Spring Boot集成Shiro实战

时间:2022-05-31 15:18:12

Spring Boot集成Shiro权限验证框架,可参考:

https://shiro.apache.org/spring-boot.html

引入依赖

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.0</version>
</dependency>

配置Shiro

ShiroConfig

@ConfigurationProperties(prefix = "shiro")
@Configuration
public class ShiroConfig {

@Autowired
private ApplicationConfig applicationConfig;

private List<String> pathDefinitions;

@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new
DefaultShiroFilterChainDefinition();

applicationConfig.getStaticDirs()
.forEach(s -> chainDefinition.addPathDefinition(s, "anon"));
this.getPathDefinitions().forEach(d -> {
String[] defArr = d.split("=");
chainDefinition
.addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1]));
});

return chainDefinition;
}

@Bean
public Realm systemRealm() {
SystemRealm systemRealm = new SystemRealm();
return systemRealm;
}

public List<String> getPathDefinitions() {
return pathDefinitions;
}

public void setPathDefinitions(List<String> pathDefinitions) {
this.pathDefinitions = pathDefinitions;
}

}

ApplicationConfig:注入的是application.yml中的配置,略。

SystemRealm:

public class SystemRealm extends AuthorizingRealm {

@Autowired
private SysAdminMapper sysAdminMapper;

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray
());

SysAdminDO sysAdminParams = new SysAdminDO();
sysAdminParams.setAdminLoginName(token.getUsername());
SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams);

AuthenticationInfo authInfo = null;
if (sysAdminDO != null) {
authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(),
getName());
}
return authInfo;
}

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
/**
* 下面为静态示例,根据用户对应权限进行修改
* 根据用户查询对应的角色、权限
*/

SysAdminDO sysAdminDO = (SysAdminDO) super.getAvailablePrincipal(principalCollection);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

Set<String> roles = new HashSet<>();
roles.addAll(Arrays.asList("product", "operation"));
authorizationInfo.setRoles(roles);

Set<String> permissions = new HashSet<>();
permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update"));
authorizationInfo.addStringPermissions(permissions);

return authorizationInfo;
}

}

应用配置

application.yml中加入Shiro配置。

shiro:
loginUrl: /login
successUrl: /
unauthorizedUrl: /error
pathDefinitions:
- /login/submit = anon
- /logout = logout
- /test = authc, roles[product], perms[operation:update]
- /** = authc

loginUrl:没有认证的将会跳到登录页面。

successUrl:认证成功跳转的页面。

unauthorizedUrl:认证失败跳转的页面。

pathDefinitions:用来定义路径授权规则。

更多参数参考官网定义:

https://shiro.apache.org/spring-boot.html#configuration-properties

登录服务类

@Override
public SysAdminDO login(LoginForm form) {
UsernamePasswordToken token = new UsernamePasswordToken(form.getLoginName(),
form.getLoginPassword());
token.setRememberMe(true);
Subject currentUser = getSubject();
try {
currentUser.login(token);
} catch (Exception e) {
logger.error("登录验证失败:", e);
}
return (SysAdminDO) currentUser.getPrincipal();
}

自带的过滤器

anno, authc等更多定义参考类:

org.apache.shiro.web.filter.mgt.DefaultFilter

官网定义:

http://shiro.apache.org/web.html#default-filters

Shiro参考手册高清版,请在公众号菜单回复qq群,在群文件技术教程文件夹中下载获取。

推荐阅读

干货:2TB架构师四阶段视频教程

面经:史上最全Java多线程面试题及答案

面经:史上最全阿里高级Java面试题

面经:史上最全Spring面试题

教程:最全Spring Boot全套视频教程

书籍:进阶Java架构师必看的15本书

工具:推荐一款在线创作流程图、思维导图软件

分享Java干货,高并发编程,热门技术教程,微服务及分布式技术,架构设计,区块链技术,人工智能,大数据,Java面试题,以及前沿热门资讯等。
Spring Boot集成Shiro实战