[java] Shiro 框架学习 (二)Spring Boot 整合

梦里梦外; 2022-02-27 03:24 334阅读 0赞

环境

开发工具:IDEA

jdk版本:jdk1.8

创建项目

1.新建spring-boot项目

项目结构:

watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDkwMjUyNw_size_16_color_FFFFFF_t_70

2.导包 pom.xml文件

添加spring-boot 父级依赖,maven用户可用通过继承parent项目来获得一些合理的默认配置

  1. <parent>
  2.         <groupId>org.springframework.boot</groupId>
  3.         <artifactId>spring-boot-starter-parent</artifactId>
  4.         <version>1.5.2.RELEASE</version>
  5.     </parent>

导入spring-boot快速搭建web项目依赖包和集成shiro框架的依赖包 

  1. <dependencies>
  3.         <dependency>
  4.             <groupId>org.springframework.boot</groupId>
  5.             <artifactId>spring-boot-starter-web</artifactId>
  6.         </dependency>
  7.         <dependency>
  8.             <groupId>org.springframework.boot</groupId>
  9.             <artifactId>spring-boot-starter-data-jpa</artifactId>
  10.             <version>1.5.6.RELEASE</version>
  11.         </dependency>
  12.         <dependency>
  13.             <groupId>org.springframework.boot</groupId>
  14.             <artifactId>spring-boot-autoconfigure</artifactId>
  15.             <version>1.5.6.RELEASE</version>
  16.         </dependency>
  17.         <dependency>
  18.             <groupId>mysql</groupId>
  19.             <artifactId>mysql-connector-Java</artifactId>
  20.             <version>5.1.46</version>
  21.         </dependency>
  22.         <dependency>
  23.             <groupId>org.apache.shiro</groupId>
  24.             <artifactId>shiro-spring</artifactId>
  25.             <version>1.3.2</version>
  26.         </dependency>
  27.         <dependency>
  28.             <groupId>com.alibaba</groupId>
  29.             <artifactId>druid</artifactId>
  30.             <version>1.1.4</version>
  31.         </dependency>
  32.     </dependencies>

添加spring - boot 支持maven

  1. <build>
  2.         <plugins>
  3.             <plugin>
  4.                 <groupId>org.springframework.boot</groupId>
  5.                 <artifactId>spring-boot-maven-plugin</artifactId>
  6.             </plugin>
  7.         </plugins>
  8.     </build>

3.配置application.yml 文件,springboot项目所有配置都在该文件中完成

  1. server:
  2.   port: 8082
  3. spring:
  4.   datasource:
  5.     driver-class-name: com.mysql.jdbc.Driver
  6.     url: jdbc:mysql://localhost:3306/demo?useUnicode=true&characterEncoding=UTF-8
  7.     username: root
  8.     password: root
  9.     type: com.alibaba.druid.pool.DruidDataSource
  10.   jpa:
  11.     show-sql: true
  12.     hibernate:
  13.       ddl-auto: update
  14.   http:
  15.     encoding:
  16.       charset: utf-8
  17.       enabled: true

4.创建用户,角色,权限实体类,shiro权限控制必须有这个三个实体类(表)

