一文搞定 Spring Boot & Shiro 實戰
阿新 • • 發佈:2020-07-17
Spring Boot整合Shiro許可權驗證框架,可參考:
引入依賴
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.0</version>
</dependency>
配置Shiro
ShiroConfig:
@ConfigurationProperties(prefix = "shiro") @Configuration public class ShiroConfig { @Autowired private ApplicationConfig applicationConfig; private List<String> pathDefinitions; @Bean public ShiroFilterChainDefinition shiroFilterChainDefinition() { DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition(); applicationConfig.getStaticDirs() .forEach(s -> chainDefinition.addPathDefinition(s, "anon")); this.getPathDefinitions().forEach(d -> { String[] defArr = d.split("="); chainDefinition .addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1])); }); return chainDefinition; } @Bean public Realm systemRealm() { SystemRealm systemRealm = new SystemRealm(); return systemRealm; } public List<String> getPathDefinitions() { return pathDefinitions; } public void setPathDefinitions(List<String> pathDefinitions) { this.pathDefinitions = pathDefinitions; } }
ApplicationConfig:注入的是application.yml中的配置,略。
SystemRealm:
public class SystemRealm extends AuthorizingRealm { @Autowired private SysAdminMapper sysAdminMapper; @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray ()); SysAdminDO sysAdminParams = new SysAdminDO(); sysAdminParams.setAdminLoginName(token.getUsername()); SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams); AuthenticationInfo authInfo = null; if (sysAdminDO != null) { authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(), getName()); } return authInfo; } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { /** * 下面為靜態示例,根據使用者對應許可權進行修改 * 根據使用者查詢對應的角色、許可權 */ SysAdminDO sysAdminDO = (SysAdminDO) super.getAvailablePrincipal(principalCollection); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); Set<String> roles = new HashSet<>(); roles.addAll(Arrays.asList("product", "operation")); authorizationInfo.setRoles(roles); Set<String> permissions = new HashSet<>(); permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update")); authorizationInfo.addStringPermissions(permissions); return authorizationInfo; } }
應用配置
application.yml中加入Shiro配置。
shiro:
loginUrl: /login
successUrl: /
unauthorizedUrl: /error
pathDefinitions:
- /login/submit = anon
- /logout = logout
- /test = authc, roles[product], perms[operation:update]
- /** = authc
loginUrl:沒有認證的將會跳到登入頁面。
successUrl:認證成功跳轉的頁面。
unauthorizedUrl
pathDefinitions:用來定義路徑授權規則。
更多引數參考官網定義:
https://shiro.apache.org/spring-boot.html#configuration-properties
登入服務類
@Override
public SysAdminDO login(LoginForm form) {
UsernamePasswordToken token = new UsernamePasswordToken(form.getLoginName(),
form.getLoginPassword());
token.setRememberMe(true);
Subject currentUser = getSubject();
try {
currentUser.login(token);
} catch (Exception e) {
logger.error("登入驗證失敗:", e);
}
return (SysAdminDO) currentUser.getPrincipal();
}
自帶的過濾器
anno, authc等更多定義參考類:
org.apache.shiro.web.filter.mgt.DefaultFilter
官網定義:
關注公眾號Java技術棧回覆"面試"獲取我整理的2020最全面試題及答案。
推薦去我的部落格閱讀更多:
2.Spring MVC、Spring Boot、Spring Cloud 系列教程
3.Maven、Git、Eclipse、Intellij IDEA 系列工具教程
覺得不錯,別忘了點贊+轉發哦!