Spring Boot -Shiro配置多Realm
阿新 • • 發佈:2019-03-05
filter chat ini put class a esp irf name bool
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
//將自定義 的FormAuthenticationFilter註入shiroFilter中
filters.put("authc", new AuthenticationFilter());
filters.put("wechat",new ExWechatAppFilter());
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
...
//建立url和filter之間的關系
filterChainDefinitionMap.put("/wechat/**","wechat");
filterChainDefinitionMap.put("/**", "authc");
...
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setAuthenticator(exModularRealmAuthenticator());
List<Realm> realms = new ArrayList<>();
//設置多Realm
realms.add(systemRealm());
realms.add(wechatAppRealm());
securityManager.setRealms(realms);
securityManager.setCacheManager(ehCacheManager());
securityManager.setRememberMeManager(cookieRememberMeManager());
return securityManager;
}
//重要!!定義token與Realm關系,設置認證策略
public MyModularRealmAuthenticator www.tianjuyuLe.cn myModularRealmAuthenticator(){
MyModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();
FirstSuccessfulStrategy strategy = new FirstSuccessfulStrategy();
authenticator.setAuthenticationStrategy(strategy);
return authenticator;
}
@Bean
public SystemRealm systemRealm() {
SystemRealm systemRealm = new SystemRealm();
systemRealm.setAuthorizationCachingEnabled(true);
systemRealm.setAuthorizationCacheName("authorization");
systemRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return systemRealm;
}
@Bean
public WechatAppRealm WechatAppRealm( www.dfgjpt.com){
WechatAppRealm wechatAppRealm www.huarenyl.cn= new WechatAppRealm();
wechatAppRealm.setAuthorizationCachingEnabled(false);
return WechatAppRealm;
}
Realm,Token關聯關系配置:MyModularRealmAuthenticator.java
public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
@Override
protected AuthenticationInfo www.yongshi123.cn doAuthenticate(www.tiaotiaoylzc.com AuthenticationToken authenticationToken) throws AuthenticationException {
assertRealmsConfigured();
//依據Realm中配置的支持Token來進行過濾
List<Realm> realms www.yongshiyule178.com/ = this.getRealms()
.stream()
.filter(realm -> realm.supports(www.michenggw.com authenticationToken))
.collect(Collectors.toList());
if (realms.size() == 1) {
return doSingleRealmAuthentication(realms.get(0), authenticationToken);
} else {
return doMultiRealmAuthentication(realms, authenticationToken);
}
}
}
認證授權配置:Realm.java
public class SystemRealm extends AuthorizingRealm {
...
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//重要!!多realm每個都會執行授權相關信息,此處進行過濾
if(principals.fromRealm(getName()).isEmpty()){
return null;
}
//授權代碼...
return authorizationInfo;
}
/**
* 主要是用來進行身份認證的
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
//生產AuthenticationInfo代碼...
//校驗的部分由配置的credentialsMatcher進行處理
return authenticationInfo;
}
/**
* 擴展認證token
*
* @param authenticationToken
* @return boolean
* @author mjm
* @date 2018/7/3 12:32
*/
@Override
public boolean supports(AuthenticationToken authenticationToken) {
//設置此Realm支持的Token
return authenticationToken != null && (authenticationToken instanceof UsernamePasswordToken );
}
}
過濾器配置:AuthenticationFilter.java
基礎的過濾器類型:官網中默認有很多已實現的過濾器,可依據需求擴展
public class AuthenticationFilter extends FormAuthenticationFilter {
....
/**
* 創建令牌
*
* @param servletRequest ServletRequest
* @param servletResponse ServletResponse
* @return 令牌
*/
@Override
protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
//依據request中不同的參數創建不同的token...
return new xxxToken(...);
}
....
核心類簡介
xxxToken:用戶憑證 xxxFilter:生產token,設置登錄成功,登錄失敗處理方法,判斷是否登錄連接等 xxxRealm:依據配置的支持Token來認證用戶信息,授權用戶權限
核心配置
Shrio整體配置:ShrioConfig.java
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
//將自定義 的FormAuthenticationFilter註入shiroFilter中
filters.put("authc", new AuthenticationFilter());
filters.put("wechat",new ExWechatAppFilter());
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
...
//建立url和filter之間的關系
filterChainDefinitionMap.put("/wechat/**","wechat");
filterChainDefinitionMap.put("/**", "authc");
...
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setAuthenticator(exModularRealmAuthenticator());
List<Realm> realms = new ArrayList<>();
//設置多Realm
realms.add(systemRealm());
realms.add(wechatAppRealm());
securityManager.setRealms(realms);
securityManager.setCacheManager(ehCacheManager());
securityManager.setRememberMeManager(cookieRememberMeManager());
return securityManager;
}
//重要!!定義token與Realm關系,設置認證策略
public MyModularRealmAuthenticator www.tianjuyuLe.cn myModularRealmAuthenticator(){
MyModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();
FirstSuccessfulStrategy strategy = new FirstSuccessfulStrategy();
authenticator.setAuthenticationStrategy(strategy);
return authenticator;
}
@Bean
public SystemRealm systemRealm() {
SystemRealm systemRealm = new SystemRealm();
systemRealm.setAuthorizationCachingEnabled(true);
systemRealm.setAuthorizationCacheName("authorization");
systemRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return systemRealm;
}
@Bean
public WechatAppRealm WechatAppRealm( www.dfgjpt.com){
WechatAppRealm wechatAppRealm www.huarenyl.cn= new WechatAppRealm();
wechatAppRealm.setAuthorizationCachingEnabled(false);
return WechatAppRealm;
}
Realm,Token關聯關系配置:MyModularRealmAuthenticator.java
public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
@Override
protected AuthenticationInfo www.yongshi123.cn doAuthenticate(www.tiaotiaoylzc.com AuthenticationToken authenticationToken) throws AuthenticationException {
assertRealmsConfigured();
//依據Realm中配置的支持Token來進行過濾
List<Realm> realms www.yongshiyule178.com/ = this.getRealms()
.stream()
.filter(realm -> realm.supports(www.michenggw.com authenticationToken))
.collect(Collectors.toList());
if (realms.size() == 1) {
return doSingleRealmAuthentication(realms.get(0), authenticationToken);
} else {
return doMultiRealmAuthentication(realms, authenticationToken);
}
}
}
認證授權配置:Realm.java
public class SystemRealm extends AuthorizingRealm {
...
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//重要!!多realm每個都會執行授權相關信息,此處進行過濾
if(principals.fromRealm(getName()).isEmpty()){
return null;
}
//授權代碼...
return authorizationInfo;
}
/**
* 主要是用來進行身份認證的
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
//生產AuthenticationInfo代碼...
//校驗的部分由配置的credentialsMatcher進行處理
return authenticationInfo;
}
/**
* 擴展認證token
*
* @param authenticationToken
* @return boolean
* @author mjm
* @date 2018/7/3 12:32
*/
@Override
public boolean supports(AuthenticationToken authenticationToken) {
//設置此Realm支持的Token
return authenticationToken != null && (authenticationToken instanceof UsernamePasswordToken );
}
}
過濾器配置:AuthenticationFilter.java
基礎的過濾器類型:官網中默認有很多已實現的過濾器,可依據需求擴展
public class AuthenticationFilter extends FormAuthenticationFilter {
....
/**
* 創建令牌
*
* @param servletRequest ServletRequest
* @param servletResponse ServletResponse
* @return 令牌
*/
@Override
protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
//依據request中不同的參數創建不同的token...
return new xxxToken(...);
}
....
Spring Boot -Shiro配置多Realm