±à¼ÍƼö: |
±¾ÎÄ×ÛÊöÁËApache
Shiro Features ÌØÐÔ£¬High-Level Overview ¸ß¼¶¸ÅÊö¡¢Shiro
ÈÏÖ¤¹ý³Ì,Ï£Íû¶ÔÄúÓÐËù°ïÖú
±¾ÎÄÀ´×ÔÓÚ¼òÊ飬ÓÉ»ðÁú¹ûÈí¼þDelores±à¼¡¢ÍƼö¡£ |
|
Shiro ¼ò½é
ÕÕÀýÓÖÈ¥¹ÙÍø°ÇÁ˰ǽéÉÜ£º
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro¡¯s easy-to-understand API, you can quickly and easily secure any application ¨C from the smallest mobile applications to the largest web and enterprise applications.
Apache ShiroÊÇÒ»¸öÇ¿´óÇÒÒ×ÓõÄJava°²È«¿ò¼Ü,Äܹ»ÓÃÓÚÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢¼ÓÃܺͻỰ¹ÜÀí¡£ShiroÓµÓÐÒ×ÓÚÀí½âµÄAPI,Äú¿ÉÒÔ¿ìËÙ¡¢ÇáËɵػñµÃÈκÎÓ¦ÓóÌÐò¡ª¡ª´Ó×îСµÄÒÆ¶¯Ó¦ÓóÌÐòµ½×î´óµÄÍøÂçºÍÆóÒµÓ¦ÓóÌÐò¡£
¼ò¶øÑÔÖ®£¬Apache Shiro ÊÇÒ»¸öÇ¿´óÁé»îµÄ¿ªÔ´°²È«¿ò¼Ü£¬¿ÉÒÔÍêÈ«´¦ÀíÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢¼ÓÃܺͻỰ¹ÜÀí¡£
ShiroÄܵ½µ×ÄÜ×öÐ©Ê²Ã´ÄØ£¿
ÑéÖ¤Óû§Éí·Ý
Óû§·ÃÎÊȨÏÞ¿ØÖÆ£¬±ÈÈ磺1¡¢ÅжÏÓû§ÊÇ·ñ·ÖÅäÁËÒ»¶¨µÄ°²È«½ÇÉ«¡£2¡¢ÅжÏÓû§ÊÇ·ñ±»ÊÚÓèÍê³Éij¸ö²Ù×÷µÄȨÏÞ
ÔÚ·Ç Web »ò EJB ÈÝÆ÷µÄ»·¾³Ï¿ÉÒÔÈÎÒâʹÓÃSession API
¿ÉÒÔÏìÓ¦ÈÏÖ¤¡¢·ÃÎÊ¿ØÖÆ£¬»òÕß Session ÉúÃüÖÜÆÚÖз¢ÉúµÄʼþ
¿É½«Ò»¸ö»òÒÔÉÏÓû§°²È«Êý¾ÝÔ´Êý¾Ý×éºÏ³ÉÒ»¸ö¸´ºÏµÄÓû§ ¡°view¡±(ÊÓͼ)
Ö§³Öµ¥µãµÇ¼(SSO)¹¦ÄÜ
Ö§³ÖÌṩ¡°Remember Me¡±·þÎñ£¬»ñÈ¡Óû§¹ØÁªÐÅÏ¢¶øÎÞÐèµÇ¼
ΪʲôÊÇ Shiro£¿
ʹÓà Shiro ¹Ù·½¸øÁËÐí¶àÁîÈËÐÅ·þµÄÔÒò£¬ÒòΪ Shiro ¾ßÓÐÒÔϼ¸¸öÌØµã£º
Ò×ÓÚʹÓ᪡ªÒ×ÓÃÐÔÊÇÏîÄ¿µÄ×îÖÕÄ¿±ê¡£Ó¦ÓóÌÐò°²È«·Ç³£ÁîÈËÀ§»óºÍ¾ÚÉ¥,±»ÈÏΪÊÇ¡°²»¿É±ÜÃâµÄÔÖÄÑ¡±¡£Èç¹ûÄãÈÃËü¼ò»¯µ½ÐÂÊÖ¶¼¿ÉÒÔʹÓÃËü,Ëü¾Í½«²»ÔÙÊÇÒ»ÖÖÍ´¿àÁË¡£
È«Ãæ¡ª¡ªÃ»ÓÐÆäËû°²È«¿ò¼ÜµÄ¿í¶È·¶Î§¿ÉÒÔͬApache ShiroÒ»Ñù,Ëü¿ÉÒÔ³ÉΪÄãµÄ¡°Ò»Õ¾Ê½¡±ÎªÄúµÄ°²È«ÐèÇóÌṩ±£ÕÏ¡£
Áé»î¡ª¡ªApache Shiro¿ÉÒÔÔÚÈκÎÓ¦ÓóÌÐò»·¾³Öй¤×÷¡£ËäÈ»ÔÚÍøÂ繤×÷¡¢EJBºÍIoC»·¾³ÖпÉÄܲ¢²»ÐèÒªËü¡£µ«ShiroµÄÊÚȨҲûÓÐÈκι淶,ÉõÖÁûÓÐÐí¶àÒÀÀµ¹ØÏµ¡£
WebÖ§³Ö¡ª¡ªApache ShiroÓµÓÐÁîÈËÐ˷ܵÄwebÓ¦ÓóÌÐòÖ§³Ö,ÔÊÐíÄú»ùÓÚÓ¦ÓóÌÐòµÄurl´´½¨Áé»îµÄ°²È«²ßÂÔºÍÍøÂçÐÒé(ÀýÈçREST),ͬʱ»¹Ìṩһ×éJSP¿â¿ØÖÆÒ³ÃæÊä³ö¡£
µÍñîºÏ¡ª¡ªShiro¸É¾»µÄAPIºÍÉè¼ÆÄ£Ê½Ê¹ËüÈÝÒ×ÓëÐí¶àÆäËû¿ò¼ÜºÍÓ¦ÓóÌÐò¼¯³É¡£Äã»á¿´µ½ShiroÎÞ·ìµØ¼¯³ÉSpringÕâÑùµÄ¿ò¼Ü, ÒÔ¼°Grails, Wicket, Tapestry, Mule, Apache Camel, Vaadin...µÈ¡£
±»¹ã·ºÖ§³Ö¡ª¡ªApache ShiroÊÇApacheÈí¼þ»ù½ð»áµÄÒ»²¿·Ö¡£ÏîÄ¿¿ª·¢ºÍÓû§×é¶¼ÓÐÓѺõÄÍøÃñÔ¸Òâ°ïÖú¡£ÕâÑùµÄÉÌÒµ¹«Ë¾Èç¹ûÐèÒªKatasoft»¹ÌṩרҵµÄÖ§³ÖºÍ·þÎñ¡£
Apache Shiro Features ÌØÐÔ
Apache ShiroÊÇÒ»¸öÈ«ÃæµÄ¡¢Ô̺¬·á¸»¹¦Äܵݲȫ¿ò¼Ü¡£ÏÂͼΪÃèÊöShiro¹¦ÄܵĿò¼Üͼ£º

