精华内容
下载资源
问答
  • springBoot整合Shiro

    2019-03-08 17:27:24
    springBoot整合Shiro
  • springboot整合shiro

    2020-12-28 15:16:26
    springboot整合shiro实现登录权限管理的一个demo,根据注解形式控制操作权限及角色权限。包含sql
  • SpringBoot整合Shiro

    2018-08-15 09:48:41
    SpringBoot整合Shiro实现RestFul风格API接口、前后端分离、JWT签发Token、Redis管理Token刷新、日志工厂、AES对称算法
  • Springboot 整合shiro

    2020-08-30 15:52:19
    今天加班,事情做的差不多,先前对Springboot 整合 shiro 有稍微研究一下下,但项目搭建好后,都是一直的复用复用,时间一长,都忘记整合流程了,网上Springboot 整合 shiro 教程也有很多,我呢,也没有什么太大的...

             今天加班,事情做的差不多,先前对Springboot 整合 shiro 有稍微研究一下下,但项目搭建好后,都是一直的复用复用,时间一长,都忘记整合流程了,网上Springboot 整合 shiro 教程也有很多,我呢,也没有什么太大的特色,就想搞个由浅入深,从初级整合到进阶版,增加redis作为缓存,一步一步来,方便学习也方便自己记忆。

           首先,我们要整合是初级版,只有 Springboot 整合 shiro,步骤如下:

    • 初级版:

    第一步:导包:

      如果一切都从 Hello World 开始,整合也都是从 pom.xml 文件中引入 shiro的jar包

    		<dependency>
    			<groupId>org.apache.shiro</groupId>
    			<artifactId>shiro-spring</artifactId>
    			<version>1.4.0</version>
    		</dependency>

    第二步:编写 shiro 自定义认证类 Realm

    在自定义的Realm 中,根据实际业务,完善相应的密码校验和鉴权授权代码

    import com.workbench.sys.SysAccount;
    import org.apache.commons.beanutils.ConvertUtils;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.*;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.authz.SimpleAuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Lazy;
    import org.springframework.data.redis.core.StringRedisTemplate;
    /**
     * 自定义shiro验证
     * @Auther: He
     * @Create_Date: 2020/8/30 10:55
     */
    public class MyShiroRealm extends AuthorizingRealm {
    
    
        /**
         * 对登录账号进行鉴权授权
         * @param principalCollection
         * @return
         */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            System.out.println(">>>> 鉴权授权 <<<<");
            //获取登录用户名
            String account = (String) principalCollection.getPrimaryPrincipal();
            //根据用户名去数据库查询用户信息
    //        SysAccount sysAccount = iSysAccountService.selectSysAccountInfoByAccount(account);
            //添加角色和权限
            SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    //        for (Role role : user.getRoles()) {
    //            //添加角色
    //            simpleAuthorizationInfo.addRole(role.getRoleName());
    //            //添加权限
    //            for (Permissions permissions : role.getPermissions()) {
    //                simpleAuthorizationInfo.addStringPermission(permissions.getPermissionsName());
    //            }
    //        }
            return simpleAuthorizationInfo;
        }
    
        /**
         * 校验登录账户是否正确
         * @param authenticationToken
         * @return
         * @throws AuthenticationException
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            System.out.println(">>>>> 登录认证 <<<<<");
            //加这一步的目的是在Post请求的时候会先进认证,然后在到请求
            if (authenticationToken.getPrincipal() == null) {
                return null;
            }
            //获取用户信息
            String account = authenticationToken.getPrincipal().toString();
            //模拟数据库查询
            SysAccount sysAccount = new SysAccount();
            sysAccount.setAccount("abc");
            sysAccount.setPassword("123");
            if (sysAccount == null) {
                //这里返回后会报出对应异常
                return null;
            } else {
                //这里验证authenticationToken和simpleAuthenticationInfo的信息
                SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(account, sysAccount.getPassword().toString(), getName());
                return simpleAuthenticationInfo;
            }
        }
    
