spring boot整合shiro
1.加入shiro依赖
org.apache.shiro
shiro-spring
1.4.0
2.编写自定义Realm
package com.immo.phamacybus.shiro;
import java.util.List;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import com.immo.common.utils.MD5Utils;
import com.immo.phamacybus.common.UserInfo;
import com.immo.phamacybus.kettle.entity.KUser;
import com.immo.phamacybus.kettle.service.KUserService;
/**
* shiro自定义realm
*
* @author Linhai.Tan 2018-3-27
*
*/
public class CustomRealm extends AuthorizingRealm {
@Autowired
private KUserService kUserService;
/**
* 这是授权的方法
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 这是授权的方法,创建简单授权信息对象
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal();
//认证的时候已经把权限集合存进去了
authorizationInfo.addStringPermissions(userInfo.getAuthoritys());
return authorizationInfo;
}
/**
* 这是认证的方法,相当于登入
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 需要保存的用户信息
UserInfo userInfo = new UserInfo();
// 登入的帐号
String userName = (String) token.getPrincipal();
// 根据帐号查询对应的用户信息
KUser user = new KUser();
user.setUAccount(userName);
user.setDelFlag(1);
List list = null;
list = kUserService.selectList(user);
// 判断帐号是否存在,不存在抛出异常,或者返回null
if (list == null || list.size() == 0) {
throw new UnknownAccountException();
}
// 手动判断是否密码正确,正确则表明成功登入,查询出对应的信息存入subject
user = list.get(0);
String password = new String((char[]) token.getCredentials());
String userPassword = user.getUPassword();
if (userPassword.equals(MD5Utils.getMD5Code(password))) {
userInfo = kUserService.getUserInfo(user);
}
return new SimpleAuthenticationInfo(userInfo, userPassword, "CustomRealm");
}
}
3.编写shiroConfig
package com.immo.phamacybus.config;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.immo.common.config.ServiceParam;
import com.immo.phamacybus.shiro.CustomRealm;
/**
* shiro配置类
* @author Linhai.Tan 2018-3-27
*
*/
@Configuration
public class ShiroConfig {
@Bean(name = "securityManager")
public SecurityManager securityManager(@Qualifier("authRealm") CustomRealm customRealm,
@Qualifier("cookieRememberMeManager") CookieRememberMeManager cookieRememberMeManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm.
securityManager.setRealm(customRealm);
// 设置rememberMe管理器
securityManager.setRememberMeManager(cookieRememberMeManager);
return securityManager;
}
/**
* realm
*
* @return
*/
@Bean(name = "authRealm")
public CustomRealm myAuthRealm(
@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
CustomRealm customRealm = new CustomRealm();
// 设置密码凭证匹配器
customRealm.setCredentialsMatcher(matcher); // myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return customRealm;
}
/**
* cookie对象;
*
* @return
*/
@Bean
public SimpleCookie rememberMeCookie() {
// 这个参数是cookie的名称,对应前端的checkbox 的name = rememberMe
SimpleCookie simpleCookie = new SimpleCookie("shiro");
//
simpleCookie.setMaxAge(259200);
return simpleCookie;
}
/**
* 记住我管理器 cookie管理对象;
*
* @return
*/
@Bean(name = "cookieRememberMeManager")
public CookieRememberMeManager rememberMeManager() {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
return cookieRememberMeManager;
}
/**
* 密码匹配凭证管理器
*
* @return
*/
@Bean(name = "hashedCredentialsMatcher")
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("MD5");// 散列算法:这里使用MD5算法;
//hashedCredentialsMatcher.setHashIterations(1024);// 散列的次数,比如散列两次,相当于
// md5(md5(""));
return hashedCredentialsMatcher;
}
/**
* 开启shiro aop注解支持. 使用代理方式;所以需要开启代码支持; Controller才能使用@RequiresPermissions
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
@Qualifier("securityManager") SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
/**
* 会话管理器
* @return
*/
@Bean
public DefaultWebSessionManager getDefaultWebSessionManager(){
DefaultWebSessionManager manager=new DefaultWebSessionManager();
manager.setGlobalSessionTimeout(Long.valueOf(ServiceParam.SESSION_OUT_TIME.value()+"000"));
manager.setDeleteInvalidSessions(true);
manager.setSessionIdCookie(rememberMeCookie());
return manager;
}
/**
* 调用SecurityUtils.setSecurityManager(securityManager)
* @param securityManager
* @return
*/
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean(SecurityManager securityManager){
MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
bean.setArguments(new Object[]{securityManager});
return bean;
}
/**
* 设置过滤规则
* @param securityManager
* @return
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 拦截器.
Map map = new LinkedHashMap();
//全部放行,我们使用MVC拦截器拦截
map.put("/**", "anon");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/");
// 登录成功后要跳转的链接
//shiroFilterFactoryBean.setSuccessUrl("/index");
// 未授权界面;
// shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
}
4.整合完成
调用认证方法:
SecurityUtils.getSubject().login(new UsernamePasswordToken(userName, password));
必须要此权限才能访问此方法:
@RequiresPermissions("权限名称")