SpringBoot+Shiro+Redis+Mybatis-plus 实战项目及问题小结

前言

最近也是一直在保持学习课外拓展技术,所以想自己做一个简单小项目,于是就有了这个快速上手 Shiro 和 Redis 的小项目,说白了就是拿来练手调调 API,然后做完后拿来总结的小项目,完整的源代码已经上传到 CodeChina平台上,文末有仓库链接

技术栈

  1. 前端

html
Thymleaf
Jquery

  1. 后端

SpringBoot
Shiro
Redis
Mybatis-Plus


需求分析

有 1 和 2 用户,用户名和密码也分别为 1 和 2 ,1 用户有增加和删除的权限,2用户有更新的权限,登录的时候需要验证码并且需要缓存用户的角色和权限,用户登出的时候需要将缓存的认证和授权信息删除。


数据库E-R图设计

其实就是传统的 RBAC 模型,不加外键的原因是因为增加外键会造成数据库压力。

SpringBoot+Shiro+Redis+Mybatis-plus 实战项目及问题小结_第1张图片


数据库脚本

/*
 Navicat Premium Data Transfer

 Source Server         : localhost
 Source Server Type    : MySQL
 Source Server Version : 80021
 Source Host           : localhost:3306
 Source Schema         : spring-security

 Target Server Type    : MySQL
 Target Server Version : 80021
 File Encoding         : 65001

 Date: 23/04/2021 18:18:01
*/

create database if not exists `spring-security` charset=utf8mb4;

use `spring-security`;

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for permission
-- ----------------------------
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission`  (
  `permissionid` int NOT NULL AUTO_INCREMENT,
  `url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `perm` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  PRIMARY KEY (`permissionid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of permission
-- ----------------------------
INSERT INTO `permission` VALUES (1, '/toUserAdd', 'user:add');
INSERT INTO `permission` VALUES (2, '/toUserUpdate', 'user:update');
INSERT INTO `permission` VALUES (3, '/toUserDelete', 'user:delete');

-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role`  (
  `roleid` int NOT NULL AUTO_INCREMENT,
  `role` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  PRIMARY KEY (`roleid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, 'student');
INSERT INTO `role` VALUES (2, 'parent');
INSERT INTO `role` VALUES (3, 'teacher');

-- ----------------------------
-- Table structure for role_permission
-- ----------------------------
DROP TABLE IF EXISTS `role_permission`;
CREATE TABLE `role_permission`  (
  `permissionid` int NOT NULL,
  `roleid` int NOT NULL,
  PRIMARY KEY (`permissionid`, `roleid`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of role_permission
-- ----------------------------
INSERT INTO `role_permission` VALUES (1, 1);
INSERT INTO `role_permission` VALUES (2, 2);
INSERT INTO `role_permission` VALUES (3, 3);

-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user`  (
  `userid` int NOT NULL AUTO_INCREMENT,
  `username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `salt` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `status` int NULL DEFAULT 1,
  PRIMARY KEY (`userid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES (1, '1', 'a0c68c64557599483e99630ce4d2f30e', 'ainjee', 1);
INSERT INTO `user` VALUES (2, '2', '78fc06a914bcf261ed749952b0c9f67b', 'eeiain', 1);

-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role`  (
  `userid` int NOT NULL,
  `roleid` int NOT NULL,
  PRIMARY KEY (`userid`, `roleid`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES (1, 1);
INSERT INTO `user_role` VALUES (1, 3);
INSERT INTO `user_role` VALUES (2, 2);

SET FOREIGN_KEY_CHECKS = 1;

Shiro 与 Redis 整合学习总结

整合SpringBoot与Shiro与Redis,这里贴出整个 pom.xml 文件源码,可以直接复制



    4.0.0
    com.jmu
    shiro_demo
    0.0.1-SNAPSHOT
    shiro_demo
    Demo project for Spring Boot

