在spring boot项目中配置权限框架shiro

spring boot技术在国内慢慢流行起来，其版本迭代速度也是相当快，截止当前时间，官方版本稳定版是1.4.3，开发版已经是2.0了，2017的脚步已经启程，2.0还会远吗？

spring自家也有安全框架，也就是security，而在spring boot中使用security似乎也是理所当然。今天我所说的是另一个--shiro。由于对shiro的理解还不是很深，但基本的权限控制是不成问题的，写博客还是想锻炼一下自己的思路，巩固所学的知识，如果有错误还请提出，谢谢。对于spring boot和shiro的知识这里不做讲解，特别是对于spring boot默认大家已经比较熟悉了，那么下面开始：

1.数据库表的设计，共5张表

admin 管理员

字段：id  name  password

role 角色

字段：id  name  description

permission 权限

字段：id   name   description

role_permission 角色权限

字段：id  role_id  permission_id

admin_role 管理员角色

字段：id  admin_id   role_id

简单说明各表之间的关系，admin，role，permission三张表作为独立表，role_permission 记录某个角色所拥有的权限，admin_role记录某个管理员拥有的角色。这种设计也就是RBAC模型，建表之后请自行添加测试数据，并创建对应的Model类。

2.在pom.xml中添加shiro依赖

	org.apache.shiro
	shiro-spring
	1.2.3

3.开始各种配置类的创建

①.创建AdminShiro类，代码如下：

@Service
public class AdminShiro {

    @Autowired
    private AdminRepository adminRepository;
    @Autowired
    private AdminRoleRepository adminRoleRepository;
    @Autowired
    private RolePermissionRepository rolePermissionRepository;
    @Autowired
    private PermissionRepository permissionRepository;

    public Admin getAdminByAdminName(String adminName){
        Admin admin = adminRepository.findByAdminName(adminName);
        return admin;
    }


    /**
     * 根据用户名获取权限授权
     */
    public List getPermissionsByAdminName(String adminName){
        Admin admin = getAdminByAdminName(adminName);
        if (admin == null){
            return null;
        }

        List list = new ArrayList<>();
        List adminRoleList = adminRoleRepository.findAllByAdminId(admin.getId());

        for(AdminRole adminRole : adminRoleList){
            List rolePermissionList = rolePermissionRepository.findAllByRoleId(adminRole.getRoleId());
            for (RolePermission role : rolePermissionList){
                Permission p = permissionRepository.findOne(role.getPermissionId());
                list.add(p.getUrl());
            }
        }
        return list;
    }
}

②.创建MyShiroRealm，并继承AuthorizingRealm，即自定义Realm，代码如下：

public class MyShiroRealm extends AuthorizingRealm {

    @Autowired
    private AdminShiro adminShiro;


    /**
     * 读取当前用户所有权限
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String adminName = (String) principals.fromRealm(getName()).iterator().next();
        if (MyUtils.checkNull(new Object[]{adminName})){
            List permissions = adminShiro.getPermissionsByAdminName(adminName);
            SimpleAuthorizationInfo info = null;
            if (permissions.size() > 0){
                info = new SimpleAuthorizationInfo();
                for (String s : permissions){
                    info.addStringPermission(s);
                }
                return info;
            }
        }
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken _token) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) _token;
        String adminName = token.getUsername();
        if (adminName!=null && !adminName.equals("")){
            Admin admin = adminShiro.getAdminByAdminName(adminName);
            if (admin != null){
                return new SimpleAuthenticationInfo(admin.getAdminName(),admin.getPassword(),getName());
            }
        }
        return null;
    }

}

③.创建ShiroConfiguration类，即shiro配置类，设置验证规则等，代码如下：

public class ShiroConfiguration {
    /**
     * 设置验证规则
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        Map filterChainDefinitionMap = new LinkedHashMap();
        filterChainDefinitionMap.put("/manage/admin/logout","anon");
        filterChainDefinitionMap.put("/manage/admin/login","anon");
        filterChainDefinitionMap.put("/manage/admin/unauthorized","anon");
        filterChainDefinitionMap.put("/manage/admin/**","perms[/manage/admin]");
        filterChainDefinitionMap.put("/**", "authc");

        shiroFilterFactoryBean.setLoginUrl("/manage/admin/login");
        shiroFilterFactoryBean.setUnauthorizedUrl("/manage/admin/unauthorized");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }


    @Bean
    public SecurityManager securityManager(){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(myShiroRealm());
        return defaultWebSecurityManager;
    }

    @Bean
    public MyShiroRealm myShiroRealm(){
        MyShiroRealm myShiroRealm = new MyShiroRealm();
        return myShiroRealm;
    }

配置到此结束，博客新手，不喜勿喷，如有问题，欢迎留言给出您的意见！