        /**
         * RealmSecurityManager rsm = (RealmSecurityManager)SecurityUtils.getSecurityManager();
         AuthRealm authRealm = (AuthRealm)rsm.getRealms().iterator().next();
         authRealm.clearAuthz();
         */
        public void clearAuthor(){
            this.clearCachedAuthorizationInfo(SecurityUtils.getSubject().getPrincipals());
        }
    
        public void clearAuthen(){
            this.clearCachedAuthenticationInfo(SecurityUtils.getSubject().getPrincipals());
        }
    }

    第三步:编写配置类 ShiroConfig

     Shiro 配置类中设置相应的拦截规则,并添加注册自定义的验证类

    import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import java.util.*;
    
    /**
     * Shiro 配置类
     * @Auther: He
     * @Create_Date: 2020/8/30 10:59
     */
    @Configuration
    public class ShiroConfig {
    
        @Bean
        public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setSecurityManager(securityManager);
    
            //拦截器.
            Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
            // 配置不会被拦截的链接 按顺序判断
            //登录
            filterChainDefinitionMap.put("/sys/login", "anon");
            filterChainDefinitionMap.put("/staff/auth/mobileCode", "anon");
            filterChainDefinitionMap.put("/staff/auth/forgetPassword", "anon");
            filterChainDefinitionMap.put("/sys/attachment/upload", "anon");
            filterChainDefinitionMap.put("/sys/attachment/selectImg", "anon");
    
    
            //authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问
            filterChainDefinitionMap.put("/**", "authc,perms");
            // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
            shiroFilterFactoryBean.setLoginUrl("/login");
            // 登录成功后要跳转的链接
            shiroFilterFactoryBean.setSuccessUrl("/index");
            //未授权界面;
    //		shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    
            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
            return shiroFilterFactoryBean;
        }
    
        /**
         * 凭证匹配器
         * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了
         * )
         * @return
         */
        @Bean
        public HashedCredentialsMatcher hashedCredentialsMatcher(){
            HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
            hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法;
            hashedCredentialsMatcher.setHashIterations(1);//散列的次数,比如散列两次,相当于 md5(md5(""));
            hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
            return hashedCredentialsMatcher;
        }
    
        @Bean
        public MyShiroRealm myShiroRealm(){
            MyShiroRealm myShiroRealm = new MyShiroRealm();
            return myShiroRealm;
        }
    
        @Bean
        public SecurityManager securityManager(){
            DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
            securityManager.setRealm(myShiroRealm());
            return securityManager;
        }
    
    }

    设置拦截规则时,切记要把 登录请求设置成 anon ,即免登陆访问

    如:filterChainDefinitionMap.put("/sys/login", "anon");

    第四步:编写controller类进行校验

    /**
         * 登录方法
         * @param request
         * @param sysAccount
         * @return
         */
        @RequestMapping(value = "/login")
        public Result<SysAccount> login(HttpServletRequest request, @RequestBody SysAccount sysAccount) {
            Subject subject = SecurityUtils.getSubject();
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(sysAccount.getAccount(), sysAccount.getPassword());
            subject.login(usernamePasswordToken);
            Session session = SecurityUtils.getSubject().getSession();
            return getResult(Result.OK, session);
        }

    接下来就是使用 Postman 等工具进行测试了。

    至此,初级版的 Springboot 整合 Shiro 就完成了。

    进阶版的后面更新

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 我是一条华丽的分割线 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

    展开全文
  • Springboot整合Shiro

    2021-03-19 20:42:04
    Springboot整合Shiro 1.springboot整合shiro有两种方式,导入的包不同 第一种 第一步:只导入依赖 shiro-all <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-all&...

