService.findRolesById(user.getUserid());
        if(roles!=null&&roles.size()>0){
            info.addRoles(roles);
        }
        return info;
    }

    //该方法用于完成认证的功能
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //1.根据token获取账号
        String username = (String) token.getPrincipal();
        /**
         * 以前登陆的逻辑是  把用户和密码全部发到数据库  去匹配
         * 在shrio里面是先根据用户名把用户对象查询出来,再来做密码匹配
         */

        //2.根据账号查询用户信息
        User user = userService.findByUsername(username);
        //表示该用户名在数据库中存在
        if(user!=null){
            /**
             * 参数说明
             * 参数1:可以传到任意对象
             * 参数2:从数据库里面查询出来的密码
             * 参数3:盐
             * 参数4:当前类名
             */
            ByteSource credentialsSalt = ByteSource.Util.bytes(user.getSalt());
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getUserpwd(),credentialsSalt,this.getName());
            return info;
        }
        return null;
    }
}

 

 运行程序如果报404,看是否开启shiro注解

 //开始shiro注解
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
        return authorizationAttributeSourceAdvisor;
    }
    @Bean
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

使用swagger doc.html无法访问以及样式无效。 shiro拦截规则拦截了  记得在配置文件中放行

 

码农终将翻身
关注
专栏目录
全程配图超清晰的Springboot权限控制后台管理项目实战第二期(Springboot+shiro+mybatis+redis)
qq_47376720的博客
09-04 393
全程配图超清晰的Springboot权限控制后台管理项目实战第二期(Springboot+shiro+mybatis+redis) 众所周知,作为一个后端新手学习者,通过项目来学习,增长项目经验,是一个非常好的学习途径,所以我就找到了一个个人博客的项目,经过自己的调试和学习,现在已经比较完全的掌握了这个项目的创作过程,和一些细节方面的东西,在这里我把项目源码和项目实例都给出来,并且在后面进行一些细节和整体思路上的详解。 Springboot加Springsceurity实现权限管理系统全程配图超清晰的Spr
springboot+shiro+swagger2前后端分离整合
03-03
springboot+shiro+swagger2前后端分离整合: https://blog.csdn.net/wmlwml0000/article/details/104631552
swagger --> springboot+shiro整合swagger
weixin_40571937的博客
09-02 1203
1. 添加swagger依赖: <!--swagger2--> <!-- https://mvnrepository.com/artifact/io.springfox/springfox-swagger2 --> <dependency> <groupId>io.springfox</groupId> <artifactId>springf
springboot整合shiro并使用swagger进行登录测试和权限测试
m0_59762490的博客
08-06 1498
简单的前后端分离
Springboot + Shiro + Swagger
LOL111222333的博客
02-02 245
在使用SpringBoot + shiro 向利用配置的方式生成在线Swagger接口文档,发现总是报错,百思不得其解。最后慢慢对比发现是Shiro的问题。可是我明明配置了让shiro放行生成接口文档的请求了。而且放行链路也采用LinkHashMap ,但问题还是存在,在偶然的调试中,我发现。居然可以了。 我的操作是: 1.登录一个用户 2.进行一次请求。 3.访问Swagger在线文档,哎呀!!! 可以了???? 挺惊讶的,但是不知道是为什么? ...
Shiro 放行Swagger
Thinkingcao的专栏
12-27 2127
一、前言 最近在研究Shiro,遇到一个棘手的问题:SpringBoot 集成Shiro后, Swagger接口得登陆才能访问,找了一下问题,记在这里。 二、Shiro放行SwaggerShiro 的配置文件中找到拦截器,将Swagger接口的路径放行即可 //放行Swagger2页面,需要放行这些 filterChainDefinitionMap.put("/swagger-ui...
搭建Springboot整合shiro安全框架+Redis+Swagger+Filter超详细
最新发布
07-08
在本教程中,我们将深入探讨如何利用Spring Boot整合Shiro安全框架,以实现用户认证与授权,同时结合Redis进行会话管理,以及使用Swagger为API提供文档化接口,最后通过Filter实现自定义的请求处理。以下是对这些...
