SpringBoot集成shiro实现简单的用户认证,角色授权

Dear 丶 2022-10-27 14:55 114阅读 0赞

SpringBoot集成shiro

  • 1.导入依赖
  • 2.编写shrio配置类
  • 3.编写自定义realm
  • 4.编写测试接口
  • 5.业务逻辑工作图

1.导入依赖

  1. <dependency>
  2.             <groupId>io.springfox</groupId>
  3.             <artifactId>springfox-boot-starter</artifactId>
  4.             <version>3.0.0</version>
  5.         </dependency>

2.编写shrio配置类

  1. @Configuration
  2. public class ShiroConfig { 
  4.     //创建shiroFilter,处理所有shiro的请求
  5.     @Bean
  6.     public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){ 
  7.         //创建shiro的filter
  8.         ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  9.         //注入安全管理器
  10.         shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
  12.         return shiroFilterFactoryBean;
  13.     }
  15.     @Bean
  16.     public DefaultWebSecurityManager getSecurityManager(Realm realm){ 
  17.         DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
  18.         defaultWebSecurityManager.setRealm(realm);
  19.         return defaultWebSecurityManager;
  20.     }
  22.     @Bean
  23.     public Realm getRealm(){ 
  24.         return new UserRealm();//UserRealm是自己编写的自定义realm,realm中完成shiro授权和认证的编写
  25.     }
  26. }

3.编写自定义realm

  1. public class UserRealm extends AuthorizingRealm { 
  2.     @Autowired
  3.     UserMapper userMapper;
  5.     //授权操作的实现
  6.     @Override
  7.     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { 
  8.         //获取用户信息,主要是指的用户名
  9.         String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();
  11.         //根据用户名去查询用户的角色,这里我封装了一个工具类可以完成根据用户名去查询用户的角色的功能,并返回角色字符串
  12.         String roleByUserName = GetRoleByUserNameUtil.getRoleByUserName(primaryPrincipal);
  14.         //声明一个查SimpleAuthorizationInfo对象
  15.         SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
  16.         //通过SimpleAuthorizationInfo对象给用户添加角色
  17.         simpleAuthorizationInfo.addRole(roleByUserName);
  19.         return simpleAuthorizationInfo;
  20. // return null;
  21.     }
  23.     //认证操作的实现
  24.     @Override
  25.     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { 
  26.         String principal = (String) authenticationToken.getPrincipal();
  27.         QueryWrapper<User> wrapper=new QueryWrapper<>();
  28.         wrapper.eq("userName",principal);
  30.         User user = userMapper.selectOne(wrapper);
  31.         if (null != user){ 
  32.             SimpleAuthenticationInfo simpleAuthenticationInfo =
  33.                     new SimpleAuthenticationInfo(principal,user.getPassword(),this.getName());
  34.             return simpleAuthenticationInfo;
  35.         }
  37.         return null;
  38.     }
  39. }

4.编写测试接口

  1. @RestController
  2. public class TestLogin { 
  3.     @Autowired
  4.     UserService userService;
  6.     //测试认证的接口
  7.         @PostMapping("/user/login")
  8.     public void testLoginAndShiro(User user){ 
  9.         UsernamePasswordToken token = new
  10.                 UsernamePasswordToken(user.getUserName(), user.getPassword());  //将用户的密码和用户名生成一个token
  11.         Subject subject = SecurityUtils.getSubject();  //通过全局安全工具类来获取用户subject对象
  12.         try { 
  13.             subject.login(token);  //调用subject的login来进行认证,会调用realm的doGetAuthenticationInfo方法
  14.             System.out.println("状态" + subject.isAuthenticated());
  15.         } catch (Exception e) { 
  16.             e.printStackTrace();
  17.         }
  18.     }
  20.     //对授权操作的测试接口
  21.     @RequiresRoles("user")  //该注解要求拥有user这个角色才可以访问
  22.     @GetMapping("/user/uuu")
  23.     public String testAuthorization(){ 
  24.         return "lihai";
  25.     }
  26. }

5.业务逻辑工作图

在这里插入图片描述

发表评论

表情:
评论列表 (有 0 条评论,114人围观)

还没有评论,来说两句吧...

相关阅读