SpringBoot+Shiro

头像
LLL_
    阅读 5 分钟
    1、继承AuthorizingRealm 实现 认证(doGetAuthenticationInfo) 和 授权(doGetAuthorizationInfo) 
2、shiro    配置UserRealm、DefaultWebSecurityManager、ShiroFilterFactoryBean
3、ShiroFilterFactoryBean方法里配置认证和授权

登录
 UsernamePasswordToken token = new UsernamePasswordToken(user.getUser(), user.getPassword());
 Subject subject = SecurityUtils.getSubject();
 subject.login(token);

退出登录
        Subject subject = SecurityUtils.getSubject();
        subject.logout();

    1、添加Shiro依赖

            <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.1</version>
        </dependency>

    2、创建ShiroConfig

    @Configuration
public class ShiroConfig {

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("manager")DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(defaultWebSecurityManager);

        LinkedHashMap<String, String> map = new LinkedHashMap<>();

        //添加shiro的内置过滤器
        /*
            anon:无需认证可以访问
            authc:必须认证才能访问
            user:必须拥有 记住我 功能才能用
            perms:拥有对某个资源的权限才能访问
            role:拥有某个角色权限才能访问
         */


        //perms需要在authc前面 先认证再授权

        //1、权限授权
        map.put("/user/selectAll","perms[user:user]");
        map.put("/user/selectOne","perms[user:add]");

        //2、认证
        map.put("/user/*","authc");

        bean.setFilterChainDefinitionMap(map);

        //没有认证跳转接口
        bean.setLoginUrl("/user");

        //没有授权跳转接口
        bean.setUnauthorizedUrl("/selectPerms");

        return bean;
    }

    @Bean("manager")
    public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(userRealm);
        return manager;
    }

    @Bean("userRealm")
    public UserRealm userRealm(){
        return new UserRealm();
    }
}

    3、Realm授权、认证

    
public class UserRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("授权++++++++++++++++++++++++++++++");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        //获取认证 得到的用户信息
        Subject subject = SecurityUtils.getSubject();
        User currentUser = (User) subject.getPrincipal();

        //设置当前用户的权限
        info.addStringPermission(currentUser.getPerms());

        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("认证++++++++++++++++++++++++++++++");

        //接口new UsernamePasswordToken传入的参数 authenticationToken
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

        User user = userService.selectUser(token.getUsername());

        //用户不存在  报错
        if (user == null){
            return null;
        }

        //user赋值过去 SecurityUtils.getSubject().getPrincipal();获取user的值   user.getPassword()交给框架去校验
        return new SimpleAuthenticationInfo(user,user.getPassword(),"");
    }
}

    4、LogController

    @RestController
public class LoginController {

    //退出当前登录用户
    @GetMapping("/loginOut")
    public String loginOut(){
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "退出登录";
    }

    @PostMapping("/login")
    public String login(@RequestBody User user){
        UsernamePasswordToken token = new UsernamePasswordToken(user.getUser(), user.getPassword());
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(token);
            return "登录成功";
        }catch (Exception e){
            return "登录失败";
        }
    }

    @GetMapping("/user")
    public String selectUser(){
        return "认证拦截";
    }

    @GetMapping("/selectPerms")
    public String selectPerms(){
        return "你没有该权限";
    }

}

    5、测试接口

    @RestController
@RequestMapping("/user")
public class UserController {

    @Autowired
    private UserService userService;

    @GetMapping("/selectAll")
    public List<User> selectAll(){
        return userService.selectAll();
    }

    @GetMapping("/selectOne")
    public List<User> selectOne(){
        return userService.selectAll();
    }

}
    javashiro
    LLL_
    15 声望3 粉丝
    « 上一篇
    SpringBoot+Aop+redis+Jedis(防止重复提交)
    下一篇 »
    Java获取第三方接口数据

    引用和评论

    推荐阅读
    头像
    spring boot结合rocketmq

    LLL_阅读 481

    头像
    Java8的新特性

    codecraft36阅读 31.7k评论 1

    头像
    Java11的新特性

    codecraft28阅读 22.5k评论 3

    头像
    Java5的新特性

    codecraft13阅读 26.7k

    头像
    Java9的新特性

    codecraft20阅读 18.7k

    头像
    Java13的新特性

    codecraft17阅读 13.8k

    头像
    Java7的新特性

    codecraft10阅读 21.3k

    0 条评论
    得票最新