SpringBoot 的Shiro 授權與認證的基本使用
項目結構
1、引入pom文檔
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.5.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.ybs</groupId>
<artifactId>spring-shiro-web</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-shiro-web</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Realm
package com.ybs.config;
import com.ybs.pojo.User;
import com.ybs.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
/**
* UserRealm
*
* @author Paulson
* @date 2020/3/2 22:40
*/
@Slf4j
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
// 授權
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
log.info("執行了 =》授權 doGetAuthorizationInfo");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 拿到當前登錄的對象
Subject subject = SecurityUtils.getSubject();
User currentUser = (User) subject.getPrincipal();
// 設置當前的用戶權限
info.addStringPermission(currentUser.getPerms());
return info;
}
// 認證
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
log.info("執行了 =》認證 doGetAuthorizationInfo");
// 用戶名、密碼 數據庫中取
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
User user = userService.queryUserByName(userToken.getUsername());
if (user == null){
return null; // 拋出異常 UnknownAccountException
}
// 密碼認證
return new SimpleAuthenticationInfo(user, user.getPwd(),"");
}
}
Config
package com.ybs.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* ShiroConfig
*
* @author Paulson
* @date 2020/3/2 22:38
*/
@Configuration
public class ShiroConfig {
// 3、ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
// 設置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
// 添加 shiro 的內置過濾器
/*
anno: 無需認證就可以訪問
anthc: 必須認證才能訪問
user: 必須擁有 記住我 功能才能用
perms: 擁有對某個資源的權限才能訪問
role: 擁有某個角色權限才能訪問
*/
// 攔截
Map<String, String> filterMap = new LinkedHashMap<>();
// 授權,正常情況下,沒有授權會跳轉到未授權頁面
filterMap.put("/user/add", "perms[user:add]");
filterMap.put("/user/update", "perms[user:update]");
// filterMap.put("/user/add", "authc");
// filterMap.put("/user/update", "authc");
filterMap.put("/user/*", "authc");
bean.setFilterChainDefinitionMap( filterMap);
// 設置登錄請求
bean.setLoginUrl("/toLogin");
// 設置未授權頁面
bean.setUnauthorizedUrl("/noauth");
return bean;
}
// 2、DefaultWebSecurityManager
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 關聯 UserRealm
securityManager.setRealm(userRealm);
return securityManager;
}
// 1、創建 Realm 對象,需要自定義
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}