    
        1.8
        UTF-8
        UTF-8
        2.3.7.RELEASE
    

    
        
            org.springframework.boot
            spring-boot-starter-data-redis
            2.3.7.RELEASE
        
        
            com.baomidou
            mybatis-plus-generator
            3.4.0
        
        
            org.apache.velocity
            velocity-engine-core
            2.3
        
        
            org.apache.shiro
            shiro-spring
            1.7.1
        
        
            org.springframework.boot
            spring-boot-starter-thymeleaf
        
        
            org.springframework.boot
            spring-boot-starter-web
        
        
            com.baomidou
            mybatis-plus-boot-starter
            3.4.0
        

        
            org.springframework.boot
            spring-boot-devtools
            runtime
            true
        
        
            mysql
            mysql-connector-java
            runtime
        
        
            org.projectlombok
            lombok
            true
        

        
            org.springframework.boot
            spring-boot-starter-test
            test
            
                
                    org.junit.vintage
                    junit-vintage-engine
                
            
        

        
            com.github.theborakompanioni
            thymeleaf-extras-shiro
            2.0.0
        

        
            org.apache.shiro
            shiro-ehcache
            1.7.1
        

    

    
        
            
                org.springframework.boot
                spring-boot-dependencies
                ${spring-boot.version}
                pom
                import
            
        
    

    
        
            
                org.apache.maven.plugins
                maven-compiler-plugin
                3.8.1
                
                    1.8
                    1.8
                    UTF-8
                
            
            
                org.springframework.boot
                spring-boot-maven-plugin
                2.3.7.RELEASE
                
                    com.jmu.shiro_demo.ShiroDemoApplication
                
                
                    
                        repackage
                        
                            repackage
                        
                    
                
            
        

        
        
            
                
                src/main/java
                
                
                    **/*.xml
                
                
                true
            
        
    

2.自定义 Realm 继承 AuthorizingRealm 实现 认证和授权两个方法

package com.jmu.shiro_demo.shiro;

import com.jmu.shiro_demo.entity.Permission;
import com.jmu.shiro_demo.entity.Role;
import com.jmu.shiro_demo.entity.User;
import com.jmu.shiro_demo.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.ObjectUtils;
import java.util.List;

public class UserRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        String username = (String) SecurityUtils.getSubject().getPrincipal();
        User user = userService.getUserByUserName(username);
        //1.动态分配角色
        List roles = userService.getUserRoleByUserId(user.getUserid());
        roles.stream().forEach(role -> {authorizationInfo.addRole(role.getRole());});
        //2.动态授权
        List perms = userService.getUserPermissionsByUserId(user.getUserid());
        perms.stream().forEach(permission -> {authorizationInfo.addStringPermission(permission.getPerm());});
        return authorizationInfo;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //1.获取用户名
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String username = token.getUsername();
        User user = userService.getUserByUserName(username);
        if(ObjectUtils.isEmpty(user)) {
            return null;
        }
        return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), new MyByteSource(user.getSalt()),this.getName());
    }

}

3.编写 ShiroConfig 配置
核心是配置 ShiroFilterFactoryBean,DefaultSecurityManager,UserRealm(这里的Realm是自定义的),ShiroDialect 是整合 shiro与thymleaf在前端使用 shiro 的标签的拓展包,来源于 github 的开源项目。

依次关系为
ShiroFilterFactoryBean 中 set DefaultSecurityManager,
DefaultSecurityManager 中 set UserRealm,
UserRealm 中 set CacheManager 和 加密的算法
CacheManager 可以为 EhCacheManager 也可以为 RedisCacheManager,此项目整合 redis 的 缓存管理器

package com.jmu.shiro_demo.shiro;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.jmu.shiro_demo.entity.Permission;
import com.jmu.shiro_demo.service.PermissionService;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

@Configuration
public class ShiroConfig {

    @Autowired
    private PermissionService permissionService;

