emmm,權限控制中不僅需要不同對管理員身份的控制,還需要使用一套後臺代碼實現對不同身份(用戶/管理員)的分流
部分代碼如下:
package com.swf.attence.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import java.util.Set;
/**
* @author : white.hou [email protected]
* @description : 登錄的controller
* @date: 2018/12/30_20:32
*/
@Controller
public class LoginController {
private static final Logger logger = LoggerFactory.getLogger(LoginController.class);
@PostMapping("/login")
public String login(@RequestParam("adminid") String adminid, @RequestParam("password") String password, Model model){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(adminid, password);
try {
subject.login(usernamePasswordToken);
Session session = subject.getSession();
session.setAttribute("adminIdSession",adminid);
logger.info("用戶"+adminid+"登錄");
Set<String> realmNames = subject.getPrincipals().getRealmNames();
if (realmNames.contains("com.swf.attence.shiro.AdminRealm_0")){
return "index/index_admin";
}else {
return "index/index_user";
}
}catch (UnknownAccountException e) {
/**
* 登錄失敗:用戶名不存在
*/
model.addAttribute("msg", "用戶名不存在,請校驗後登錄");
return "login";
} catch (IncorrectCredentialsException e) {
/**
* 登錄失敗:密碼錯誤
*/
model.addAttribute("msg", "密碼錯誤,請重新輸入");
return "login";
}
}
}
package com.swf.attence.shiro;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author : white.hou
* @description : shiro配置類
* @date: 2018/12/30_20:25
*/
@Configuration
public class ShiroConfig {
/**
* 創建ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
/**
* 關聯securityManager
*/
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
/**
* 添加Shiro內置過濾器
* 常用:
* anon:無需認證(登錄)就能訪問
* authc:必須認證才能訪問
* user:使用rememberMe功能可以直接訪問
* perms:該資源必須得到資源權限才能訪問
* role:該資源必須得到角色權限才能訪問
*/
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/","authc");
filterMap.put("/login","anon");
filterMap.put("/camera/*","perms[super_admin]");
filterMap.put("/stateControl/*","perms[super_admin]");
filterMap.put("/timeControl/*","perms[super_admin]");
filterMap.put("/userMsgControl/*","perms[super_admin]");
shiroFilterFactoryBean.setLoginUrl("/tologin");
shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 創建DefaultWebSecurityManager
* @return
*/
@Bean(name = "securityManager")
public DefaultWebSecurityManager securityManager(){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setAuthenticator(modularRealmAuthenticator());
ArrayList<Realm> realms = new ArrayList<>();
realms.add(getAdminRealm());
realms.add(getUserRealm());
defaultWebSecurityManager.setRealms(realms);
return defaultWebSecurityManager;
}
@Bean(name = "modularRealmAuthenticator")
public ModularRealmAuthenticator modularRealmAuthenticator(){
ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
return modularRealmAuthenticator;
}
/**
* 裝在AdminRealm
* @return
*/
@Bean(name = "adminRealm")
public AdminRealm getAdminRealm(){
AdminRealm adminRealm = new AdminRealm();
adminRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return adminRealm;
}
/**
* 創建RootRealm
* @return
*/
@Bean(name = "userRealm")
public UserRealm getUserRealm() {
UserRealm userRealm = new UserRealm();
userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return userRealm;
}
/**
* 密碼加密
* @return
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
hashedCredentialsMatcher.setHashIterations(1024);
return hashedCredentialsMatcher;
}
public static void main(String[] args) {
String an="md5";
Object aa="123456";
SimpleHash simpleHash = new SimpleHash(an, aa,null, 1024);
System.out.println(simpleHash);
}
}
如有需要,請聯繫[email protected]
Over