Spring Boot -Shiro配置多Realm

核心类简介

xxxToken：用户凭证
xxxFilter：生产token，设置登录成功，登录失败处理方法，判断是否登录连接等
xxxRealm：依据配置的支持Token来认证用户信息，授权用户权限

核心配置

Shrio整体配置：ShrioConfig.java

 @Bean
 public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);

  Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
  //将自定义 的FormAuthenticationFilter注入shiroFilter中
  filters.put("authc", new AuthenticationFilter());
  filters.put("wechat",new ExWechatAppFilter());
  shiroFilterFactoryBean.setFilters(filters);
  
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
  ...
  //建立url和filter之间的关系
  filterChainDefinitionMap.put("/wechat/**","wechat");
  filterChainDefinitionMap.put("/**", "authc");
  ...
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
  return shiroFilterFactoryBean;
 }


 @Bean
 public SecurityManager securityManager() {
  DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
  securityManager.setAuthenticator(exModularRealmAuthenticator());
  List<Realm> realms = new ArrayList<>();
  //设置多Realm
  realms.add(systemRealm());
  realms.add(wechatAppRealm());
  securityManager.setRealms(realms);
  securityManager.setCacheManager(ehCacheManager());
  securityManager.setRememberMeManager(cookieRememberMeManager());
  return securityManager;
 }
 //重要！！定义token与Realm关系，设置认证策略
 public MyModularRealmAuthenticator myModularRealmAuthenticator(){
  MyModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();
  FirstSuccessfulStrategy strategy = new FirstSuccessfulStrategy();
  authenticator.setAuthenticationStrategy(strategy);
  return authenticator;
 }
    
    
 @Bean
 public SystemRealm systemRealm() {
  SystemRealm systemRealm = new SystemRealm();
  systemRealm.setAuthorizationCachingEnabled(true);
  systemRealm.setAuthorizationCacheName("authorization");
  systemRealm.setCredentialsMatcher(hashedCredentialsMatcher());
  return systemRealm;
 }

 @Bean
 public WechatAppRealm WechatAppRealm(){
  WechatAppRealm wechatAppRealm = new WechatAppRealm();
  wechatAppRealm.setAuthorizationCachingEnabled(false);
  return WechatAppRealm;
 }

Realm，Token关联关系配置：MyModularRealmAuthenticator.java

public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
 @Override
 protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
  assertRealmsConfigured();
//依据Realm中配置的支持Token来进行过滤
  List<Realm> realms = this.getRealms()
   .stream()
   .filter(realm -> realm.supports(authenticationToken))
   .collect(Collectors.toList());
    if (realms.size() == 1) {
   return doSingleRealmAuthentication(realms.get(0), authenticationToken);
  } else {
   return doMultiRealmAuthentication(realms, authenticationToken);
  }
 }
    
}

认证授权配置：Realm.java

public class SystemRealm extends AuthorizingRealm {
 ... 

 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
  //重要！！多realm每个都会执行授权相关信息，此处进行过滤
  if(principals.fromRealm(getName()).isEmpty()){
   return null;
  }
  //授权代码...
  return authorizationInfo;
 }

 /**
  * 主要是用来进行身份认证的
  */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
   throws AuthenticationException {
  //生产AuthenticationInfo代码...
 //校验的部分由配置的credentialsMatcher进行处理
  return authenticationInfo;
 }
 /**
  * 扩展认证token
  *
  * @param authenticationToken
  * @return boolean
  * @author mjm
  * @date 2018/7/3 12:32
  */
 @Override
 public boolean supports(AuthenticationToken authenticationToken) {
  //设置此Realm支持的Token
  return authenticationToken != null && (authenticationToken instanceof UsernamePasswordToken );
 }
}

过滤器配置：AuthenticationFilter.java

基础的过滤器类型：官网中默认有很多已实现的过滤器，可依据需求扩展

public class AuthenticationFilter extends FormAuthenticationFilter {
 ....
 /**
  * 创建令牌
  *
  * @param servletRequest ServletRequest
  * @param servletResponse ServletResponse
  * @return 令牌
  */
 @Override
 protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
  //依据request中不同的参数创建不同的token...
  return new xxxToken(...);
 }

 ....
}

参考资料

http://shiro.apache.org/realm.html#Realm-Supporting%7B%7BAuthenticationTokens%7D%7D