springboot集成shiro

本文详细介绍了如何将SpringBoot应用与Shiro框架进行集成,包括添加POM依赖、创建实体、自定义AuthorizingRealm及Shiro配置,实现DAO、Service、Controller层的交互,并建立权限表,最后进行了验证步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

第一步. pom依赖

<!--shiro-->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.4.0</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-core</artifactId>
			<version>1.3.2</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-web</artifactId>
			<version>1.3.2</version>
		</dependency>

第二步:创建实体
在这里插入图片描述

package com.servingcloud.xszcloud.web.shiro.entity;

import lombok.Data;

import java.util.List;

/**
 * Created by 
 * on 2018/10/9
 */
@Data
public class User {
    private int id;
    private String username;
    private String password;

    //用户的角色   一对多关系
    private List<Role> roleList;
}

package com.servingcloud.xszcloud.web.shiro.entity;

import lombok.Data;

import java.util.List;

/**
 * Created by 
 * on 2018/10/9
 */
@Data
public class Role {
    private int id;
    private String rolename;//角色名称
    private String roledesc;//角色描述

    private List<Permission> permissions;//角色权限关系  多对多  一个角色对应多个权限

}

package com.servingcloud.xszcloud.web.shiro.entity;

import lombok.Data;

import java.util.List;

/**
 * Created by 
 * on 2018/10/9
 */
@Data
public class Permission {
    private int id;
    private String modelname;
    private String permission;

    private List<Role> roles;//角色权限关系   多对多
}

第三步:MyShiroRelam extends AuthorizingRealm 并写ShiroConfig类

package com.servingcloud.xszcloud.web.shiro.config;

import com.servingcloud.xszcloud.web.shiro.entity.Permission;
import com.servingcloud.xszcloud.web.shiro.entity.Role;
import com.servingcloud.xszcloud.web.shiro.entity.User;
import com.servingcloud.xszcloud.web.shiro.service.IUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * Created by 
 * on 2018/10/9
 */
public class MyShiroRelam extends AuthorizingRealm {
    @Autowired
    private IUserService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("用户权限配置。。。。。。。。。。");
        //访问@RequirePermission注解的url时触发
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        User userInfo  = (User)principals.getPrimaryPrincipal();
        //获得用户的角色,及权限进行绑定
        for(Role role:userInfo.getRoleList()){
            authorizationInfo.addRole(role.getRolename());
            for(Permission p:role.getPermissions()){
                authorizationInfo.addStringPermission(p.getPermission());
            }
        }
        return authorizationInfo;
    }

    //验证用户登录信息
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("验证用户登录信息");
        String username = (String)token.getPrincipal();
        System.out.println("登录用户名: "+username);
        System.out.println(token.getCredentials());
        //从数据库查询出User信息及用户关联的角色,权限信息,以备权限分配时使用
        User user = userService.findUserByName(username);
        if(null == user) return null;
        System.out.println("username: "+user.getUsername()+" ; password : "+user.getPassword());
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                user, //用户名
                user.getPassword(), //密码
                getName()  //realm name
        );
        return authenticationInfo;
    }
}

package com.servingcloud.xszcloud.web.shiro.config;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;

import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Properties;


@Configuration
public class ShiroConfig {

    public ShiroConfig(){
        System.out.println("ShiroConfig  init ....");
    }

    /**
     shiro过滤器配置
     */
    @Bean
    public ShiroFilterFactoryBean shirFilter(DefaultWebSecurityManager securityManager) {
        System.out.println("ShiroConfiguration.shirFilter()");
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //拦截器.
        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
        //权限配置
        //filterChainDefinitionMap.put("/stu/addStu","perms[student:aaaa]");
        // 配置不会被拦截的链接 顺序判断  相关静态资源
        filterChainDefinitionMap.put("/assets/**", "anon");
        filterChainDefinitionMap.put("/css/**", "anon");
        filterChainDefinitionMap.put("/font/**", "anon");
        filterChainDefinitionMap.put("/images/**", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/products/**", "anon");
        filterChainDefinitionMap.put("/Widget/**", "anon");
        filterChainDefinitionMap.put("/swagger-ui.html", "anon");
        filterChainDefinitionMap.put("/swagger-resources", "anon");
        filterChainDefinitionMap.put("/swagger-resources/configuration/security", "anon");
        filterChainDefinitionMap.put("/swagger-resources/configuration/ui", "anon");
        filterChainDefinitionMap.put("/v2/api-docs", "anon");
        filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");

        //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
        filterChainDefinitionMap.put("/logout", "logout");

        //<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;

        //<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
        filterChainDefinitionMap.put("/**", "authc");
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/login");
        // 登录成功后要跳转的链接
        shiroFilterFactoryBean.setSuccessUrl("/index");

        //未授权界面;
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }
    /*
    加密方式配置
    */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法;
        hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5(""));
        return hashedCredentialsMatcher;
    }

    /*
    认证器配置
    */
    @Bean
    public MyShiroRelam myShiroRealm(){
        MyShiroRelam myShiroRelam = new MyShiroRelam();
        //myShiroRelam.setCredentialsMatcher(hashedCredentialsMatcher());
        return myShiroRelam;
    }

    /*
    安全管理器配置
    */
    @Bean
    public DefaultWebSecurityManager securityManager(){
        DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }

    /*
    开启@RequirePermission注解的配置,要结合DefaultAdvisorAutoProxyCreator一起使用,或者导入aop的依赖
    */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    /* @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
          DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
          advisorAutoProxyCreator.setProxyTargetClass(true);
          return advisorAutoProxyCreator;
    }*/