springboot+shiro+websocket+swagger
04-19
Shiro框架提供了用户认证、授权、会话管理和加密功能,是SpringBoot项目中常见的安全解决方案。集成Shiro通常包括配置SecurityManager,创建自定义Realm实现数据源的认证和授权,以及使用Shiro标签库进行权限控制。...
springboot+mybatis+swagger+shiro+ecache+nginx+angularjs前端
05-23
标题 "springboot+mybatis+swagger+shiro+ecache+nginx+angularjs前端" 描述了一个集成多种技术的Web应用开发示例。这个项目融合了后端开发框架Spring Boot、持久层框架MyBatis、API文档管理工具Swagger安全框架...
springboot集成swagger2(shiro配置)
半生@浮名的博客
07-08 487
1.pom.xml文件添加 <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>2.2.2...
springbooot+shiro+jwt+swagger+mysql+vue.zip
06-05
不得用作商业用途,一经发现,必定追究责任 注意,下载后,记得删除shiro包中JwtUtil中的verify方法里withClaim("user"这一行 非常抱歉上传的时候忘记删除了,如果不删除会登录无效的。 自己搭建的一个简易的前后台分离框架maven项目,使用springboot+shiro+jwt+vue。数据库mysql,mybatis。实现了登录,和一个简单的首页。实现了菜单权限的限制。前台使用的vue。axios进行后台访问。菜单通过后台直接查询展示用户拥有权限的菜单。前台项目、后台项目、以及数据库都有,如果环境没问题,下载下去应该可以直接使用。 自己在学习的过程中搭建的,有缺陷欢迎大家指出来。前台写的有点乱,毕竟不是专业的。 后台使用的idea开发的。前台使用的vscode。
SpringMVC集成Swagger
02-28
SpringMVC集成Swagger,最干净的一个Demo。里面有步骤说明。非常简单。运行测试OK。
springboot项目集成swagger,并让shiro放行
龙ygl龙的博客
05-20 4684
其实写接口文档的工具有很多。比如wiki,confluence(这个用的也挺多的。安装步骤可以参见我这篇博客https://blog.csdn.net/qq_29281307/article/details/89345052) 但是总结下来,还是觉得swaggerui比较好用,不仅可以在编程过程中就生成api文档,而且还可以通过swagger调试接口,这对于后台开发人员来说真是太方便了。避免再去...
shiro整合swagger问题
夙白风语的博客
11-27 310
有很多mapping访问不到,多数是被shiro拦截了,是因为Swagger需要的一些资源没有放开,放开之后就好了 <!-- 开放以下资源就可以了 --> /swagger-ui.html=anon /swagger-resources/** = anon /v2/api-docs/** = anon /webjars/springfox-swagger-ui/** = anon ...
Springboot+shiro+jwt+redis+swagger前后端分离实战脚手架搭建-创建项目基本骨架
u012197505的博客
04-23 778
1.Spring实战脚手架搭建-创建项目基本骨架 1.1 快速创建 Spring Boot 项目 目录如下 pom 文件如下 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001...
SpringBoot整合ShiroSwagger
XXuan_的博客
03-15 837
Shiro是一款十分好用的权限管理框架 可以和SpringBoot整合实现页面的权限控制 首先导入pom依赖 <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring --> <dependency> <groupId>org.apache....
springboot篇】十六. springboot整合shiroswagger2实现前后分离
TheNew_One的博客
02-28 604
springboot整合shiroswagger2实现前后分离 中国加油,武汉加油! 篇幅较长,配合右边目录观看 项目准备 创建springboot项目nz1904-springboot-08-shiro-swagger 加入Web的SpringWeb依赖和Lombox依赖 导相关依赖<dependency> <groupId>com.alibaba</grou...
SpringBoot 集成Swagger2
等_天蓝再看海的博客
02-09 784
SpringBoot集成Swagger2时,使用shiro安全拦截时,主要碰到以下几个问题1.shiro拦截请求时,会把swagger2拦截2.拦截放开swagger时,也会拦截对应的css、js文件等经过几次测试在shiroConfig文件中加入一下几个配置就可以了@Bean public ShiroFilterFactoryBean shirFilter(SecurityManag...
springboot+shiro+jwt+mybatisplus框架
06-09
这个框架整合可以分为以下几个步骤: 1. 集成 Spring Boot:在 pom.xml 文件中添加 Spring Boot 依赖,创建 Spring Boot 启动类。 2. 集成 MyBatis Plus:在 pom.xml 文件中添加 MyBatis Plus 依赖,配置数据源和 ...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值