    //1.配置ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        /** 设置Shiro 内置过滤器
         * anon: 无需认证(登陆)可以访问
         * authc: 必须认证才可以访问
         * user: 如果使用 rememberMe 的功能可以直接访问
         * perms: 该资源必须得到资源权限才可以访问
         * role: 该资源必须得到角色权限才可以访问
        */
        Map filterMap = new LinkedHashMap();
        //配置页面请求拦截
        filterMap.put("/index","anon");
        filterMap.put("/login","anon");
        filterMap.put("/getAuthCode","anon");
        //配置动态授权
        List perms = permissionService.list();
        for (Permission permission : perms) {
            filterMap.put(permission.getUrl(),"perms["+permission.getPerm()+"]");
        }
        filterMap.put("/*","authc");
        shiroFilterFactoryBean.setLoginUrl("/toLogin");
        shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }

    //2.配置DefaultSecurityManager
    @Bean(name = "securityManager")
    public DefaultSecurityManager defaultSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
        defaultSecurityManager.setRealm(userRealm);
        return defaultSecurityManager;
    }

    //3.配置Realm
    @Bean(name = "userRealm")
    public UserRealm getRealm() {
        //1. 创建自定义的 userRealm 对象
        UserRealm userRealm = new UserRealm();
        //2. 设置 userRealm 的 CredentialsMatcher密码校验器
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        //2.1 设置加密算法
        matcher.setHashAlgorithmName("MD5");
        //2.2 设置散列次数
        matcher.setHashIterations(6);
        userRealm.setCredentialsMatcher(matcher);
        userRealm.setCacheManager(new RedisCacheManager());
        userRealm.setAuthenticationCachingEnabled(true); //认证
        userRealm.setAuthenticationCacheName("authenticationCache");
        userRealm.setAuthorizationCachingEnabled(true); //授权
        userRealm.setAuthorizationCacheName("authorizationCache");
        return userRealm;
    }

    //4.配置Thymleaf的Shiro扩展标签
    @Bean
    public ShiroDialect getShiroDialect() {
        return new ShiroDialect();
    }
}

4.定义Shiro 加盐的类

package com.jmu.shiro_demo.shiro;

import org.apache.shiro.codec.Base64;
import org.apache.shiro.codec.CodecSupport;
import org.apache.shiro.codec.Hex;
import org.apache.shiro.util.ByteSource;
import java.io.File;
import java.io.InputStream;
import java.io.Serializable;
import java.util.Arrays;

/**
 * 解决:
 *  shiro 使用缓存时出现:java.io.NotSerializableException:
 *  org.apache.shiro.util.SimpleByteSource
 *  序列化后,无法反序列化的问题
 */
public class MyByteSource implements ByteSource, Serializable {
    private static final long serialVersionUID = 1L;

    private byte[] bytes;
    private String cachedHex;
    private String cachedBase64;

    public MyByteSource(){
    }

    public MyByteSource(byte[] bytes) {
        this.bytes = bytes;
    }

    public MyByteSource(char[] chars) {
        this.bytes = CodecSupport.toBytes(chars);
    }

    public MyByteSource(String string) {
        this.bytes = CodecSupport.toBytes(string);
    }

    public MyByteSource(ByteSource source) {
        this.bytes = source.getBytes();
    }

    public MyByteSource(File file) {
        this.bytes = (new MyByteSource.BytesHelper()).getBytes(file);
    }

    public MyByteSource(InputStream stream) {
        this.bytes = (new MyByteSource.BytesHelper()).getBytes(stream);
    }

    public static boolean isCompatible(Object o) {
        return o instanceof byte[] || o instanceof char[] || o instanceof String || o instanceof ByteSource || o instanceof File || o instanceof InputStream;
    }

    public void setBytes(byte[] bytes) {
        this.bytes = bytes;
    }

    @Override
    public byte[] getBytes() {
        return this.bytes;
    }


    @Override
    public String toHex() {
        if(this.cachedHex == null) {
            this.cachedHex = Hex.encodeToString(this.getBytes());
        }
        return this.cachedHex;
    }