  1. User
  4. package com.ztwow.springshiro.entity;
  6. import javax.persistence.*;
  7. import java.util.List;
  9. /**
  10.  * user
  11.  * 用户实体类
  12.  *
  13.  * */
  15. @Entity
  16. public class User {
  18.     @Id
  19.     @GeneratedValue(strategy = GenerationType.AUTO)
  20.     private Long id;
  21.     @Column(unique = true)
  22.     private String name;
  23.     private Integer password;
  24.     @OneToMany(cascade = CascadeType.ALL,mappedBy = "user")
  25.     private List<Role> roles;
  27.     public Long getId() {
  28.         return id;
  29.     }
  31.     public void setId(Long id) {
  32.         this.id = id;
  33.     }
  35.     public String getName() {
  36.         return name;
  37.     }
  39.     public void setName(String name) {
  40.         this.name = name;
  41.     }
  43.     public List<Role> getRoles() {
  44.         return roles;
  45.     }
  47.     public void setRoles(List<Role> roles) {
  48.         this.roles = roles;
  49.     }
  51.     public Integer getPassword() {
  52.         return password;
  53.     }
  55.     public void setPassword(Integer password) {
  56.         this.password = password;
  57.     }
  59. }
  64. Role
  67. package com.ztwow.springshiro.entity;
  69. import javax.persistence.*;
  70. import java.util.List;
  71. /**
  72.  * role
  73.  * 角色实体类
  74.  *
  75.  * */
  77. @Entity
  78. public class Role {
  81.     @Id
  82.     @GeneratedValue(strategy = GenerationType.AUTO)
  83.     private Long id;
  84.     private String roleName;
  85.     @ManyToOne(fetch = FetchType.EAGER)
  86.     private User user;
  87.     @OneToMany(cascade = CascadeType.ALL,mappedBy = "role")
  88.     private List<Permission> permissions;
  90.     public Long getId() {
  91.         return id;
  92.     }
  94.     public void setId(Long id) {
  95.         this.id = id;
  96.     }
  98.     public String getRoleName() {
  99.         return roleName;
  100.     }
  102.     public void setRoleName(String roleName) {
  103.         this.roleName = roleName;
  104.     }
  106.     public User getUser() {
  107.         return user;
  108.     }
  110.     public void setUser(User user) {
  111.         this.user = user;
  112.     }
  114.     public List<Permission> getPermissions() {
  115.         return permissions;
  116.     }
  118.     public void setPermissions(List<Permission> permissions) {
  119.         this.permissions = permissions;
  120.     }
  121. }
  125. permission
  128. package com.ztwow.springshiro.entity;
  131. import javax.persistence.*;
  133. /**
  134.  * permission
  135.  * 权限实体类
  136.  *
  137.  * */
  140. @Entity
  141. public class Permission {
  143.     @Id
  144.     @GeneratedValue(strategy = GenerationType.AUTO)
  145.     private Long id;
  146.     private String permission;
  147.     @ManyToOne(fetch = FetchType.EAGER)
  148.     private Role role;
  150.     public Long getId() {
  151.         return id;
  152.     }
  154.     public void setId(Long id) {
  155.         this.id = id;
  156.     }
  158.     public String getPermission() {
  159.         return permission;
  160.     }
  162.     public void setPermission(String permission) {
  163.         this.permission = permission;
  164.     }
  166.     public Role getRole() {
  167.         return role;
  168.     }
  170.     public void setRole(Role role) {
  171.         this.role = role;
  172.     }
  176. }
  1. 持久层接口和实现类

使用JPA操作数据库:jpa学习

  1. #baseDao 接口 继承JPA动态查询和分页
  2. package com.ztwow.springshiro.dao;
  4. import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
  5. import org.springframework.data.repository.NoRepositoryBean;
  6. import org.springframework.data.repository.PagingAndSortingRepository;
  8. import java.io.Serializable;
  10. @NoRepositoryBean
  11. public interface BaseDao<T,I extends Serializable> extends PagingAndSortingRepository<T,I>, JpaSpecificationExecutor<T> {
  12. }
  15. #User 接口 实现baseDao
  17. package com.ztwow.springshiro.dao;
  19. import com.ztwow.springshiro.entity.User;
  21. public interface UserDao extends BaseDao<User,Long>{
  23.     User findByName(String name);
  24. }
  27. #Role 接口实现baseDao
  29. package com.ztwow.springshiro.dao;
  31. import com.ztwow.springshiro.entity.Role;
  33. public interface RoleDao extends BaseDao<Role,Long>{
  34. }

  1. 编写业务层接口和实现类

    业务层接口

    package com.ztwow.springshiro.service;

    import com.ztwow.springshiro.entity.Role;
    import com.ztwow.springshiro.entity.User;

    import java.util.Map;

    public interface ILoginService {

    1.  User addUser(Map<String,Object> map);
    3.  Role addRole(Map<String,Object> map);
    5.  User findByName(String name);

