springboot2.0---03、Shiro基本配置
阿新 • • 發佈:2018-12-20
@Configuration public class ShiroConfig { //將自己的驗證方式加入容器 @Bean public ShiroRealm myShiroRealm() { ShiroRealm myShiroRealm = new ShiroRealm(); return myShiroRealm; } //許可權管理,配置主要是Realm的管理認證 @Bean public DefaultSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; } //Filter工廠,設定對應的過濾條件和跳轉條件 @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map<String,String> map = new HashMap<String, String>(); map.put("/js/**","anon"); map.put("/login/**","anon"); map.put("/logout","logout"); map.put("/**","authc"); //歡迎頁 Map<String, Filter> successUrlMap = new LinkedHashMap<>(); successUrlMap.put("authc",new SuccessUrlFilter()); shiroFilterFactoryBean.setFilters(successUrlMap); shiroFilterFactoryBean.setSuccessUrl("/index/page"); //登入頁 shiroFilterFactoryBean.setLoginUrl("/login/page"); //錯誤頁面,認證不通過跳轉 shiroFilterFactoryBean.setUnauthorizedUrl("/error"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; } //加入註解的使用,不加入這個註解不生效 @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } }
public class ShiroRealm extends AuthorizingRealm { @Lazy @Autowired private IUserService iUserService; /** * 角色許可權和對應許可權新增 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { //獲取登入使用者名稱 String name= (String) principalCollection.getPrimaryPrincipal(); //查詢使用者名稱稱 User user = iUserService.getByUsername(name); //新增角色和許可權 SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); for (Role role:iUserService.getRoles(user.getId())) { //新增角色 simpleAuthorizationInfo.addRole(role.getMark()); for (Permission permission:iUserService.getRolePermissions(role.getId())) { //新增許可權 simpleAuthorizationInfo.addStringPermission(permission.getMark()); } } return simpleAuthorizationInfo; } /** * 使用者認證 * @param authenticationToken * @return */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken){ //加這一步的目的是在Post請求的時候會先進認證,然後在到請求 if (authenticationToken.getPrincipal() == null) { return null; } //獲取使用者資訊 String username = authenticationToken.getPrincipal().toString(); User user = iUserService.getByUsername(username); if (user == null) { //這裡返回後會報出對應異常 return null; } else { //這裡驗證authenticationToken和simpleAuthenticationInfo的資訊 return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName()); } } }