    Springboot整合Shiro

    1.springboot整合shiro有两种方式,导入的包不同
    第一种
    第一步:只导入依赖 shiro-all

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-all</artifactId>
       	<version>1.7.1</version>
    </dependency>
    

    第二步:编写自定义Realm

    package com.hdit.shirospringboot.util;
    
    import com.hdit.shirospringboot.domain.Users;
    import com.hdit.shirospringboot.mapper.UsersMapper;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.springframework.beans.factory.annotation.Autowired;
    
    public class MyRealm extends AuthorizingRealm {
    
        @Autowired
        private UsersMapper usersMapper;
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            return null;
        }
    
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    
            String username = authenticationToken.getPrincipal().toString();
            Users users = usersMapper.findUsersByUserName(username);
            AuthenticationInfo authenticationInfo = null;
            if(users != null){
            	authenticationInfo = new SimpleAuthenticationInfo(username , users.getPwd() , "myrealm");
                return authenticationInfo;
            }
    
            return authenticationInfo;
        }
    }
    
    

    第三步:编写Shiro配置类

    package com.hdit.shirospringboot.util;
    
    import org.apache.shiro.mgt.DefaultSecurityManager;
    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.realm.Realm;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    @Configuration
    public class ShiroConfig {
    
        @Bean
        public Realm getRealm(){
            return new MyRealm();
        }
    
        @Bean
        public SecurityManager getSecurityManager(Realm realm){
            DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
            defaultWebSecurityManager.setRealm(realm);
            return defaultWebSecurityManager;
        }
    
        @Bean
        public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager){
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setSecurityManager(securityManager);
            return shiroFilterFactoryBean;
        }
    }
    
    

    上面就已经完整的编写运行shiro所需要的全部配置了。

    第二种:只导入依赖shiro-spring-boot-starter

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-spring-boot-starter</artifactId>
        <version>1.7.1</version>
    </dependency>
    

    这种方法只需要修改第一种方法的第三步,也就是shiro配置类
    注意:使用DefaultWebSecurityManager ,不要使用SecurityManager
    这也是这种方法和第一种方法的不同之处,自定义Realm无需修改。

    import org.apache.shiro.realm.Realm;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import  org.apache.shiro.mgt.SecurityManager;
    
    @Configuration
    public  class   ShiroConfig{
    
        @Bean
        public Realm getRealm() {
            return new  MyRealm();
        }
    
        @Bean
        public   DefaultWebSecurityManager   getSecurityManager(Realm  realm){
            DefaultWebSecurityManager  securityManager=new DefaultWebSecurityManager();
            securityManager.setRealm(realm);
            return  securityManager;
        }
    
        @Bean
        public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            //注入核心安全管理器
            shiroFilterFactoryBean.setSecurityManager(securityManager);
    
            return shiroFilterFactoryBean;
        }
    
    }
    
    

    以上就是springboot整合shiro了,既然springboot使用启动器,所以比较推荐使用第二种方法,也就是使用第二种shiro配置类。

    展开全文
  • Springboot整合shiro

    2021-05-18 17:05:36
    Springboot整合shiro 导入依赖 <!-- shiro--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0-RC2</...

    Springboot整合shiro

    导入依赖

    <!--        shiro-->
            <dependency>
                <groupId>org.apache.shiro</groupId>
                <artifactId>shiro-spring</artifactId>
                <version>1.4.0-RC2</version>
            </dependency>
    

    编写配置类
    Subject:用户主体
    SecutityManager:安全管理器
    Realm:Shiro连接数据的桥梁

    @Configuration
    public class ShiroConfig {
    
    
        //    创建ShiroFilterFactoryBean  需要关联DefaultWebSecurityManager    //@Qualifier  是为了找到下面定义的securityManager
        @Bean
        public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    
    //        设置安全管理器
            shiroFilterFactoryBean.setSecurityManager(securityManager);
    
            return shiroFilterFactoryBean;
        }
    
    
    
