shiro框架使用（认证与授权）

谁践踏了优雅 2022-03-15 13:44 271阅读 0赞

### 1. 引入shiro框架相关的jar ###

<dependency>
    			<groupId>org.apache.shiro</groupId>
    			<artifactId>shiro-all</artifactId>
    			<version>1.2.2</version>
    		</dependency>

### 2.在web.xml中配置spring框架提供的用于整合shiro框架的过滤器,会在spring配置文件中找到id是shiroFilter这个bean ###

<filter>
      	<filter-name>shiroFilter</filter-name>
      	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
      	<filter-name>shiroFilter</filter-name>
      	<url-pattern>/*</url-pattern>
      </filter-mapping>

### 3.在spring配置文件中配置bean，id为shiroFilter ###

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    		
    		<property name="securityManager" ref="securityManager"/>
    		
    		<property name="loginUrl" value="/login.jsp"/>
    		<property name="successUrl" value="/index.jsp"/>
    		<property name="unauthorizedUrl" value="/unauthorized.jsp"/>
    		
    		<property name="filterChainDefinitions">
    			<value>
    				/css/** = anon
    				/js/** = anon
    				/images/** = anon
    				/validatecode.jsp* = anon
    				/login.jsp = anon
    				/userAction_login.action = anon
    				/page_base_staff.action = perms["staff-list"]
    				/* = authc
    			</value>
    		</property>
    	</bean>

![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQxNTY2Nzcy_size_16_color_FFFFFF_t_70][]

anon:例子/admins/\*\*=anon 没有参数，表示可以匿名使用（不用登陆）。

authc:例如/admins/user/\*\*=authc表示需要认证(登录)才能使用，没有参数。

perms：例子/admins/user/\*\*=perms\[user:add:\*\],参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，

例如/admins/user/\*\*=perms\["user:add:\*,user:modify:\*"\]，当有多个参数时必须每个参数都通过才通过

### 4.配置安全管理器 ###

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    		<property name="realm" ref="bosRealm"/>
    	</bean>

### 5.修改Action中的login方法，使用shiro提供的方式进行认证操作 ###

//使用shiro进行认证
    			//获取当前用户对象，未认证
    			Subject subject = SecurityUtils.getSubject();
    			//创建用户名密码令牌
    			UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(model.getUsername(), MD5Utils.md5(model.getPassword()));
    			try {    
                                    //进行认证
    				subject.login(usernamePasswordToken);
                                    //获取user
    				User user = (User) subject.getPrincipal();
                                    //放到session中
    				ServletActionContext.getRequest().getSession().setAttribute("loginUser", user);
    			} catch (Exception e) {
    				e.printStackTrace();
    				return LOGIN;
    			}
    			
    			return "homePage";

### 6.自定义realm，并注入给安全管理器 ###

public class BOSRealm extends AuthorizingRealm{
    	@Autowired
    	private IUserDao userDao;
    	//认证
    	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    		UsernamePasswordToken myToken = (UsernamePasswordToken) token;
                    //获取username
    		String username = myToken.getUsername();
    		//根据用户名从数据库中查询User对象
    		User user = userDao.findUserByUsername(username);
    		//判断user是否为null
    		if(user == null){
    			//用户名不存在
    			return null;
    		}
    		//如果查到，由框架比对user的密码和页面提交的密码，这里把user放进去，一会存在session中
    		SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user,user.getPassword(),this.getName());
    		return simpleAuthenticationInfo;
    	}
    	//授权
    	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
    		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    		//为用户授权staff-list
    		simpleAuthorizationInfo.addStringPermission("staff-list");
    		
    		
    		return simpleAuthorizationInfo;
    		
    	}
    
    }

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    		<property name="realm" ref="bosRealm"/>
    	</bean>
    	
    	
    	<bean id="bosRealm" class="com.it.bos.realm.Realm"></bean>
    </beans>

[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQxNTY2Nzcy_size_16_color_FFFFFF_t_70]: /images/20220315/6dec26f3a60d494283f802fc970c0787.png