Authentication£¨ÈÏÖ¤£©, Authorization£¨ÊÚȨ£©, Session Management£¨»á»°¹ÜÀí£©, Cryptography£¨¼ÓÃÜ£©±» Shiro ¿ò¼ÜµÄ¿ª·¢ÍŶӳÆÖ®ÎªÓ¦Óð²È«µÄËÄ´ó»ùʯ¡£ÄÇô¾ÍÈÃÎÒÃÇÀ´¿´¿´ËüÃǰɣº
Authentication£¨ÈÏÖ¤£©£ºÓû§Éí·Ýʶ±ð£¬Í¨³£±»³ÆÎªÓû§¡°µÇ¼¡±
Authorization£¨ÊÚȨ£©£º·ÃÎÊ¿ØÖÆ¡£±ÈÈçij¸öÓû§ÊÇ·ñ¾ßÓÐij¸ö²Ù×÷µÄʹÓÃȨÏÞ¡£
Session Management£¨»á»°¹ÜÀí£©£ºÌض¨ÓÚÓû§µÄ»á»°¹ÜÀí,ÉõÖÁÔÚ·Çweb »ò EJB Ó¦ÓóÌÐò¡£
Cryptography£¨¼ÓÃÜ£©£ºÔÚ¶ÔÊý¾ÝԴʹÓüÓÃÜËã·¨¼ÓÃܵÄͬʱ£¬±£Ö¤Ò×ÓÚʹÓá£
»¹ÓÐÆäËûµÄ¹¦ÄÜÀ´Ö§³ÖºÍ¼ÓÇ¿ÕâЩ²»Í¬Ó¦Óû·¾³Ï°²È«ÁìÓòµÄ¹Ø×¢µã¡£ÌرðÊǶÔÒÔÏµĹ¦ÄÜÖ§³Ö£º
WebÖ§³Ö£ºShiroµÄWebÖ§³ÖAPIÓÐÖúÓÚ±£»¤WebÓ¦ÓóÌÐò¡£
»º´æ£º»º´æÊÇApache Shiro APIÖеĵÚÒ»¼¶£¬ÒÔÈ·±£°²È«²Ù×÷±£³Ö¿ìËٺ͸ßЧ¡£
²¢·¢ÐÔ£ºApache ShiroÖ§³Ö¾ßÓв¢·¢¹¦ÄܵĶàÏß³ÌÓ¦ÓóÌÐò¡£
²âÊÔ£º´æÔÚ²âÊÔÖ§³Ö£¬¿É°ïÖúÄú±àдµ¥Ôª²âÊԺͼ¯³É²âÊÔ£¬²¢È·±£´úÂë°´Ô¤ÆÚµÃµ½±£ÕÏ¡£
¡°ÔËÐз½Ê½¡±£ºÔÊÐíÓû§³Ðµ£ÁíÒ»¸öÓû§µÄÉí·Ý(Èç¹ûÔÊÐí)µÄ¹¦ÄÜ£¬ÓÐʱÔÚ¹ÜÀí·½°¸ÖкÜÓÐÓá£
¡°¼ÇסÎÒ¡±£º¼ÇסÓû§ÔڻỰÖеÄÉí·Ý£¬ËùÒÔÓû§Ö»ÐèÒªÇ¿ÖÆµÇ¼¼´¿É¡£
×¢Ò⣺ Shiro²»»áȥά»¤Óû§¡¢Î¬»¤È¨ÏÞ£¬ÕâЩÐèÒªÎÒÃÇ×Ô¼ºÈ¥Éè¼Æ/Ìṩ£¬È»ºóͨ¹ýÏàÓ¦µÄ½Ó¿Ú×¢Èë¸øShiro
High-Level Overview ¸ß¼¶¸ÅÊö
ÔÚ¸ÅÄî²ã£¬Shiro ¼Ü¹¹°üº¬Èý¸öÖ÷ÒªµÄÀíÄSubject,SecurityManagerºÍ Realm¡£ÏÂÃæµÄͼչʾÁËÕâЩ×é¼þÈçºÎÏ໥×÷Óã¬ÎÒÃǽ«ÔÚÏÂÃæÒÀ´Î¶ÔÆä½øÐÐÃèÊö¡£

Subject£ºµ±Ç°Óû§£¬Subject ¿ÉÒÔÊÇÒ»¸öÈË£¬µ«Ò²¿ÉÒÔÊǵÚÈý·½·þÎñ¡¢ÊØ»¤½ø³ÌÕÊ»§¡¢Ê±ÖÓÊØ»¤ÈÎÎñ»òÕ߯äËü¨Cµ±Ç°ºÍÈí¼þ½»»¥µÄÈκÎʼþ¡£
SecurityManager£º¹ÜÀíËùÓÐSubject£¬SecurityManager ÊÇ Shiro ¼Ü¹¹µÄºËÐÄ£¬ÅäºÏÄÚ²¿°²È«×é¼þ¹²Í¬×é³É°²È«É¡¡£
Realms£ºÓÃÓÚ½øÐÐȨÏÞÐÅÏ¢µÄÑéÖ¤£¬ÎÒÃÇ×Ô¼ºÊµÏÖ¡£Realm ±¾ÖÊÉÏÊÇÒ»¸öÌØ¶¨µÄ°²È« DAO£ºËü·â×°ÓëÊý¾ÝÔ´Á¬½ÓµÄϸ½Ú£¬µÃµ½Shiro ËùÐèµÄÏà¹ØµÄÊý¾Ý¡£ÔÚÅäÖà Shiro µÄʱºò£¬Äã±ØÐëÖ¸¶¨ÖÁÉÙÒ»¸öRealm À´ÊµÏÖÈÏÖ¤£¨authentication£©ºÍ/»òÊÚȨ£¨authorization£©¡£
ÎÒÃÇÐèҪʵÏÖRealmsµÄAuthentication ºÍ Authorization¡£ÆäÖÐ Authentication ÊÇÓÃÀ´ÑéÖ¤Óû§Éí·Ý£¬Authorization ÊÇÊÚȨ·ÃÎÊ¿ØÖÆ£¬ÓÃÓÚ¶ÔÓû§½øÐеIJÙ×÷ÊÚȨ£¬Ö¤Ã÷¸ÃÓû§ÊÇ·ñÔÊÐí½øÐе±Ç°²Ù×÷£¬Èç·ÃÎÊij¸öÁ´½Ó£¬Ä³¸ö×ÊÔ´ÎļþµÈ¡£
Shiro ÈÏÖ¤¹ý³Ì

ÉÏͼչʾÁË Shiro ÈÏÖ¤µÄÒ»¸öÖØÒªµÄ¹ý³Ì£¬ÎªÁ˼ÓÉîÎÒÃǵÄÓ¡Ïó£¬ÎÒÃÇÀ´×Ô¼º¶¯ÊÖÀ´Ð´Ò»¸öÀý×Ó£¬À´Ñé֤һϣ¬Ê×ÏÈÎÒÃÇн¨Ò»¸öMaven¹¤³Ì£¬È»ºóÔÚpom.xmlÖÐÒýÈëÏà¹ØÒÀÀµ£º
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency> <groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency> |
н¨Ò»¸ö¡¾AuthenticationTest¡¿²âÊÔÀࣺ
import org.apache.shiro.
