关于项目中使用shiro进行安全管理的总结

关于项目中使用shiro进行安全管理的总结

关于SpringBoot下使用shiro进行用户认证与权限管理

对于安全框架有一定了解的开发者一定对于shiro这款安全框架有一定的了解,这里我们不再对该框架进行其设计与知识的介绍,仅对于我的个人项目中所使用到的进行一个总结,并放上代码。

使用该框架的第一步,进行配置:

package com.libvirtjava.demo.vm.util.config;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Properties;

/**
 * @Description Shiro配置
 * @Author zhenxing.dong
 * @Date 2019/12/20 16:07
 */
@Configuration
public class ShiroConfig {
   

    /**
     * 日志
     */
    private static final Logger LOGGER = LoggerFactory.getLogger(ShiroConfig.class);

    /**
     * 设置过滤器工厂
     *
     * @param securityManager 安全管理器
     * @return 过滤器工厂
     */
    @Bean
    public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
   

        LOGGER.info("ShiroConfiguration.shirFilter()");

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);

        //注入自定义的过滤器
        Map<String, Filter> map = new LinkedHashMap<String, Filter>();
        map.put("authc", getFormAuthenticationFilter());

        //配置过滤路径
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

        // 配置不会被拦截的链接 顺序判断
        filterChainDefinitionMap.put("/static/**", "anon");

        filterChainDefinitionMap.put("/vm/allControl?getLogMsg", "anon");

        //配置退出过滤器,其中的具体的退出代码Shiro已经实现了
//        filterChainDefinitionMap.put("/logout", "logout");

        //authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问
        filterChainDefinitionMap.put("/**", "authc");

        // 设置登录的接口
        shiroFilterFactoryBean.setLoginUrl("/user/login");


        //未授权界面;
        //shiroFilterFactoryBean.setUnauthorizedUrl("/403");

        shiroFilterFactoryBean.setFilters(map);

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

    /**
     * md5加密
     *
     * @return
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
   
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //加密方式
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        //加密次数
        hashedCredentialsMatcher.setHashIterations(2);
        return hashedCredentialsMatcher;
    }

    /**
     * 开启shiro aop注解支持.
     * 使用代理方式;所以需要开启代码支持;
     *
     * @param securityManager 安全管理器
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
   
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    public MyShiroRealm myShiroRealm() {
   
        MyShiroRealm myShiroRealm = new MyShiroRealm();
        // 将md5密码比对器传给realm
        myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());

        return myShiroRealm;
    }


    @Bean
    SecurityManager securityManager() {
   
        SecurityManager manager = new DefaultWebSecurityManager();
        ((DefaultWebSecurityManager) manager).setRealm(myShiroRealm());
        return manager;
    }

    @Bean
    @ConditionalOnMissingBean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
   
        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
        defaultAAP.setProxyTargetClass

你可能感兴趣的:(Java,Shiro,java,spring)