    //    创建DefaultWebSecurityManager  需要关联Realm
        @Bean(name = "securityManager")
        public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ //@Qualifier  是为了找到下面定义的Realm
            DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    
            securityManager.setRealm(userRealm);
    
            return securityManager;
        }
    
    //    创建Realm    Realm是自定义的
        @Bean(name = "userRealm")
        public UserRealm getRealm(){
            return new UserRealm();
        }
    }
    

    自定义Realm

    public class UserRealm extends AuthorizingRealm {
        /*
        * 执行授权逻辑
        * */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            System.out.println("执行授权逻辑");
            return null;
        }
    
        /*
        * 执行认证逻辑
        * */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            System.out.println("执行认证逻辑");
            return null;
        }
    }
    
    展开全文
  • springboot整合Shiro

    2021-01-05 20:19:50
    springboot整合Shiro 1、基础spring-boot环境搭建起来 此处省略新建spring boot项目过程 2、导入shiro-spring的依赖 <dependency> <groupId>org.apache.shiro</groupId> <artifactId>...

    springboot整合Shiro


    1、基础spring-boot环境搭建起来

    此处省略新建spring boot项目过程

    2、导入shiro-spring的依赖

    		<dependency>
                <groupId>org.apache.shiro</groupId>
                <artifactId>shiro-spring</artifactId>
                <version>1.7.0</version>
            </dependency>
    

    3、编写配置类,配置Shiro三大对象

    在这里插入图片描述

    3.1、自定义UserRealm类,创建Realm对象
    //需要继承AuthorizingRealm
    public class UserRealm extends AuthorizingRealm {
    
        //授权
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            System.out.println("执行了=> UserRealm.doGetAuthorizationInfo");
            return null;
        }
    
        //认证
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            return null;
        }
    }
    
    3.2、完成Shiro三大对象的配置
    @Configuration
    public class shiroConfig {
    
        //ShiroFilterFactoryBean  第三步
        @Bean
        public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            //设置安全管理器
            shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
            return shiroFilterFactoryBean;
    
        }
    
        //DefaultWebSecurityManager  第二步
        @Bean
        public DefaultWebSecurityManager defaultWebSecurityManager(UserRealm userRealm){
            DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
            //关联Realm
            defaultWebSecurityManager.setRealm(userRealm);
            return defaultWebSecurityManager;
        }
    
        //创建Realm对象,需要自定义类  第一步
        @Bean
        public UserRealm userRealm(){
            return new UserRealm();
        }
    }
    
    3.3、设置资源的拦截
    //添加shiro内置管理器
            /*
                anon:无需认证就可以访问
                authc:必须认证了才可以访问
                user:必须有 记住我功能 才可以使用
                perms:拥有队某个资源的权限才能访问
                role:拥有某个角色权限才能访问
    
             */
            //拦截
            LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
            filterChainDefinitionMap.put("/add","authc");
            filterChainDefinitionMap.put("/update","authc");
            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    
            //设置登录的请求
            shiroFilterFactoryBean.setLoginUrl("/login");
    
    展开全文
  • springboot整合shiro.zip

    2021-06-06 16:54:38
    springboot整合shiro.
  • springboot整合shiro视频

    2020-06-21 16:45:33
    springboot整合shiro视频
  • springboot整合shiro视频教程,实现登陆认证,权限认证
  • SpringBoot整合Shiro-附件资源
  • SpringBoot整合Shiro、JWT和Redis实现token登录授权验证以及token刷新 前端代码为一个博客页面,使用了Semantic UI框架结合thymeleaf模板 SpringBoot结合JWT+Shiro+Redis实现token无状态登录授权 [TOC] 一、引言 ​ ...
  • springboot 整合shiro

    2019-03-04 11:30:10
    github 地址 : git@github.com:houjibofa2050/springboot_shiro.git
  • 主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 13,558
精华内容 5,423
关键字:

springboot整合shiro

spring 订阅