SecurityUtils;
import org.apache.shiro. authc.UsernamePasswordToken;
import org.apache.shiro. mgt.DefaultSecurityManager;
import org.apache.shiro. realm.SimpleAccountRealm;
import org.apache.shiro. subject.Subject;
import org.junit.Before;
import org.junit.Test;
public class AuthenticationTest{
SimpleAccountRealm simple AccountRealm = new
SimpleAccountRealm();
@Before // ÔÚ·½·¨¿ªÊ¼Ç°Ìí¼ÓÒ»¸öÓû§
public void addUser() {
simpleAccountRealm.addAccount ("wmyskxz",
"123456");
}
@Test
public void testAuthentication(){
// 1.¹¹½¨SecurityManager»·¾³
DefaultSecurityManager defaultSecurityManager
= new DefaultSecurityManager();
defaultSecurityManager.setRealm (simpleAccountRealm);
// 2.Ö÷ÌåÌá½»ÈÏÖ¤ÇëÇó
SecurityUtils.setSecurityManager (defaultSecurityManager);
// ÉèÖÃSecurityManager»·¾³
Subject subject = SecurityUtils. getSubject();
// »ñÈ¡µ±Ç°Ö÷Ìå
UsernamePasswordToken token = new UsernamePasswordToken ("wmyskxz",
"123456");
subject.login(token); // 怬
// subject.isAuthenticated()·½·¨ ·µ»ØÒ»¸öbooleanÖµ,ÓÃÓÚÅжÏÓû§ ÊÇ·ñÈÏÖ¤³É¹¦
System.out.println("isAuthenticated:"
+ subject.isAuthenticated()); // Êä³ötrue
subject.logout(); // µÇ³ö
System.out.println("isAuthenticated:"
+ subject.isAuthenticated());//Êä³öfalse
}
} |
ÔËÐÐÖ®ºó¿ÉÒÔ¿´µ½Ô¤ÏëÖеÄЧ¹û£¬ÏÈÊä³öisAuthenticated:true±íʾµÇ¼ÈÏÖ¤³É¹¦£¬ È»ºóÔÙÊä³öisAuthenticated:false±íʾÈÏ֤ʧ°ÜÍ˳öµÇ¼£¬ÔÙÀ´Ò»ÕÅͼ¼ÓÉîÒ»ÏÂÓ¡Ïó£º

Á÷³ÌÈçÏ£º
Ê×Ïȵ÷Óà Subject.login(token) ½øÐеǼ£¬Æä»á×Ô¶¯Î¯Íиø Security Manager£¬µ÷ÓÃ֮ǰ±ØÐëͨ¹ý SecurityUtils.setSecurityManager() ÉèÖã»
SecurityManager ¸ºÔðÕæÕýµÄÉí·ÝÑéÖ¤Âß¼£»Ëü»áίÍиø Authenticator ½øÐÐÉí·ÝÑéÖ¤£»
Authenticator ²ÅÊÇÕæÕýµÄÉí·ÝÑéÖ¤Õߣ¬Shiro API ÖкËÐĵÄÉí·ÝÈÏÖ¤Èë¿Úµã£¬´Ë´¦¿ÉÒÔ×Ô¶¨Òå²åÈë×Ô¼ºµÄʵÏÖ£»
Authenticator ¿ÉÄÜ»áίÍиøÏàÓ¦µÄ AuthenticationStrategy ½øÐжà Realm Éí·ÝÑéÖ¤£¬Ä¬ÈÏ ModularRealmAuthenticator »áµ÷Óà AuthenticationStrategy ½øÐжà Realm Éí·ÝÑéÖ¤£»
Authenticator »á°ÑÏàÓ¦µÄ token ´«Èë Realm£¬´Ó Realm »ñÈ¡Éí·ÝÑéÖ¤ÐÅÏ¢£¬Èç¹ûûÓзµ»Ø / Å׳öÒì³£±íʾÉí·ÝÑé֤ʧ°ÜÁË¡£´Ë´¦¿ÉÒÔÅäÖöà¸ö Realm£¬½«°´ÕÕÏàÓ¦µÄ˳Ðò¼°²ßÂÔ½øÐзÃÎÊ¡£
Shiro ÊÚȨ¹ý³Ì

¸úÈÏÖ¤¹ý³Ì´óÖÂÏàËÆ£¬ÏÂÃæÎÒÃÇÈÔȻͨ¹ý´úÂëÀ´ÊìϤһϹý³Ì£¨ÒýÈë°üÀàËÆÕâÀï½ÚԼƪ·ù¾Í²»Ìù³öÀ´ÁË£©£º
public class
AuthenticationTest{
SimpleAccountRealm simple AccountRealm = new
SimpleAccountRealm();
@Before // ÔÚ·½·¨¿ªÊ¼Ç°Ìí¼ÓÒ»¸öÓû§, ÈÃËü¾ß±¸adminºÍuserÁ½¸ö½ÇÉ«
public void addUser() {
simpleAccountRealm.addAccount ("wmyskxz",
"123456", "admin", "user");
}
@Test
public void testAuthentication(){
// 1.¹¹½¨SecurityManager»·¾³
DefaultSecurityManager defaultSecurityManager
= new DefaultSecurityManager();
defaultSecurityManager.setRealm (simpleAccountRealm);
// 2.Ö÷ÌåÌá½»ÈÏÖ¤ÇëÇó
SecurityUtils.setSecurityManager (defaultSecurityManager);
// ÉèÖÃSecurityManager»·¾³
Subject subject = SecurityUtils. getSubject();
// »ñÈ¡µ±Ç°Ö÷Ìå
UsernamePasswordToken token = new UsernamePasswordToken("wmyskxz",
"123456");
subject.login(token); // 怬
// subject.isAuthenticated()·½·¨ ·µ»ØÒ»¸öbooleanÖµ,ÓÃÓÚÅжÏÓû§ÊÇ·ñÈÏÖ¤³É¹¦
System.out.println("isAuthenticated:"
+ subject.isAuthenticated()); // Êä³ötrue
// ÅжÏsubjectÊÇ·ñ¾ßÓÐadminºÍuser Á½¸ö½ÇɫȨÏÞ,ÈçûÓÐÔò»á±¨´í
subject.checkRoles("admin","user");
// subject.checkRole("xxx"); // ±¨´í
}
} |
ÔËÐвâÊÔ£¬Äܹ»ÕýÈ·¿´µ½Ð§¹û¡£
×Ô¶¨Òå Realm
´ÓÉÏÃæÎÒÃÇÁ˽⵽ʵ¼Ê½øÐÐȨÏÞÐÅÏ¢ÑéÖ¤µÄÊÇÎÒÃÇµÄ Realm£¬Shiro ¿ò¼ÜÄÚ²¿Ä¬ÈÏÌṩÁËÁ½ÖÖʵÏÖ£¬Ò»ÖÖÊDzéѯ.iniÎļþµÄIniRealm£¬ÁíÒ»ÖÖÊDzéѯÊý¾Ý¿âµÄJdbcRealm£¬ÕâÁ½ÖÖÀ´Ëµ¶¼Ïà¶Ô¼òµ¥£¬¸ÐÐËȤµÄ¿ÉÒÔÈ¥¡¾ÕâÀï¡¿ÃéÁ½ÑÛ£¬ÎÒÃÇ×ÅÖØ¾ÍÀ´½éÉܽéÉÜ×Ô¶¨ÒåʵÏÖµÄ Realm °É¡£
ÓÐÁËÉÏÃæµÄ¶ÔÈÏÖ¤ºÍÊÚȨµÄÀí½â£¬ÎÒÃÇÏÈÔÚºÏÊʵİüÏ´´½¨Ò»¸ö¡¾MyRealm¡¿À࣬¼Ì³Ð Shirot ¿ò¼ÜµÄ AuthorizingRealm À࣬²¢ÊµÏÖĬÈϵÄÁ½¸ö·½·¨£º
package com.wmyskxz.demo.realm;
import org.apache.shiro.authc.*;
import org.apache.shiro.realm. AuthorizingRealm;
import org.apache.shiro.subject. PrincipalCollection;
import java.util.*;
public class MyRealm extends AuthorizingRealm
{
/**
* Ä£ÄâÊý¾Ý¿âÊý¾Ý
*/
Map<String, String> userMap = new HashMap<>(16);
{
userMap.put("wmyskxz", "123456");
super.setName("myRealm"); // ÉèÖÃ×Ô¶¨ÒåRealmµÄÃû³Æ£¬ ȡʲôÎÞËùν..
