当前位置 博文首页 > m0_46212244的博客:springboot整合shiro

最大化 缩小

    m0_46212244的博客:springboot整合shiro

    作者:[db:作者] 时间:2021-09-23 13:24

    1.导入需要(shiro)的依赖

    <!--shiro依赖-->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.4.0</version>
		</dependency>
		<!--shiro和thymeleaf整合-->
		<dependency>
			<groupId>com.github.theborakompanioni</groupId>
			<artifactId>thymeleaf-extras-shiro</artifactId>
			<version>2.0.0</version>
		</dependency>

    2.代码演示

    package com.zte.mds.web.config.security;


import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

import java.util.HashMap;
import java.util.Map;


public class RealmConfig extends AuthorizingRealm {

    // 授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行授权");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 拿到当前登录的对象
        Subject subject = SecurityUtils.getSubject();
        // 拿到User对象,这个是认证方法返回的
        User principal = (User) subject.getPrincipal();
        // 设置当前用户数据
        info.addStringPermission(principal.getUserName());
        return info;
    }

    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行认证");

        // 演练比如数据库取到数据 ---PS:可以自行连接数据库测试
        String userName = "1437";
        String passWord = "201437";
        String roles = "user:delete";
        User user = new User();
        user.setUserName(userName);
        user.setPassWord(passWord);
        user.setRoles(roles);

        UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
        if (!userToken.getUsername().equals(userName)) {
            return null;  // 抛出异常
        }
        // 将当前用户存入session
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.setAttribute("index", user);
        // 密码认证shiro帮我们做了
        return new SimpleAuthenticationInfo(user, passWord, "");
    }
}


    package com.zte.mds.web.config.security;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
@SuppressWarnings({"all"})
public class ShiroConfig {

    // 创建shiro过滤工厂Bean
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(
            @Qualifier("securityManagerBean") DefaultWebSecurityManager defaultWebSecurityManager) {
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(defaultWebSecurityManager);

        /**
         * anon: 无需认证就可以访问
         * authc: 必须认证了才能访问
         * user: 必须拥有记住我才能访问
         * perms: 拥有对某个资源的权限才能访问
         * role: 拥有某个角色权限才能访问
         */
        Map<String, String> filterMap = new LinkedHashMap<>();
        // 表示home页面下的所有请求都需要认证才能访问
        filterMap.put("/home/*", "authc");
        // 表示下面请求都需要认证才能访问
        filterMap.put("/user/delete", "authc");
        filterMap.put("/user/update", "authc");
        // 将过滤的设置添加进bean
        bean.setFilterChainDefinitionMap(filterMap);
        // 如果没有认证 就跳转去登录页面
        bean.setLoginUrl("/login");
        // 授权,一般情况下,没有授权会跳转到未授权页面
        filterMap.put("/user/delete", "perms[user:delete]");
        filterMap.put("/user/update", "perms[user:update]");
        // 如果没有授权
        bean.setUnauthorizedUrl("/unauthorized");
        return bean;
    }

    // 创建安全管理员
    @Bean(name = "securityManagerBean")
    public DefaultWebSecurityManager defaultWebSecurityManager(
            @Qualifier("realmConfigBean") RealmConfig realmConfig) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realmConfig);
        return securityManager;
    }

    // 创建realm对象
    @Bean(name = "realmConfigBean")
    public RealmConfig realmConfig() {
        return new RealmConfig();
    }

    // 整合shiroDialect  --用来整合shiro和thymelaef
    @Bean(name = "shiroDialectBean")
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }
}


    package com.zte.mds.web.config.security;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.
    上一篇:m0_46212244的博客:java基础面试题整理-2021
    下一篇:没有了