    /*
    定义Spring MVC的异常处理器
    */
    @Bean
    public SimpleMappingExceptionResolver createSimpleMappingExceptionResolver() {
        SimpleMappingExceptionResolver r = new SimpleMappingExceptionResolver();
        Properties mappings = new Properties();
        mappings.setProperty("DatabaseException", "databaseError");//数据库异常处理
        mappings.setProperty("UnauthorizedException","403");//处理shiro的认证未通过异常
        r.setExceptionMappings(mappings);  // None by default
        r.setDefaultErrorView("error");    // No default
        r.setExceptionAttribute("ex");     // Default is "exception"
        return r;
    }
}

第四步:dao层

package com.servingcloud.xszcloud.web.shiro.mapper;

import com.servingcloud.xszcloud.web.shiro.entity.User;
import org.apache.ibatis.annotations.Mapper;
import org.springframework.stereotype.Repository;

/**
 * Created by 
 * on 2018/10/9
 */
@Repository
@Mapper
public interface IUserDao {
    public User findUserByName(String name);

}

***********************************************************************************************
UserDao.xml文件的编写
 <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
    PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
    "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="leonardo.ezio.permission.demo.shiro.dao.IUserDao">
<select id="findUserByName" parameterType="String" resultMap="user" >
    select u.id u_id,username,password,r.id r_id ,rolename ,roledesc , p.id p_id ,modelname,permission from user u
    INNER JOIN user_role ur on u.id = ur.uid
    INNER JOIN role r ON ur.rid = r.id
    INNER JOIN role_permission rp ON r.id = rp.rid
    INNER JOIN permission p on rp.pid = p.id
    where u.username = #{name}
</select>

<resultMap id="user" type="leonardo.ezio.permission.demo.shiro.bean.User">
    <id property="id" column="u_id"></id>
    <result property="username" column="username"/>
    <result property="password" column="password"/>
    <collection property="roleList" ofType="leonardo.ezio.permission.demo.shiro.bean.Role">
        <id property="id" column="r_id"/>
        <result property="rolename" column="rolename"/>
        <result property="roledesc" column="roledesc"/>
        <collection property="permissions" ofType="leonardo.ezio.permission.demo.shiro.bean.Permission">
            <id property="id" column="p_id"/>
            <result property="modelname" column="modelname"/>
            <result property="permission" column="permission"/>
        </collection>
    </collection>
</resultMap>
</mapper>


第五步:service和impl

package com.servingcloud.xszcloud.web.shiro.service;

import com.servingcloud.xszcloud.web.shiro.entity.User;

/**
 * Created by 
 * on 2018/10/9
 */
public interface IUserService {
    public User findUserByName(String name);
}

package com.servingcloud.xszcloud.web.shiro.service.impl;

import com.servingcloud.xszcloud.web.shiro.mapper.IUserDao;
import com.servingcloud.xszcloud.web.shiro.entity.User;
import com.servingcloud.xszcloud.web.shiro.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

/**
 * Created by 
 * on 2018/10/9
 */
@Service
public class UserServiceImpl implements IUserService {
    @Autowired
    private IUserDao userDao;

    @Override
    public User findUserByName(String name) {
        return userDao.findUserByName(name);
    }

}

第六步:controller

package com.servingcloud.xszcloud.web.shiro.controller;

import com.servingcloud.xszcloud.web.shiro.service.IUserService;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.util.Map;

/**
 * Created by 
 * on 2018/10/9
 */
@RestController
public class HomeController {
    @Autowired
    private IUserService userService;

    @RequestMapping({"/","/index"})
    public String root(){
        return "index";
    }

    @RequestMapping("/login")
    public String login(HttpServletRequest request, Map<String ,String> map){
        System.out.println("user login .....");
        String exception = (String) request.getAttribute("shiroLoginFailure");
        System.out.println("exception=" + exception);
        String msg = "";
        if (exception != null) {
            if (UnknownAccountException.class.getName().equals(exception)) {
                System.out.println("UnknownAccountException -- > 账号不存在:");
                msg = "unknownAccount";
            } else if (IncorrectCredentialsException.class.getName().equals(exception)) {
                msg = "incorrectPassword";
            } else if ("kaptchaValidateFailed".equals(exception)) {
                System.out.println("kaptchaValidateFailed -- > 验证码错误");
                msg = "kaptchaValidateFailed -- > 验证码错误";
            } else {
                msg = "else >> "+exception;
                System.out.println("else -- >" + exception);
            }
        }
        map.put("msg", msg);
        //认证成功由shiro框架自行处理
        return "login";
    }


    //访问此连接时会触发MyShiroRealm中的权限分配方法
    @RequestMapping("/permission")
    @RequiresPermissions("student:test")
    public void test(){
        System.out.println("permission  test");
    }
}

第七步:创建权限表

create table user(
 id int NOT NULL PRIMARY KEY AUTO_INCREMENT,
 username VARCHAR(20) NOT NULL ,
 password VARCHAR(20) not null
);

create table role(
id int NOT NULL PRIMARY KEY AUTO_INCREMENT,
rolename VARCHAR(20) NOT NULL,
roledesc VARCHAR(20)
);


create table permission(
id int NOT NULL PRIMARY KEY AUTO_INCREMENT,
modelname VARCHAR(20) NOT NULL ,
permission VARCHAR(20) NOT NULL
);

create table user_role(
id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
uid int NOT NULL ,
rid int NOT NULL
);


create table role_permission(
id INT NOT NULL  PRIMARY KEY  AUTO_INCREMENT,
rid int NOT NULL ,
pid int NOT NULL
);


最后一步:验证…

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值