}
/**
* ÊÚȨ
*
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo (PrincipalCollection
principalCollection) {
String userName = (String) principalCollection.get PrimaryPrincipal();
// ´ÓÊý¾Ý¿â»ñÈ¡½ÇÉ«ºÍȨÏÞÊý¾Ý
Set<String> roles = getRolesByUserName(userName);
Set<String> permissions = getPermissionsByUserName(userName);
SimpleAuthorizationInfo simple AuthorizationInfo
= new Simple AuthorizationInfo();
simpleAuthorizationInfo.setString Permissions(permissions);
simpleAuthorizationInfo.setRoles(roles);
return simpleAuthorizationInfo;
}
/**
* Ä£Äâ´ÓÊý¾Ý¿âÖлñȡȨÏÞÊý¾Ý
*
* @param userName
* @return
*/
private Set<String> getPermissions ByUserName(String
userName) {
Set<String> permissions = new HashSet<>();
permissions.add("user:delete");
permissions.add("user:add");
return permissions;
}
/**
* Ä£Äâ´ÓÊý¾Ý¿âÖлñÈ¡½ÇÉ«Êý¾Ý
*
* @param userName
* @return
*/
private Set<String> getRolesBy UserName(String
userName) {
Set<String> roles = new HashSet<>();
roles.add("admin");
roles.add("user");
return roles;
}
/**
* ÈÏÖ¤
*
* @param authenticationToken Ö÷Ìå´«¹ýÀ´µÄÈÏÖ¤ÐÅÏ¢
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken
authenticationToken) throws AuthenticationException
{
// 1.´ÓÖ÷Ìå´«¹ýÀ´µÄÈÏÖ¤ÐÅÏ¢ÖУ¬ »ñµÃÓû§Ãû
String userName = (String) authenticationToken.getPrincipal();
// 2.ͨ¹ýÓû§Ãûµ½Êý¾Ý¿âÖлñȡƾ֤
String password = getPassword ByUserName(userName);
if (password == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo
= new Simple AuthenticationInfo ("wmyskxz",
password, "myRealm");
return authenticationInfo;
}
/**
* Ä£Äâ´ÓÊý¾Ý¿âȡƾ֤µÄ¹ý³Ì
*
* @param userName
* @return
*/
private String getPasswordBy UserName(String
userName) {
return userMap.get(userName);
}
} |
È»ºóÎÒÃDZàд²âÊÔÀ࣬À´ÑéÖ¤ÊÇ·ñÕýÈ·£º
import com.wmyskxz.demo.
realm.MyRealm;
import org.apache.shiro. SecurityUtils;
import org.apache.shiro. authc.UsernamePasswordToken;
import org.apache.shiro. mgt.DefaultSecurityManager;
import org.apache.shiro. subject.Subject;
import org.junit.Test;
public class AuthenticationTest{
@Test
public void testAuthentication(){
MyRealm myRealm = new MyRealm(); // ʵÏÖ×Ô¼ºµÄ
Realm ʵÀý
// 1.¹¹½¨SecurityManager»·¾³
DefaultSecurityManager default SecurityManager
= new DefaultSecurityManager();
defaultSecurityManager.setRealm (myRealm);
// 2.Ö÷ÌåÌá½»ÈÏÖ¤ÇëÇó
SecurityUtils.setSecurityManager (defaultSecurityManager);
// ÉèÖÃSecurityManager»·¾³
Subject subject = SecurityUtils. getSubject();
// »ñÈ¡µ±Ç°Ö÷Ìå
UsernamePasswordToken token = new UsernamePasswordToken("wmyskxz",
"123456");
subject.login(token); // 怬
// subject.isAuthenticated()·½·¨ ·µ»ØÒ»¸öbooleanÖµ,ÓÃÓÚÅжÏÓû§ÊÇ·ñÈÏÖ¤³É¹¦
System.out.println("isAuthenticated:"
+ subject.isAuthenticated()); // Êä³ötrue
// ÅжÏsubjectÊÇ·ñ¾ßÓÐadminºÍuser Á½¸ö½ÇɫȨÏÞ,ÈçûÓÐÔò»á±¨´í
subject.checkRoles("admin", "user");
// subject.checkRole("xxx"); // ±¨´í
// ÅжÏsubjectÊÇ·ñ¾ßÓÐuser:addȨÏÞ
subject.checkPermission("user:add");
}
} |
ÔËÐвâÊÔ£¬ÍêÃÀ¡£
Shiro ¼ÓÃÜ
ÔÚ֮ǰµÄѧϰÖУ¬ÎÒÃÇÔÚÊý¾Ý¿âÖб£´æµÄÃÜÂë¶¼ÊÇÃ÷Îĵģ¬Ò»µ©Êý¾Ý¿âÊý¾Ýй¶£¬ÄǾͻáÔì³É²»¿É¹ÀËãµÄËðʧ£¬ËùÒÔÎÒÃÇͨ³£¶¼»áʹÓ÷ǶԳƼÓÃÜ£¬¼òµ¥Àí½âÒ²¾ÍÊDz»¿ÉÄæµÄ¼ÓÃÜ£¬¶ø md5 ¼ÓÃÜËã·¨¾ÍÊÇ·ûºÏÕâÑùµÄÒ»ÖÖËã·¨¡£

