springboot整合shiro（一）

配置文件 shiroConfig.java

@Configuration
public class ShiroConfig {

	/**
	 * 注册ShiroFilterFactoryBean
	 *
	 * @Title: shiroFilter
	 * @description 
	 * @param securityManager
	 * @return  
	 * ShiroFilterFactoryBean    
	 * @author lujinpeng
	 * @createDate 2019年4月4日-上午9:54:32
	 */
	@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/toLogin");
        // 登录成功后要跳转的链接
        shiroFilterFactoryBean.setSuccessUrl("/index");
        //未授权界面;
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        
        //拦截器.
        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
        // 配置不会被拦截的链接 顺序判断
        filterChainDefinitionMap.put("/", "anon");
        filterChainDefinitionMap.put("/doLogin", "anon");
        filterChainDefinitionMap.put("/img/**", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/add", "roles[ROLE_ADMIN]");
        //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        
        return shiroFilterFactoryBean;

    }
	
	/**
	 * 缓存管理器
	 *
	 * @Title: cacheManager
	 * @description 
	 * @return EhCacheManager    
	 * @author lujinpeng
	 * @createDate 2019年5月3日-上午9:27:11
	 */
	@Bean
    public EhCacheManager cacheManager() {
        EhCacheManager cacheManager = new EhCacheManager();
        //cacheManager.setCacheManagerConfigFile("classpath:shiro/ehcache-shiro.xml");
        return cacheManager;
    }
	
	/** cookie对象 */
	@Bean
    public SimpleCookie rememberMeCookie() {
        
        // 这个参数是cookie的名称，对应前端的checkbox 的name = rememberMe
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        // <!-- 记住我cookie生效时间30天（259200） ,单位秒;-->
        simpleCookie.setMaxAge(259200);
        return simpleCookie;
    }

    /**
     * 记住我管理器 cookie管理对象
     */
    @Bean
    public CookieRememberMeManager rememberMeManager() {
        System.out.println("rememberMeManager()");
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        return cookieRememberMeManager;
    }

	/**
	 * 注册自定义realm
	 *
	 * @Title: userRealm
	 * @description 
	 * @return  
	 * UserRealm    
	 * @author lujinpeng
	 * @createDate 2019年4月4日-上午9:55:00
	 */
	@Bean(name="userRealm")
    public UserRealm userRealm() {
		System.out.println("==userRealm==");
        UserRealm userRealm = new UserRealm();
        // 设置密码凭证匹配器
        userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        // 设置缓存管理器
        userRealm.setCacheManager(cacheManager());
        return userRealm;
    }
	
	/**
	 * 安全管理器
	 * @Qualifier("userRealm")UserRealm userRealm
	 * @Title: securityManager
	 * @description 
	 * @return DefaultWebSecurityManager    
	 * @author lujinpeng
	 * @createDate 2019年5月3日-上午9:30:17
	 */
	@Bean
    public SecurityManager securityManager(){
		System.out.println("==securityManager==");
        DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm());
        // 自定义缓存实现 使用redis
 		//securityManager.setCacheManager(cacheManager());		
 		//注入记住我管理器;
 	    //securityManager.setRememberMeManager(rememberMeManager());
        
        return securityManager;
    }
	
	/**
	 * 凭证匹配器 （由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 ）
	 */
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		System.out.println("==hashedCredentialsMatcher==");
		HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
		hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法;
		hashedCredentialsMatcher.setHashIterations(2);// 散列的次数，比如散列两次，相当于
														// md5(md5(""));
		return hashedCredentialsMatcher;
	}
	
	/**
	 * 开启shiro aop注解支持. 使用代理方式;所以需要开启代码支持;
	 * 
	 * @param securityManager
	 * @return
	 */
	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
		return authorizationAttributeSourceAdvisor;
	}
	
	/**
     * DefaultAdvisorAutoProxyCreator，Spring的一个bean，由Advisor决定对哪些类的方法进行AOP代理。
     * 开启Shiro的注解
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
        defaultAAP.setProxyTargetClass(true);
        return defaultAAP;
    }

    /**
     * Shiro生命周期处理器 
     */
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
    
}

userRealm.java

public class UserRealm extends AuthorizingRealm {

	@Autowired
	private UserMapper userMapper;
	
	@Resource
	private UserService userService;

	/** 认证 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
			throws AuthenticationException {		
		System.out.println("用户认证");		
		// 从token中获取登录名称
		String username = (String) token.getPrincipal();
		
		// 通过昵称查询到用户对象
		User user = userService.findByUserName(username);
		System.out.println("user对象="+user);
		if (user == null) {
			throw new UnknownAccountException();  // 账号不存在
		}
		
		SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), getName());
		
		return authenticationInfo;
	}
	
	/** 授权  */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
		if (principal != null) {
			System.out.println("用户不为空"+principal);
		}
		System.out.println("权限配置-->MyShiroRealm.doGetAuthorizationInfo()");
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        // 获取认证用户信息
        User user  = (User)principal.getPrimaryPrincipal();
        
        // 获得该用户角色
        String role = user.getRoles().get(0).getRole_code(); 
        Set<String> set = new HashSet<>(); 
        //需要将 role 封装到 Set 作为 info.setRoles() 的参数 
        set.add(role); 
        //设置该用户拥有的角色 
        authorizationInfo.setRoles(set);

        return authorizationInfo;
	}

}

全局异常处理

/**
 * 1、新建一个异常类,GlobalExceptionHandler
 * 2、在类上添加注解，@ControllerAdvice;
 * 3、在类中添加一个异常处理方法
 * 4、在方法上添加@ExcetionHandler拦截相应的异常信息；
 * 5、如果返回的是View -- 方法的返回值是ModelAndView;
 * 6、如果返回的是String或者是Json数据，那么需要在方法上添加@ResponseBody注解.
 */
@ControllerAdvice
public class GlobalExceptionHandler {

	/** 这里的异常处理方法可以自定义，返回json或者view */

	@ExceptionHandler(Exception.class)
	@Override
	public ModelAndView resolveException(Exception ex) {
		ModelAndView mv;
		//System.out.println(ex instanceof UnauthenticatedException); 
		// 进行异常判断。如果捕获异常请求跳转。
		if (ex instanceof UnauthorizedException) {
			//ex.printStackTrace();
			mv = new ModelAndView("error");			
			mv.addObject("msg", "未授权");
			return mv;
		} else if (ex instanceof UnauthenticatedException) {
			//ex.printStackTrace();
			mv = new ModelAndView("error");
			mv.addObject("msg", "未认证");
			return mv;
		} else {
		    //ex.printStackTrace();
			mv = new ModelAndView("error");
			mv.addObject("msg", "其他异常");
			return mv;
		}		
	}

}