    @Override
    public String toBase64() {
        if(this.cachedBase64 == null) {
            this.cachedBase64 = Base64.encodeToString(this.getBytes());
        }

        return this.cachedBase64;
    }

    @Override
    public boolean isEmpty() {
        return this.bytes == null || this.bytes.length == 0;
    }
    @Override
    public String toString() {
        return this.toBase64();
    }

    @Override
    public int hashCode() {
        return this.bytes != null && this.bytes.length != 0? Arrays.hashCode(this.bytes):0;
    }

    @Override
    public boolean equals(Object o) {
        if(o == this) {
            return true;
        } else if(o instanceof ByteSource) {
            ByteSource bs = (ByteSource)o;
            return Arrays.equals(this.getBytes(), bs.getBytes());
        } else {
            return false;
        }
    }

    private static final class BytesHelper extends CodecSupport {
        private BytesHelper() {
        }

        public byte[] getBytes(File file) {
            return this.toBytes(file);
        }

        public byte[] getBytes(InputStream stream) {
            return this.toBytes(stream);
        }
    }

}

5.定义 RedisCacheManager

package com.jmu.shiro_demo.shiro;

import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.apache.shiro.cache.CacheManager;

public class RedisCacheManager implements CacheManager {

    //参数1 :认证或者是授权缓存的统一名称
    @Override
    public  Cache getCache(String cacheName) throws CacheException {
        System.out.println(cacheName);
        return new RedisCache(cacheName);
    }

}

6.定义 RedisCache

package com.jmu.shiro_demo.shiro;

import com.jmu.shiro_demo.utils.ApplicationContextUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import java.util.Collection;
import java.util.Set;

@Slf4j
public class RedisCache implements Cache {

    private String cacheName;

    public RedisCache() {

    }

    public RedisCache(String cacheName) {
        this.cacheName = cacheName;
    }

    @Override
    public v get(k k) throws CacheException {
        System.out.println("get key:" + k);
        return (v) getRedisTemplate().opsForHash().get(this.cacheName,k.toString());
    }

    @Override
    public v put(k k, v v) throws CacheException {
        System.out.println("put key: " + k);
        System.out.println("put value: " + v);
        getRedisTemplate().opsForHash().put(this.cacheName,k.toString(),v);
        return v;
    }

    @Override
    public v remove(k k) throws CacheException {
        log.info("remove k:" + k.toString());
        return (v) getRedisTemplate().opsForHash().delete(this.cacheName,k.toString());
    }

    @Override
    public void clear() throws CacheException {
        log.info("clear");
        getRedisTemplate().delete(this.cacheName);
    }

    @Override
    public int size() {
        return getRedisTemplate().opsForHash().size(this.cacheName).intValue();
    }

    @Override
    public Set keys() {
        return getRedisTemplate().opsForHash().keys(this.cacheName);
    }

    @Override
    public Collection values() {
        return getRedisTemplate().opsForHash().values(this.cacheName);
    }

    public RedisTemplate getRedisTemplate() {
        RedisTemplate redisTemplate = (RedisTemplate) ApplicationContextUtil.getBeanByBeanName("redisTemplate");
        redisTemplate.setKeySerializer(new StringRedisSerializer());
        redisTemplate.setHashKeySerializer(new StringRedisSerializer());
        return redisTemplate;
    }

}

核心Mapper文件

1.UserMapper.xml






    

    
    

2.RoleMapper.xml





    
    


项目完整代码(CodeChina平台)

shiro_demo


项目运行


踩过的坑归纳

  1. Redis 反序列化的时候报错 no valid constructor;
  2. 解决:MyByteSource 加盐类实现的时候需要实现ByteSource接口,然后提供无参构造方法
  3. 用户退出的时候Redis中认证信息的缓存没有删除干净
  4. 解决:UserRealm 的认证方法返回的第一个参数不要用 User实体对象,而是用 User 的 getUsername() 返回唯一标识用户的用户名,其他有用到 Principal 的时候获得到的都是 这个 username。

你可能感兴趣的:(SpringBoot+Shiro+Redis+Mybatis-plus 实战项目及问题小结)