ÈçÉÏÃæµÄ 123456 Óà Md5 ¼ÓÃܺ󣬵õ½µÄ×Ö·û´®£º e10adc3949ba59abbe56e057f20f883e£¬¾ÍÎÞ·¨Í¨¹ý¼ÆËã»¹Ô»Ø 123456£¬ÎÒÃǰÑÕâ¸ö¼ÓÃܵÄ×Ö·û´®±£´æÔÚÊý¾Ý¿âÖУ¬µÈÏ´ÎÓû§µÇ¼ʱÎÒÃǰÑÃÜÂëͨ¹ýͬÑùµÄËã·¨¼ÓÃܺóÔÙ´ÓÊý¾Ý¿âÖÐÈ¡³öÕâ¸ö×Ö·û´®½øÐбȽϣ¬¾ÍÄܹ»ÖªµÀÃÜÂëÊÇ·ñÕýÈ·ÁË£¬ÕâÑù¼È±£ÁôÁËÃÜÂëÑéÖ¤µÄ¹¦ÄÜÓÖ´ó´óÔö¼ÓÁ˰²È«ÐÔ£¬µ«ÊÇÎÊÌâÊÇ£ºËäÈ»ÎÞ·¨Ö±½Óͨ¹ý¼ÆËã·´ÍÆ»ØÃÜÂ룬µ«ÊÇÎÒÃÇÈÔÈ»¿ÉÒÔͨ¹ý¼ÆËãһЩ¼òµ¥µÄÃÜÂë¼ÓÃܺóµÄ Md5 Öµ½øÐбȽϣ¬ÍÆËã³öÔÀ´µÄÃÜÂë
±ÈÈçÎÒµÄÃÜÂëÊÇ 123456£¬ÄãµÄÃÜÂëÒ²ÊÇ£¬Í¨¹ý md5 ¼ÓÃÜÖ®ºóµÄ×Ö·û´®Ò»Ö£¬ËùÒÔÄãÒ²¾ÍÄÜÖªµÀÎÒµÄÃÜÂëÁË£¬Èç¹ûÎÒÃǰѳ£ÓõÄһЩÃÜÂë¶¼×ö md5 ¼ÓÃܵõ½Ò»±¾×ֵ䣬ÄÇô¾Í¿ÉÒԵõ½Ï൱һ²¿·ÖµÄÈËÃÜÂ룬ÕâÒ²¾ÍÏ൱ÓÚ¡°ÆÆ½â¡±ÁËÒ»Ñù£¬ËùÒÔÆäʵҲûÓÐÎÒÃÇÏëÏóÖеÄÄÇô¡°°²È«¡±¡£
¼ÓÑÎ + ¶à´Î¼ÓÃÜ
¼ÈÈ»ÏàͬµÄÃÜÂë md5 Ò»Ñù£¬ÄÇôÎÒÃǾÍÈÃÎÒÃǵÄÔʼÃÜÂëÔÙ¼ÓÒ»¸öËæ»úÊý£¬È»ºóÔÙ½øÐÐ md5 ¼ÓÃÜ£¬Õâ¸öËæ»úÊý¾ÍÊÇÎÒÃÇ˵µÄÑÎ(salt)£¬ÕâÑù´¦ÀíÏÂÀ´¾ÍÄܵõ½²»Í¬µÄ Md5 Öµ£¬µ±È»ÎÒÃÇÐèÒª°ÑÕâ¸öËæ»úÊýÑÎÒ²±£´æ½øÊý¾Ý¿âÖУ¬ÒÔ±ãÎÒÃǽøÐÐÑéÖ¤¡£
ÁíÍâÎÒÃÇ¿ÉÒÔͨ¹ý¶à´Î¼ÓÃܵķ½·¨£¬¼´Ê¹ºÚ¿Íͨ¹ýÒ»¶¨µÄ¼¼ÊõÊÖ¶ÎÄõ½ÁËÎÒÃǵÄÃÜÂë md5 Öµ£¬µ«Ëü²¢²»ÖªµÀÎÒÃǵ½µ×¼ÓÃÜÁ˶àÉٴΣ¬ËùÒÔÕâҲʹµÃÆÆ½â¹¤×÷±äµÃ¼èÄÑ¡£
ÔÚ Shiro ¿ò¼ÜÖУ¬¶ÔÓÚÕâÑùµÄ²Ù×÷ÌṩÁ˼òµ¥µÄ´úÂëʵÏÖ£º
String password
= "123456";
String salt = new SecureRandomNumberGenerator(). nextBytes().toString();
int times = 2; // ¼ÓÃÜ´ÎÊý£º2
String alogrithmName = "md5"; // ¼ÓÃÜËã·¨
String encodePassword = new SimpleHash(alogrithmName,
password, salt, times).toString();
System.out.printf("ÔʼÃÜÂëÊÇ %s , ÑÎÊÇ£º %s,
ÔËËã´ÎÊýÊÇ£º %d, ÔËËã³öÀ´µÄÃÜÎÄÊÇ£º%s ",password,salt,times,encodePassword); |
Êä³ö£º
ÔʼÃÜÂëÊÇ 123456
, ÑÎÊÇ£º f5GQZsuWjnL9z585JjLrbQ==, ÔËËã´ÎÊýÊÇ£º 2, ÔËËã³öÀ´µÄÃÜÎÄÊÇ£º 55fee80f73537cefd6b3c9a920993c25
|
SpringBoot ¼òµ¥ÊµÀý
ͨ¹ýÉÏÃæµÄѧϰ£¬ÎÒÃÇÏÖÔÚÀ´×ÅÊִһ¸ö¼òµ¥µÄʹÓà Shiro ½øÐÐȨÏÞÑéÖ¤ÊÚȨµÄÒ»¸ö¼òµ¥ÏµÍ³
µÚÒ»²½£ºÐ½¨SpringBootÏîÄ¿£¬´î½¨»ù´¡»·¾³
pom°ü£º
<dependency>
<groupId>org.springframework. boot</groupId>
<artifactId>spring-boot- starter-data-jpa</artifactId>
</dependency>
<dependency> <groupId>org.springframework. boot</groupId>
<artifactId>spring-boot-starter -thymeleaf</artifactId>
</dependency>
<dependency> <groupId>org.springframework. boot</groupId>
<artifactId>spring-boot-starter -web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector- java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework. boot</groupId>
<artifactId>spring-boot-starter -test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro </groupId>
<artifactId>shiro-spring </artifactId>
<version>1.4.0</version>
</dependency> |
application.propertiesÎļþ£º
#thymeleaf ÅäÖÃ
spring.thymeleaf.mode=HTML5
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.servlet.content -type=text/html
#»º´æÉèÖÃΪfalse, ÕâÑùÐÞ¸ÄÖ®ºóÂíÉÏÉúЧ£¬±ãÓÚµ÷ÊÔ
spring.thymeleaf.cache=false
#Êý¾Ý¿â
spring.datasource.url=jdbc:mysql: //127.0.0.1:3306 /testdb?useUnicode =true&characterEncoding =utf-8&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.driver-class-name =com.mysql.jdbc.Driver
spring.jpa.properties.hibernate. hbm2ddl.auto=update
#ÏÔʾSQLÓï¾ä
spring.jpa.show-sql=true
#²»¼ÓÏÂÃæÕâ¾äÔò²»»áĬÈÏ´´½¨ MyISAMÒýÇæµÄÊý¾Ý¿â
spring.jpa.database-platform=org. hibernate.dialect.MySQL5InnoDBDialect
#×Ô¼ºÖØÐ´µÄÅäÖÃÀ࣬ĬÈÏʹÓÃutf8±àÂë
spring.jpa.properties.hibernate.dialect =com.wmyskxz.demo.shiro.config.MySQLConfig |
µÚ¶þ²½£ºÐ½¨ÊµÌåÀà
н¨Ò»¸ö¡¾entity¡¿°ü£¬ÔÚÏÂÃæ´´½¨ÒÔÏÂʵÌ壺
Óû§ÐÅÏ¢£º
@Entity
public class UserInfo {
@Id
@GeneratedValue
private Long id; // Ö÷¼ü.
