【2020-03-02 SpringBoot 的Shiro 授權與認證的基本使用示例】

SpringBoot 的Shiro 授權與認證的基本使用

項目結構

1、引入pom文檔

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.2.5.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.ybs</groupId>
    <artifactId>spring-shiro-web</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>spring-shiro-web</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.1</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

Realm

package com.ybs.config;

import com.ybs.pojo.User;
import com.ybs.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * UserRealm
 *
 * @author Paulson
 * @date 2020/3/2 22:40
 */

@Slf4j
public class UserRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    // 授權
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        log.info("執行了 =》授權 doGetAuthorizationInfo");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        // 拿到當前登錄的對象
        Subject subject = SecurityUtils.getSubject();
        User currentUser = (User) subject.getPrincipal();

        // 設置當前的用戶權限
        info.addStringPermission(currentUser.getPerms());


        return info;
    }

    // 認證
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        log.info("執行了 =》認證 doGetAuthorizationInfo");
        // 用戶名、密碼 數據庫中取

        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
        User user = userService.queryUserByName(userToken.getUsername());
        if (user == null){
            return null; // 拋出異常 UnknownAccountException
        }
        // 密碼認證
        return new SimpleAuthenticationInfo(user, user.getPwd(),"");
    }
}

Config

package com.ybs.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * ShiroConfig
 *
 * @author Paulson
 * @date 2020/3/2 22:38
 */

@Configuration
public class ShiroConfig {
    // 3、ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        // 設置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);
        // 添加 shiro 的內置過濾器

        /*
            anno: 無需認證就可以訪問
            anthc: 必須認證才能訪問
            user: 必須擁有 記住我 功能才能用
            perms: 擁有對某個資源的權限才能訪問
            role: 擁有某個角色權限才能訪問
         */

        // 攔截
        Map<String, String> filterMap = new LinkedHashMap<>();

        // 授權,正常情況下，沒有授權會跳轉到未授權頁面
        filterMap.put("/user/add", "perms[user:add]");
        filterMap.put("/user/update", "perms[user:update]");

//        filterMap.put("/user/add", "authc");
//        filterMap.put("/user/update", "authc");
        filterMap.put("/user/*", "authc");



        bean.setFilterChainDefinitionMap( filterMap);

        // 設置登錄請求
        bean.setLoginUrl("/toLogin");
        // 設置未授權頁面
        bean.setUnauthorizedUrl("/noauth");





        return bean;
    }

    // 2、DefaultWebSecurityManager
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 關聯 UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }
    // 1、創建 Realm 對象，需要自定義
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }




}