shiro与spring整合

红太狼 2023-06-26 12:16 140阅读 0赞

文章目录

    • 首先需要一个简单的ssm项目:
      • pom配置
      • web.xml配置
      • spring.xml配置
      • 自定义realm
    • 简单测试
    • 通过java配置的方式整合spring

首先需要一个简单的ssm项目:

简单的ssm项目

pom配置

在项目pom.xml里面加入shiro依赖:

  1. <properties>
  2.         <shiro.version>1.4.2</shiro.version>
  3.     </properties>
  5. <dependency>
  6.           <groupId>org.apache.shiro</groupId>
  7.           <artifactId>shiro-core</artifactId>
  8.           <version>${ shiro.version}</version>
  9.       </dependency>
  10.       <dependency>
  11.           <groupId>org.apache.shiro</groupId>
  12.           <artifactId>shiro-web</artifactId>
  13.           <version>${ shiro.version}</version>
  14.       </dependency>
  15.       <dependency>
  16.           <groupId>org.apache.shiro</groupId>
  17.           <artifactId>shiro-spring</artifactId>
  18.           <version>${ shiro.version}</version>
  19.       </dependency>

web.xml配置

web.xml加入shiro过滤器:

  1. <!--shiro过滤器-->
  2.     <filter>
  3.         <filter-name>shiroFilter</filter-name>
  4.         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  5.         <init-param>
  6.             <param-name>targetFilterLifecycle</param-name>
  7.             <param-value>true</param-value>
  8.         </init-param>
  9.     </filter>
  10.     <filter-mapping>
  11.         <filter-name>shiroFilter</filter-name>
  12.         <url-pattern>/*</url-pattern> </filter-mapping>

这里的filter-name的值shiroFilter需要跟spring里面配置的filter一样.

spring.xml配置

首先了解一下:

创建spring-shiro.xml配置:
首先肯定需要配置shiro的拦截过滤器bean,这个类org.apache.shiro.spring.web.ShiroFilterFactoryBean;
在这里插入图片描述
ShiroFilterFactoryBean里面的loginUrl,successUrl,unauthorizedUrl大致如下:
在这里插入图片描述
这个类的属性有SecurityManager,配置SecurityManager就使用默认的就好了,而默认的org.apache.shiro.web.mgt.DefaultWebSecurityManager有个传realm的构造方法.
在这里插入图片描述
配置文件需要在spring配置文件里面引入的:

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <beans xmlns="http://www.springframework.org/schema/beans"
  3.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  4.        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
  6.     <bean name="shiroFilterBean" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  7.         <property name="securityManager" ref="securityManager"></property>
  8.         <property name="filterChainDefinitions">
  9.             <value>
  10.                 /login = anon
  11.                 /logout = logout
  12.                 /** = authc </value> </property> <property name="loginUrl" value="/login" /> <property name="successUrl" value="/index" /> </bean> <bean name="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realms" ref="shiroRealm"></property> </bean> <bean name="shiroRealm" class="com.txn.config.ShiroRealm"> <!-- <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5"></property> <property name="hashIterations" value="1"></property> </bean> </property>--> </property> </bean> </beans>

自定义realm

我们自己实现一个realm,上篇讲了,自己实现realm只需要继承AuthorizingRealm就可以了,看一下三篇讲的sampleRealm的rml图:装饰者应该
在这里插入图片描述

  1. import org.apache.shiro.authc.AuthenticationException;
  2. import org.apache.shiro.authc.AuthenticationInfo;
  3. import org.apache.shiro.authc.AuthenticationToken;
  4. import org.apache.shiro.authc.SimpleAuthenticationInfo;
  5. import org.apache.shiro.authz.AuthorizationInfo;
  6. import org.apache.shiro.authz.SimpleAuthorizationInfo;
  7. import org.apache.shiro.realm.AuthorizingRealm;
  8. import org.apache.shiro.subject.PrincipalCollection;
  9. import org.apache.shiro.util.ByteSource;
  11. import java.util.HashMap;
  12. import java.util.Map;
  14. public class ShiroRealm extends AuthorizingRealm { 
  16.     /** * 认证 */
  17.     @Override
  18.     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { 
  19.         System.out.println("-权限校验-");
  20.         if ("admin".equals(token.getPrincipal())) { 
  21.             Map<String, Object> user = new HashMap<>();
  22.             user.put("username", "admin");
  23.             user.put("pass", "admin");
  24.             user.put("user_id", 1);
  25.             ByteSource salt = ByteSource.Util.bytes("abcd123");
  26.             return new SimpleAuthenticationInfo(user, user.get("username"), salt, this.getName());
  27.         }
  28.         return null;
  29.     }
  31.     /** * 授权 */
  32.     @Override
  33.     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { 
  34.         SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
  35.         info.addRole("role_admin");
  36.         info.addStringPermission("user:add");
  37.         info.addStringPermission("user:list");
  38.         return info;
  39.     }
  40. }