@Column(unique = true)
private String username; // µÇ¼ÕË»§,Ψһ.
private String name; // Ãû³Æ(ÄäÃû»òÕæÊµÐÕÃû),ÓÃÓÚUIÏÔʾ
private String password; // ÃÜÂë.
private String salt; // ¼ÓÃÜÃÜÂëµÄÑÎ
@JsonIgnoreProperties (value = {"userInfos"})
@ManyToMany(fetch = FetchType.EAGER) // Á¢¼´´ÓÊý¾Ý¿âÖнøÐмÓÔØÊý¾Ý
@JoinTable(name = "SysUserRole", joinColumns
= @JoinColumn (name = "uid"), inverseJoinColumns
= @JoinColumn (name = "roleId"))
private List<SysRole> roles; // Ò»¸öÓû§¾ßÓжà¸ö½ÇÉ«
/** getter and setter */
} |
½ÇÉ«ÐÅÏ¢£º
@Entity
public class SysRole {
@Id
@GeneratedValue
private Long id; // Ö÷¼ü.
private String name; // ½ÇÉ«Ãû³Æ,Èç admin/user
private String description; // ½ÇÉ«ÃèÊö,ÓÃÓÚUIÏÔʾ
// ½ÇÉ« -- ȨÏÞ¹ØÏµ£º¶à¶Ô¶à
@JsonIgnoreProperties (value = {"roles"})
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = "SysRolePermission",
joinColumns = {@JoinColumn (name = "roleId")},
inverseJoinColumns = {@JoinColumn (name = "permissionId")})
private List<SysPermission> permissions;
// Óû§ -- ½ÇÉ«¹ØÏµ£º¶à¶Ô¶à
@JsonIgnoreProperties(value = {"roles"})
@ManyToMany
@JoinTable(name = "SysUserRole", joinColumns
= {@JoinColumn(name = "roleId")},
inverseJoinColumns = {@JoinColumn(name = "uid")})
private List<UserInfo> userInfos; // Ò»¸ö½ÇÉ«¶ÔÓ¦¶à¸öÓû§
/** getter and setter */
} |
ȨÏÞÐÅÏ¢£º
@Entity
public class SysPermission {
@Id
@GeneratedValue
private Long id; // Ö÷¼ü.
private String name; // ȨÏÞÃû³Æ,Èç user:select
private String description; // ȨÏÞÃèÊö,ÓÃÓÚUIÏÔʾ
private String url; // ȨÏÞµØÖ·.
@JsonIgnoreProperties (value = {"permissions"})
@ManyToMany
@JoinTable(name = "SysRolePermission",
joinColumns = {@JoinColumn (name = "permissionId")},
inverseJoinColumns = {@JoinColumn (name = "roleId")})
private List<SysRole> roles; // Ò»¸öȨÏÞ¿ÉÒÔ±»¶à¸ö½ÇɫʹÓÃ
/** getter and setter */
} |
×¢Ò⣺ÕâÀïÓÐÒ»¸ö¿Ó£¬»¹²øÁËÎÒÂù¾Ã¸Ð¾õ£¬¾ÍÊǵ±ÎÒÃÇÏëҪʹÓÃRESTful·ç¸ñ·µ»Ø¸øÇ°Ì¨JSONÊý¾ÝµÄʱºò£¬ÕâÀïÓÐÒ»¸ö¹ØÓÚ¶à¶Ô¶àÎÞÏÞÑ»·µÄ¿Ó£¬±ÈÈçµ±ÎÒÃÇÏëÒª·µ»Ø¸øÇ°Ì¨Ò»¸öÓû§ÐÅϢʱ£¬ÓÉÓÚÒ»¸öÓû§ÓµÓжà¸ö½ÇÉ«£¬Ò»¸ö½ÇÉ«ÓÖÓµÓжà¸öȨÏÞ£¬¶øÈ¨ÏÞ¸ú½ÇɫҲÊǶà¶Ô¶àµÄ¹ØÏµ£¬Ò²¾ÍÊÇÔì³ÉÁË ²éÓû§¡ú²é½ÇÉ«¡ú²éȨÏÞ¡ú²é½ÇÉ«¡ú²éÓû§... ÕâÑùµÄÎÞÏÞÑ»·£¬µ¼Ö´«Êä´íÎó£¬ËùÒÔÎÒÃǸù¾ÝÕâÑùµÄÂß¼ÔÚÿһ¸öʵÌåÀà·µ»ØJSONʱʹÓÃÁËÒ»¸ö@JsonIgnoreProperties×¢½â£¬À´Åųý×Ô¼º¶Ô×Ô¼ºÎÞÏßÒýÓõĹý³Ì£¬Ò²¾ÍÊÇ´ò¶ÏÕâÑùµÄÎÞÏÞÑ»·¡£
¸ù¾ÝÒÔÉϵĴúÂë»á×Ô¶¯Éú³Éuser_info£¨Óû§ÐÅÏ¢±í£©¡¢sys_role£¨½ÇÉ«±í£©¡¢sys_permission£¨È¨ÏÞ±í£©¡¢sys_user_role£¨Óû§½ÇÉ«±í£©¡¢sys_role_permission£¨½ÇɫȨÏÞ±í£©ÕâÎåÕÅ±í£¬ÎªÁË·½±ã²âÊÔÎÒÃǸøÕâÎåÕűí²åÈëһЩ³õʼ»¯Êý¾Ý£º
INSERT INTO
`user_info` (`id`,`name`,`password`, `salt`,`username`)
VALUES (1, '¹ÜÀíÔ±',' 951cd60dec2104024949d2e0b2af45ae',
'xbNIxrQfn6COSYn1/GdloA==', 'wmyskxz');
INSERT INTO `sys_permission` (`id`,`description`,`name`,`url`)
VALUES (1,'²éѯÓû§','userInfo: view','/userList');
INSERT INTO `sys_permission` (`id`,`description`,`name`,`url`)
VALUES (2,'Ôö¼ÓÓû§','userInfo: add','/userAdd');
INSERT INTO `sys_permission` (`id`,`description`,`name`,`url`)
VALUES (3,'ɾ³ýÓû§','userInfo: delete','/userDelete');
INSERT INTO `sys_role` (`id`,`description`,`name`)
VALUES (1,'¹ÜÀíÔ±','admin');
INSERT INTO `sys_role_permission` (`permission_id`,`role_id`)
VALUES (1,1);
INSERT INTO `sys_role_permission` (`permission_id`,`role_id`)
VALUES (2,1);
INSERT INTO `sys_user_role` (`role_id`,`uid`)
VALUES (1,1); |
µÚÈý²½£ºÅäÖà Shiro
н¨Ò»¸ö¡¾config¡¿°ü£¬ÔÚÏÂÃæ´´½¨ÒÔÏÂÎļþ£º
MySQLConfig£º
public class
MySQLConfig
extends MySQL5InnoDBDialect{
@Override
public String getTable TypeString(){
return "ENGINE=InnoDB DEFAULT CHARSET=utf8";
}
} |
Õâ¸öÎļþ¹ØÁªµÄÊÇÅäÖÃÎļþÖÐ×îºóÒ»¸öÅäÖã¬ÊÇÈà Hibernate ĬÈÏ´´½¨ InnoDB ÒýÇæ²¢Ä¬ÈÏʹÓà utf-8 ±àÂë
MyShiroRealm£º
public class
MyShiroRealm extends AuthorizingRealm {
@Resource
private UserInfoService userInfoService;
@Override
protected AuthorizationInfo doGet AuthorizationInfo(Principal Collection
principalCollection) {
// ÄܽøÈëÕâÀï˵Ã÷Óû§ÒѾͨ¹ýÑéÖ¤ÁË
UserInfo userInfo = (UserInfo) principalCollection.getPrimaryPrincipal();
SimpleAuthorizationInfo simple AuthorizationInfo
= new Simple AuthorizationInfo();
for (SysRole role : user Info.getRoles()) {
simpleAuthorizationInfo.addRole (role.getName());
for (SysPermission permission : role.getPermissions())
{
simpleAuthorizationInfo.addString Permission(permission.getName());
}
}
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(Authentication Token
authenticationToken) throws AuthenticationException
{
// »ñÈ¡Óû§ÊäÈëµÄÕË»§
String username = (String) authenticationToken.getPrincipal();
System.out.println(authenticationToken. getPrincipal());
// ͨ¹ýusername´ÓÊý¾Ý¿âÖвéÕÒ UserInfo ¶ÔÏó
// ʵ¼ÊÏîÄ¿ÖУ¬ÕâÀï¿ÉÒÔ¸ù¾Ýʵ¼ÊÇé¿ö×ö»º´æ£¬ Èç¹û²»×ö£¬Shiro×Ô¼ºÒ²ÊÇÓÐʱ¼ä¼ä¸ô»úÖÆ£¬ 2·ÖÖÓÄÚ²»»áÖØ¸´Ö´Ðи÷½·¨
UserInfo userInfo = userInfoService. findByUsername(username);
if (null == userInfo) {
return null;
}
SimpleAuthenticationInfo simpleAuthenticationInfo
= new SimpleAuthenticationInfo(
userInfo, // Óû§Ãû
userInfo.getPassword(), // ÃÜÂë
ByteSource.Util.bytes(userInfo.getSalt()), //
salt=username+salt
getName() // realm name
);
return simpleAuthenticationInfo;
}
} |
×Ô¶¨ÒåµÄ Realm £¬·½·¨¸úÉÏÃæµÄÈÏÖ¤ÊÚȨ¹ý³ÌÒ»ÖÂ
ShiroConfig£º
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager
securityManager) {
System.out.println ("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilter FactoryBean
= new Shiro FilterFactoryBean();
shiroFilterFactoryBean. setSecurityManager (securityManager);
// À¹½ØÆ÷.
