使用 Shiro 和 JPA 结合 MySQL 实现一个简易权限管理系统

1. 项目设置

首先，确保你的项目已经配置好 Maven 或 Gradle 依赖管理工具，并添加以下依赖：

Maven 依赖

    
    
        org.apache.shiro
        shiro-core
        1.9.0
    

    
    
        org.apache.shiro
        shiro-web
        1.9.0
    

    
    
        org.springframework.boot
        spring-boot-starter-data-jpa
    

    
    
        mysql
        mysql-connector-java
        8.0.26
    

    
    
        org.springframework.boot
        spring-boot-starter-web
    

    
    
        org.springframework.boot
        spring-boot-starter-security
    

    
    
        org.springframework.boot
        spring-boot-starter-thymeleaf
    

2. 配置 MySQL 数据库

在 application.properties 或 application.yml 中配置 MySQL 数据库连接：

spring.datasource.url=jdbc:mysql://localhost:3306/shiro_demo
spring.datasource.username=root
spring.datasource.password=yourpassword
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect

3. 创建实体类

使用 JPA 创建用户、角色和权限的实体类。

用户实体 (User)

@Entity
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String username;
    private String password;

    @ManyToMany(fetch = FetchType.EAGER)
    private Set roles;

    // Getters and Setters
}

角色实体 (Role)

@Entity
public class Role {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String name;

    @ManyToMany(fetch = FetchType.EAGER)
    private Set permissions;

    // Getters and Setters
}

权限实体 (Permission)

@Entity
public class Permission {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String name;

    // Getters and Setters
}

4. 创建 Repository 接口

使用 Spring Data JPA 创建 Repository 接口。

public interface UserRepository extends JpaRepository {
    User findByUsername(String username);
}

public interface RoleRepository extends JpaRepository {
}

public interface PermissionRepository extends JpaRepository {
}

5. 配置 Shiro

创建一个 Shiro 配置类，配置 Realm 和 SecurityManager。

@Configuration
public class ShiroConfig {

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        Map filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/**", "authc");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    @Bean
    public SecurityManager securityManager(Realm realm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        return securityManager;
    }

    @Bean
    public Realm realm(UserRepository userRepository) {
        return new JpaRealm(userRepository);
    }
}

6. 自定义 Realm

创建一个自定义的 Realm 类，用于从数据库中获取用户信息。

public class JpaRealm extends AuthorizingRealm {

    private final UserRepository userRepository;

    public JpaRealm(UserRepository userRepository) {
        this.userRepository = userRepository;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String username = (String) principals.getPrimaryPrincipal();
        User user = userRepository.findByUsername(username);

        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        for (Role role : user.getRoles()) {
            authorizationInfo.addRole(role.getName());
            for (Permission permission : role.getPermissions()) {
                authorizationInfo.addStringPermission(permission.getName());
            }
        }

        return authorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username = (String) token.getPrincipal();
        User user = userRepository.findByUsername(username);

        if (user == null) {
            throw new UnknownAccountException("User not found");
        }

        return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
    }
}

7. 创建控制器

创建一个简单的控制器来处理登录和访问控制。

@Controller
public class HomeController {

    @GetMapping("/home")
    public String home() {
        return "home";
    }

    @GetMapping("/login")
    public String login() {
        return "login";
    }

    @PostMapping("/login")
    public String doLogin(@RequestParam String username, @RequestParam String password) {
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);

        try {
            subject.login(token);
            return "redirect:/home";
        } catch (AuthenticationException e) {
            return "redirect:/login?error";
        }
    }

    @GetMapping("/logout")
    public String logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "redirect:/login";
    }
}

8. 创建视图

创建简单的 Thymeleaf 视图来展示登录页面和主页。

login.html

    


    
Login
    

        Username:
        
        

        Password:
        
        

        Login
    
    
Invalid username or password

运行 HTML

home.html

    


    
Welcome to the Home Page
    Logout

9. 运行项目

启动 Spring Boot 应用程序，访问 http://localhost:8080/login 进行登录。登录成功后，你将能够访问 /home 页面。

10. 权限控制

你可以在控制器中使用 @RequiresRoles 或 @RequiresPermissions 注解来控制访问权限。

@Controller
public class AdminController {

    @RequiresRoles("admin")
    @GetMapping("/admin")
    public String admin() {
        return "admin";
    }
}

11、创建测试数据脚本

-- 插入权限数据
INSERT INTO permission (name) VALUES ('user:read');
INSERT INTO permission (name) VALUES ('user:write');
INSERT INTO permission (name) VALUES ('admin:read');
INSERT INTO permission (name) VALUES ('admin:write');

-- 插入角色数据
INSERT INTO role (name) VALUES ('user');
INSERT INTO role (name) VALUES ('admin');

-- 关联角色和权限
-- 用户角色拥有 user:read 和 user:write 权限
INSERT INTO role_permissions (role_id, permissions_id) VALUES (
    (SELECT id FROM role WHERE name = 'user'),
    (SELECT id FROM permission WHERE name = 'user:read')
);
INSERT INTO role_permissions (role_id, permissions_id) VALUES (
    (SELECT id FROM role WHERE name = 'user'),
    (SELECT id FROM permission WHERE name = 'user:write')
);

-- 管理员角色拥有所有权限
INSERT INTO role_permissions (role_id, permissions_id) VALUES (
    (SELECT id FROM role WHERE name = 'admin'),
    (SELECT id FROM permission WHERE name = 'user:read')
);
INSERT INTO role_permissions (role_id, permissions_id) VALUES (
    (SELECT id FROM role WHERE name = 'admin'),
    (SELECT id FROM permission WHERE name = 'user:write')
);
INSERT INTO role_permissions (role_id, permissions_id) VALUES (
    (SELECT id FROM role WHERE name = 'admin'),
    (SELECT id FROM permission WHERE name = 'admin:read')
);
INSERT INTO role_permissions (role_id, permissions_id) VALUES (
    (SELECT id FROM role WHERE name = 'admin'),
    (SELECT id FROM permission WHERE name = 'admin:write')
);

-- 插入用户数据
-- 密码使用 Shiro 的加密方式（例如 MD5 加密）
INSERT INTO user (username, password) VALUES ('user1', 'password1');
INSERT INTO user (username, password) VALUES ('admin1', 'password1');

-- 关联用户和角色
-- 用户 user1 拥有 user 角色
INSERT INTO user_roles (user_id, roles_id) VALUES (
    (SELECT id FROM user WHERE username = 'user1'),
    (SELECT id FROM role WHERE name = 'user')
);

-- 用户 admin1 拥有 admin 角色
INSERT INTO user_roles (user_id, roles_id) VALUES (
    (SELECT id FROM user WHERE username = 'admin1'),
    (SELECT id FROM role WHERE name = 'admin')
);

 测试登录

启动应用程序后，使用以下测试用户登录：

• 用户: user1，密码: password1，角色: user

• 用户: admin1，密码: password1，角色: admin

登录后，你可以根据角色和权限访问不同的页面。