ssm & springboot 整合shiro
2020-06-06 本文已影响0人
Summer2077
ssm整合shiro
- maven依赖
<!--shiro-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.3</version>
</dependency>
2.在applicationContext.xml中开启扫描相关的bean和注解支持。
<context:annotation-config/>
<context:component-scan base-package="com.summer.config" />
3.com/summer/config/ShiroConfig.java
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
//添加shiro内置的过滤器
/*
anon: 无需认证就可以访问
authc: 必须认证才能访问
user: 必须拥有 记住我功能才能使用
perms: 拥有对某个资源的权限才能访问
role: 拥有某个角色权限才能访问
*/
Map<String, String> filterMap = new LinkedHashMap<String, String>();
//这个要写在上面不然不生效
filterMap.put("/user/add","perms[user:add]");
filterMap.put("/index","authc");
bean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求页面
bean.setLoginUrl("/toLogin");
//未授权的页面
bean.setUnauthorizedUrl("/toUnauthorized");
return bean;
}
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
return new DefaultWebSecurityManager(userRealm);
}
//创建realm对象
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
- com/summer/config/UserRealm
public class UserRealm extends AuthorizingRealm {
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("doGetAuthorizationInfo");
return null;
}
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("doGetAuthenticationInfo");
return null;
}
}
5.在web.xml 中配置shiro的拦截器
<!-- 配置 Shiro 的 Filter -->
<filter>
<description>shiro 权限拦截</description>
<filter-name>shiroFilterFactoryBean</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilterFactoryBean</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
springboot整合shiro
shiro的三大对象
subject 用户
securityManager 管理所有的用户
Realm 连接数据
导入shiro
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.3</version>
</dependency>
配置类
ShiroConfig
package com.summer.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
//添加shiro内置的过滤器
/*
anon: 无需认证就可以访问
authc: 必须认证才能访问
user: 必须拥有 记住我功能才能使用
perms: 拥有对某个资源的权限才能访问
role: 拥有某个角色权限才能访问
*/
Map<String, String> filterMap = new LinkedHashMap<>();
//这个要写在上面不然不生效
filterMap.put("/user/add","perms[user:add]");
filterMap.put("/user/*","authc");
bean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求页面
bean.setLoginUrl("/toLogin");
//未授权的页面
bean.setUnauthorizedUrl("/toUnauthorized");
return bean;
}
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
return new DefaultWebSecurityManager(userRealm);
}
//创建realm对象
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
UserRealm
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserMapper userMapper;
// Authorization 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了doGetAuthorizationInfo===》授权");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermission("user:add");
Subject subject = SecurityUtils.getSubject();
User user = (User) subject.getPrincipal();
System.out.println(user.getPerms());
info.addStringPermission(user.getPerms());
return info;
}
// Authentication 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
User user = userMapper.queryUserByName(((UsernamePasswordToken) token).getUsername());
if (user==null){
return null;
}
return new SimpleAuthenticationInfo(user,user.getUpwd(),"");
}
}
MyController
package com.summer.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class MyController {
@RequestMapping({"/","index"})
public String helloword(Model model){
model.addAttribute("message","HelloWord");
return "index";
}
@RequestMapping({"/user/add"})
public String toAdd(){
return "user/add";
}
@RequestMapping({"/user/update"})
public String toUpdate(){
return "user/update";
}
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
@RequestMapping("/login")
public String Login(String name,String password,Model model){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(name,password);
try {
subject.login(token);
return "index";
} catch (UnknownAccountException uae) {
model.addAttribute("message","用户名不存在");
return "login";
} catch (IncorrectCredentialsException ice){
model.addAttribute("message","密码错误");
return "login";
}
}
@RequestMapping("/toUnauthorized")
public String toUnauthorized(){
return "unauthorized";
}
}