Map<String, String> filterChainDefinitionMap
= new LinkedHashMap<String, String>();
// ÅäÖò»»á±»À¹½ØµÄÁ´½Ó ˳ÐòÅжÏ
filterChainDefinitionMap.put ("/static/**",
"anon");
// ÅäÖÃÍ˳ö ¹ýÂËÆ÷,ÆäÖеľßÌåµÄ Í˳ö´úÂëShiroÒÑ¾ÌæÎÒÃÇʵÏÖÁË
filterChainDefinitionMap.put ("/logout",
"logout");
// <!-- ¹ýÂËÁ´¶¨Ò壬´ÓÉÏÏòÏÂ˳ÐòÖ´ÐУ¬ Ò»°ã½«/**·ÅÔÚ×îΪÏ屧 -->:ÕâÊÇÒ»¸ö¿ÓÄØ£¬ Ò»²»Ð¡ÐÄ´úÂë¾Í²»ºÃʹÁË;
// <!-- authc:ËùÓÐurl¶¼±ØÐë ÈÏ֤ͨ¹ý²Å¿ÉÒÔ·ÃÎÊ; anon:ËùÓÐurl¶¼¶¼¿ÉÒÔÄäÃû·ÃÎÊ-->
filterChainDefinitionMap.put ("/**",
"authc");
// Èç¹û²»ÉèÖÃĬÈÏ»á×Ô¶¯Ñ°ÕÒWeb ¹¤³Ì¸ùĿ¼ÏµÄ"/login.jsp"Ò³Ãæ
shiroFilterFactoryBean.setLoginUrl ("/login");
// µÇ¼³É¹¦ºóÒªÌø×ªµÄÁ´½Ó
shiroFilterFactoryBean.setSuccessUrl ("/index");
//δÊÚȨ½çÃæ;
shiroFilterFactoryBean. setUnauthorizedUrl("/403");
shiroFilterFactoryBean.set FilterChainDefinitionMap (filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* ƾ֤ƥÅäÆ÷
* £¨ÓÉÓÚÎÒÃǵÄÃÜÂëУÑé½»¸øShiroµÄ SimpleAuthenticationInfo½øÐд¦ÀíÁË£©
*
* @return
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher()
{
HashedCredentialsMatcher hashedCredentialsMatcher
= new HashedCredentialsMatcher();
hashedCredentialsMatcher. setHashAlgorithmName("md5");
// É¢ÁÐËã·¨:ÕâÀïʹÓÃMD5Ëã·¨;
hashedCredentialsMatcher. setHashIterations(2);
// É¢ÁеĴÎÊý£¬±ÈÈçÉ¢ÁÐÁ½´Î£¬ Ï൱ÓÚ md5(md5(""));
return hashedCredentialsMatcher;
}
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
myShiroRealm.setCredentialsMatcher (hashedCredentialsMatcher());
return myShiroRealm;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager =
new DefaultWebSecurityManager();
securityManager.setRealm (myShiroRealm());
return securityManager;
}
/**
* ¿ªÆôshiro aop×¢½âÖ§³Ö.
* ʹÓôúÀí·½Ê½;ËùÒÔÐèÒª¿ªÆô´úÂëÖ§³Ö;
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttribute SourceAdvisor authorization AttributeSourceAdvisor (SecurityManager
securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor
= new AuthorizationAttribute SourceAdvisor();
authorizationAttributeSourceAdvisor. setSecurityManager(securityManager);
return authorizationAttribute SourceAdvisor;
}
@Bean(name = "simpleMappingExceptionResolver")
public SimpleMappingExceptionResolver
createSimpleMappingExceptionResolver(){
SimpleMappingExceptionResolver r = new SimpleMappingExceptionResolver();
Properties mappings = new Properties();
mappings.setProperty("DatabaseException",
"databaseError"); // Êý¾Ý¿âÒì³£´¦Àí
mappings.setProperty ("UnauthorizedException",
"403");
r.setExceptionMappings(mappings); // None by
default
r.setDefaultErrorView("error"); //
No default
r.setExceptionAttribute("ex"); //
Default is "exception"
//r.setWarnLogCategory("example.MvcLogger");
// No default
return r;
}
} |
Apache Shiro µÄºËÐÄͨ¹ý Filter À´ÊµÏÖ£¬¾ÍºÃÏñ SpringMvc ͨ¹ý DispachServlet À´Ö÷¿ØÖÆÒ»Ñù¡£ ¼ÈÈ»ÊÇʹÓà Filter Ò»°ãÒ²¾ÍÄܲµ½£¬ÊÇͨ¹ýURL¹æÔòÀ´½øÐйýÂ˺ÍȨÏÞУÑ飬ËùÒÔÎÒÃÇÐèÒª¶¨ÒåһϵÁйØÓÚURLµÄ¹æÔòºÍ·ÃÎÊȨÏÞ¡£
Filter Chain¶¨Òå˵Ã÷£º
1¡¢Ò»¸öURL¿ÉÒÔÅäÖöà¸öFilter£¬Ê¹ÓöººÅ·Ö¸ô
2¡¢µ±ÉèÖöà¸ö¹ýÂËÆ÷ʱ£¬È«²¿Ñé֤ͨ¹ý£¬²ÅÊÓΪͨ¹ý
3¡¢²¿·Ö¹ýÂËÆ÷¿ÉÖ¸¶¨²ÎÊý£¬Èçperms£¬roles
ShiroÄÚÖõÄFilterChain

anon:ËùÓÐurl¶¼¶¼¿ÉÒÔÄäÃû·ÃÎÊ
authc: ÐèÒªÈÏÖ¤²ÅÄܽøÐзÃÎÊ
user:ÅäÖüÇסÎÒ»òÈÏ֤ͨ¹ý¿ÉÒÔ·ÃÎÊ
µÚËIJ½£º×¼±¸ DAO ²ãºÍ Service ²ã
н¨¡¾dao¡¿°ü£¬ÔÚÏÂÃæ´´½¨¡¾UserInfoDao¡¿½Ó¿Ú£º
public interface
UserInfoDao extends JpaRepository<UserInfo,
Long> {
/** ͨ¹ýusername²éÕÒÓû§ÐÅÏ¢*/
public UserInfo findByUsername (String username);
} |
н¨¡¾service¡¿°ü£¬´´½¨¡¾UserInfoService¡¿½Ó¿Ú£º
public interface
UserInfoService {
/** ͨ¹ýusername²éÕÒÓû§ÐÅÏ¢£»*/
public UserInfo findByUsername (String username);
} |
²¢ÔڸðüÏÂÔÙн¨Ò»¸ö¡¾impl¡¿°ü£¬Ð½¨¡¾UserInfoServiceImpl¡¿ÊµÏÖÀࣺ
@Service
public class UserInfoService
Impl implements UserInfoService{
@Resource
UserInfoDao userInfoDao;
@Override
public UserInfo findByUsername (String username)
{
return userInfoDao.findByUsername (username);
}
} |
µÚÎå²½£ºcontroller²ã
н¨¡¾controller¡¿°ü£¬È»ºóÔÚÏÂÃæ´´½¨ÒÔÏÂÎļþ£º
HomeController£º
@Controller
public class HomeController {
@RequestMapping({"/","/index"})
public String index(){
return"/index";
}
@RequestMapping("/login")
public String login(HttpServlet Request request,
Map<String, Object> map) throws Exception{
System.out.println ("HomeController.login()");
// µÇ¼ʧ°Ü´ÓrequestÖÐ »ñÈ¡shiro´¦ÀíµÄÒì³£ÐÅÏ¢¡£
// shiroLoginFailure: ¾ÍÊÇshiroÒì³£ÀàµÄÈ«ÀàÃû.