简单测试

随便写个controller:

  1. import com.txn.common.ResponseObject;
  2. import org.apache.shiro.SecurityUtils;
  3. import org.apache.shiro.authc.UsernamePasswordToken;
  4. import org.apache.shiro.subject.Subject;
  5. import org.springframework.util.StringUtils;
  6. import org.springframework.web.bind.annotation.RequestMapping;
  7. import org.springframework.web.bind.annotation.RequestMethod;
  8. import org.springframework.web.bind.annotation.RestController;
  10. /** * @author <a href="mailto:15268179013@139.com">yida</a> * @Version 2020-01-01 15:42 * @Version 1.0 * @Description IndexController */
  11. @RestController
  12. public class IndexController { 
  14.     @RequestMapping(value = "/login", method = { RequestMethod.POST, RequestMethod.GET})
  15.     public ResponseObject login(String username, String password) { 
  16.         ResponseObject responseObject = new ResponseObject();
  17.         if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { 
  18.             responseObject.success("登录失败");
  19.             return responseObject;
  20.         }
  21.         UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
  22.         SecurityUtils.getSubject().login(usernamePasswordToken);
  23.         responseObject.success("ok");
  24.         return responseObject;
  25.     }
  27.     @RequestMapping(value = "/getUser", method = RequestMethod.GET)
  28.     public ResponseObject getUser() { 
  29.         ResponseObject responseObject = new ResponseObject();
  30.         responseObject.success(true);
  31.         return responseObject;
  32.     }
  34.     @RequestMapping(value = "/user", method = RequestMethod.GET)
  35.     public ResponseObject user() { 
  36.         ResponseObject responseObject = new ResponseObject();
  37.         Subject subject = SecurityUtils.getSubject();
  38.         boolean permitted = subject.isPermitted("user:list");
  39.         responseObject.success(permitted);
  40.         return responseObject;
  41.     }
  44. }

就没写页面了,随便测试一下:
首先访问:http://localhost:8080/getUser,会跳转到登录页面,因为我们没有登录;
然后进行登录:http://localhost:8080/login?username=admin&password=admin
在这里插入图片描述
然后在访问http://localhost:8080/getUser但是并不会进入授权方法,就是doGetAuthorizationInfo方法,
然后访问http://localhost:8080/user然后在调用isPermitted方法的时候就进入到了doGetAuthorizationInfo方法证明了我们上篇介绍的.

通过java配置的方式整合spring

前面是通过xml的方式,改成通过配置类的方式:

  1. import org.apache.shiro.realm.Realm;
  2. import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
  3. import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
  4. import org.springframework.context.annotation.Bean;
  5. import org.springframework.context.annotation.Configuration;
  7. /** * @author <a href="mailto:15268179013@139.com">yida</a> * @Version 2020-01-01 15:05 * @Version 1.0 * @Description ShiroConfig */
  8. @Configuration
  9. public class ShiroConfig { 
  11.     @Bean
  12.     public DefaultWebSecurityManager securityManager() { 
  13.         DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
  14.         defaultWebSecurityManager.setRealm(realm());
  15.         return defaultWebSecurityManager;
  16.     }
  18.     @Bean
  19.     public Realm realm() { 
  20.         ShiroRealm shiroRealm = new ShiroRealm();
  21.         return shiroRealm;
  22.     }
  24.     @Bean
  25.     public ShiroFilterFactoryBean shiroFilter() { 
  26.         ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  27.         shiroFilterFactoryBean.setSecurityManager(securityManager());
  28.         shiroFilterFactoryBean.setLoginUrl("/login");
  29.         shiroFilterFactoryBean.setSuccessUrl("/index");
  30.         shiroFilterFactoryBean.setFilterChainDefinitions(" /login = anon\n" +
  31.                 " /logout = logout\n" +
  32.                 " /** = authc");
  34.         return shiroFilterFactoryBean;
  35.     }
  37. }

发表评论

表情:
评论列表 (有 0 条评论,140人围观)

还没有评论,来说两句吧...

相关阅读