    }

  1. #实现类
  2. package com.ztwow.springshiro.service.impl;
  4. import com.ztwow.springshiro.dao.RoleDao;
  5. import com.ztwow.springshiro.dao.UserDao;
  6. import com.ztwow.springshiro.entity.Permission;
  7. import com.ztwow.springshiro.entity.Role;
  8. import com.ztwow.springshiro.entity.User;
  9. import com.ztwow.springshiro.service.ILoginService;
  10. import org.springframework.beans.factory.annotation.Autowired;
  11. import org.springframework.stereotype.Service;
  13. import javax.transaction.Transactional;
  14. import java.util.ArrayList;
  15. import java.util.List;
  16. import java.util.Map;
  18. @Service
  19. @Transactional
  20. public class LoginServiceImlp implements ILoginService {
  22.     @Autowired
  23.     private UserDao userDao;
  24.     @Autowired
  25.     private RoleDao roleDao;
  28.     //添加用户
  29.     @Override
  30.     public User addUser(Map<String, Object> map) {
  31.         User user = new User();
  32.         user.setName(map.get("username").toString());
  33.         user.setPassword(Integer.valueOf(map.get("password").toString()));
  34.         userDao.save(user);
  35.         return user;
  36.     }
  38.     //添加角色
  39.     @Override
  40.     public Role addRole(Map<String, Object> map) {
  42.        User user = userDao.findOne(Long.valueOf(map.get("userId").toString()));
  43.        Role role = new Role();
  44.        role.setRoleName(map.get("roleName").toString());
  45.        role.setUser(user);
  46.        Permission permission1 = new Permission();
  47.        permission1.setRole(role);
  48.        permission1.setPermission("create");
  49.        Permission permission2 =new Permission();
  50.        permission2.setPermission("update");
  51.        permission2.setRole(role);
  52.        List<Permission> permissions = new ArrayList<Permission>();
  53.        permissions.add(permission1);permissions.add(permission2);
  54.        role.setPermissions(permissions);
  55.        roleDao.save(role);
  56.        return role;
  57.     }
  59.     //通过用户名查询用户
  60.     @Override
  61.     public User findByName(String name){
  62.         return userDao.findByName(name);
  63.     }
  65. }

7.Shiro自定义配置类,通过@Bean注解的方式代替springMVC的XMl方式配置

  1. package com.ztwow.springshiro.config;
  3. import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
  4. import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
  5. import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
  6. import org.springframework.context.annotation.Bean;
  7. import org.springframework.context.annotation.Configuration;
  8. import org.apache.shiro.mgt.SecurityManager;
  9. import java.util.HashMap;
  10. import java.util.Map;
  12. @Configuration
  13. public class ShiroConfiguration {
  16.     //加入自己的验证方式到容器
  17.     @Bean
  18.     public MyShiroRealm myShiroRealm(){
  19.         MyShiroRealm myShiroRealm = new MyShiroRealm();
  21.         return myShiroRealm;
  22.     }
  24.     //权限管理,配置主要是Realm的管理认证
  25.     @Bean
  26.     public SecurityManager securityManager(){
  27.         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
  28.         securityManager.setRealm(myShiroRealm());
  29.         return securityManager;
  30.     }
  32.     //Filter工厂,(添加)设置对应的过滤条件和跳转条件
  33.     @Bean
  34.     public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
  35.         ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  36.         shiroFilterFactoryBean.setSecurityManager(securityManager);
  37.         Map<String,String> map = new HashMap<String, String>();
  38.         //登出
  39.         map.put("/logout","logout");
  40.         //对所有用户认证
  41.         map.put("/**","authc");
  42.         //登录
  43.         shiroFilterFactoryBean.setLoginUrl("/login");
  44.         //首页
  45.         shiroFilterFactoryBean.setSuccessUrl("/index");
  46.         //错误页面,认证不通过跳转
  47.         shiroFilterFactoryBean.setUnauthorizedUrl("/error");
  48.         shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
  49.         return shiroFilterFactoryBean;
  50.     }
  52.     //加入注解的使用,不加入这个注解不生效
  53.     @Bean
  54.     public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
  55.         AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
  56.         authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
  57.         return authorizationAttributeSourceAdvisor;
  58.     }
  62. }

  1. Realml类 用于获取安全数据,给用户添加角色和权限,认证提交的用户是否合法,并通过用户获取安全数据

    package com.ztwow.springshiro.config;

    import com.ztwow.springshiro.entity.Permission;
    import com.ztwow.springshiro.entity.Role;
    import com.ztwow.springshiro.entity.User;
    import com.ztwow.springshiro.service.ILoginService;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.authz.SimpleAuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.springframework.beans.factory.annotation.Autowired;

    /**

    • 实现AuthorizingRealm接口用户用户认证
      *
    • AuthorizingRealm
    • 授权,即权限验证,验证某个已认证的用户是否拥有某个权限;即判断用户是否能做事情,
    • 常见的如:验证某个用户是否拥有某个角色。或者细粒度的验证某个用户对某个资源是否具有某个权限

    • */

      public class MyShiroRealm extends AuthorizingRealm {

      //用于用户查询
      @Autowired
      private ILoginService loginService;

      /**

      • 角色权限和对应权限添加
        *

      • */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //获取登录用户名
        String name = (String) principalCollection.getPrimaryPrincipal();
        //查询用户名称
        User user = loginService.findByName(name);
        //添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();

        for(Role role:user.getRoles()) {

        1.  //添加角色
        2.  simpleAuthorizationInfo.addRole(role.getRoleName());
        4.  for (Permission permission : role.getPermissions()) {
        5.      //添加权限
        6.      simpleAuthorizationInfo.addStringPermission(permission.getPermission());
        8.  }

        }
        return simpleAuthorizationInfo;
        }

        /*

      • 用户认证
        *

      • */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if(authenticationToken.getPrincipal() == null){

        1.  return  null;

        }

        String name = authenticationToken.getPrincipal().toString();
        User user = loginService.findByName(name);

        if(user == null){

        1.  //用户不存在返回后会报出异常
        2.  return null;

        }else{

        1.  //这里验证authenticationToken和simpleAuthenticationInfo的信息
        2. SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name,user.getPassword().toString(),getName());
        3. return simpleAuthenticationInfo;

        }

        }
        }

8.Controller类 

  1. package com.ztwow.springshiro.controller;
  3. import com.ztwow.springshiro.entity.Role;
  4. import com.ztwow.springshiro.entity.User;
  5. import com.ztwow.springshiro.service.ILoginService;
  6. import org.apache.shiro.SecurityUtils;
  7. import org.apache.shiro.authc.UsernamePasswordToken;
  8. import org.apache.shiro.authz.annotation.RequiresPermissions;
  9. import org.apache.shiro.authz.annotation.RequiresRoles;
  10. import org.apache.shiro.subject.Subject;
  11. import org.springframework.web.bind.annotation.RequestBody;
  12. import org.springframework.web.bind.annotation.RequestMapping;
  13. import org.springframework.web.bind.annotation.RequestMethod;
  14. import org.springframework.web.bind.annotation.RestController;
  15. import javax.annotation.Resource;
  16. import java.util.Map;
  18. @RestController
  19. public class LoginController {
  21.     @Resource
  22.     private ILoginService loginService;
  24.     //退出的时候是get请求,主要是用于退出
  25.     @RequestMapping(value = "/login",method = RequestMethod.GET)
  26.     public String login(){
  27.         return "login";
  28.     }
  30.     //post登录
  31.     @RequestMapping(value = "/login",method = RequestMethod.POST)
  32.     public String login(@RequestBody Map map){
  33.         //添加用户认证信息
  34.         Subject subject = SecurityUtils.getSubject();
  35.         UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(
  36.                 map.get("username").toString(),
  37.                 map.get("password").toString());
  38.         //进行验证,这里可以捕获异常,然后返回对应信息
  39.         subject.login(usernamePasswordToken);
  40.         return "login";
  41.     }
  43.     @RequestMapping(value = "/index")
  44.     public String index(){
  45.         return "index";
  46.     }
  48.     //登出
  49.     @RequestMapping(value = "/logout")
  50.     public String logout(){
  51.         return "logout";
  52.     }
  54.     //错误页面展示
  55.     @RequestMapping(value = "/error",method = RequestMethod.POST)
  56.     public String error(){
  57.         return "error ok!";
  58.     }
  60.     //数据初始化
  61.     @RequestMapping(value = "/addUser")
  62.     public String addUser(@RequestBody Map<String,Object> map){
  63.         User user = loginService.addUser(map);
  64.         return "addUser is ok! \n" + user;
  65.     }
  67.     //角色初始化
  68.     @RequestMapping(value = "/addRole")
  69.     public String addRole(@RequestBody Map<String,Object> map){
  70.         Role role = loginService.addRole(map);
  71.         return "addRole is ok! \n" + role;
  72.     }
  74.     //注解的使用
  75.     @RequiresRoles("admin")
  76.     @RequiresPermissions("create")
  77.     @RequestMapping(value = "/create")
  78.     public String create(){
  79.         return "Create success!";
  80.     }
  83. }

主要流程:页面所有的操作请求都会通过subject(代表当前用户),然后将subject绑定到SecurityManager上,由SecurityManager管理有所与subject的交互,当SecurityManager需要验证用户身份是否合法,会通过Realm提供的Authentication和Authorization认证用户获取安全数据

发表评论

表情:
评论列表 (有 0 条评论,334人围观)

还没有评论,来说两句吧...

相关阅读