String exception = (String) request.getAttribute("shiroLoginFailure");
System.out.println ("exception=" +
exception);
String msg = "";
if (exception != null) {
if (UnknownAccountException.
class.getName().equals(exception)){
System.out.println("UnknownAccount Exception
-- > Õ˺Ų»´æÔÚ£º");
msg = "UnknownAccountException -- >
Õ˺Ų»´æÔÚ£º";
} else if (IncorrectCredentialsException. class.getName().equals(exception))
{
System.out.println("Incorrect CredentialsException
-- > ÃÜÂë²»ÕýÈ·£º");
msg = "IncorrectCredentials Exception --
> ÃÜÂë²»ÕýÈ·£º";
} else if ("kaptchaValidateFailed". equals(exception))
{
System.out.println ("kaptchaValidateFailed
-- > ÑéÖ¤Âë´íÎó");
msg = "kaptchaValidateFailed -->ÑéÖ¤Âë´íÎó";
} else {
msg = "else >> "+exception;
System.out.println("else -- >"
+ exception);
}
}
map.put("msg", msg);
// ´Ë·½·¨²»´¦ÀíµÇ¼³É¹¦,ÓÉshiro½øÐд¦Àí
return "/login";
}
@RequestMapping("/403")
public String unauthorizedRole(){
System.out.println("------ûÓÐȨÏÞ-------");
return "403";
}
} |
ÕâÀï±ßµÄµØÖ·¶ÔÓ¦ÎÒÃÇÔÚÉèÖà Shiro ʱÉèÖõĵØÖ·
UserInfoController£º
@RestController
public class UserInfoController {
@Resource
UserInfoService userInfoService;
/**
* °´usernameÕË»§´ÓÊý¾Ý¿âÖÐÈ¡³öÓû§ÐÅÏ¢
*
* @param username ÕË»§
* @return
*/
@GetMapping("/userList")
@RequiresPermissions("userInfo:view")
// ȨÏÞ¹ÜÀí.
public UserInfo findUserInfoByUsername (@RequestParam
String username) {
return userInfoService.findByUsername (username);
}
/**
* ¼òµ¥Ä£Äâ´ÓÊý¾Ý¿âÌí¼ÓÓû§ÐÅÏ¢³É¹¦
*
* @return
*/
@PostMapping("/userAdd")
@RequiresPermissions("userInfo:add")
public String addUserInfo() {
return "addUserInfo success!";
}
/**
* ¼òµ¥Ä£Äâ´ÓÊý¾Ý¿âɾ³ýÓû§³É¹¦
*
* @return
*/
@DeleteMapping("/userDelete")
@RequiresPermissions("userInfo:delete")
public String deleteUserInfo() {
return "deleteUserInfo success!";
}
} |
µÚÁù²½£º×¼±¸Ò³Ãæ
н¨Èý¸öÒ³ÃæÓÃÀ´²âÊÔ£º
index.html£ºÊ×Ò³
<!DOCTYPE
html>
<head> <meta charset="UTF-8">
<title>Ê×Ò³</title>
</head>
<body>
index - Ê×Ò³
</body>
</html> |
login.html£ºµÇ¼ҳ
<!DOCTYPE
html>
<html xmlns:th= "http://www.w3.org/1999/xhtml">
<head> <meta charset="UTF-8">
<title>µÇ¼ҳ</title>
</head>
<body>
´íÎóÐÅÏ¢£º<h4 th:text="${msg}"></h4>
<form action="" method="post">
<p>Õ˺ţº<input type="text" name="username"
value="wmyskxz"/></p> <p>ÃÜÂ룺<input
type="text" name="password"
value="123456"/></p> <p><input
type="submit" value="怬"/></p>
</form>
</body>
</html> |
403.html£ºÃ»ÓÐȨÏÞµÄÒ³Ãæ
<!DOCTYPE
html>
<head> <meta charset="UTF-8">
<title>403´íÎóÒ³</title>
</head>
<body>
´íÎóÒ³Ãæ
</body>
</html> |
µÚÆß²½£º²âÊÔ
±àдºÃ³ÌÐòºó¾Í¿ÉÒÔÆô¶¯£¬Ê×ÏÈ·ÃÎÊhttp://localhost:8080/userList?username=wmyskxz Ò³Ãæ£¬ÓÉÓÚûÓеǼ¾Í»áÌø×ªµ½ÎÒÃÇÅäÖúõÄhttp://localhost:8080/loginÒ³Ãæ¡£µÇ½֮ºó¾Í»á¿´µ½ÕýÈ··µ»ØµÄJSONÊý¾Ý£¬ÉÏÃæÕâЩ²Ù×÷ʱºò´¥·¢MyShiroRealm.doGetAuthenticationInfo()Õâ¸ö·½·¨£¬Ò²¾ÍÊǵǼÈÏÖ¤µÄ·½·¨¡£
µÇ¼֮ºó£¬ÎÒÃÇ»¹ÄÜ·ÃÎÊhttp://localhost:8080/userAddÒ³Ãæ£¬ÒòΪÎÒÃÇÔÚÊý¾Ý¿âÖÐÌáǰÅäÖúÃÁËȨÏÞ£¬Äܹ»¿´µ½ÕýÈ··µ»ØµÄÊý¾Ý£¬µ«ÊÇÎÒÃÇ·ÃÎÊhttp://localhost:8080/userDeleteʱ£¬¾Í»á·µ»Ø´íÎóÒ³Ãæ.
×¢Ò⣺ÒÔÉϲâÊÔÐèÒªÔÚREST¹¤¾ßÖвâÊÔ£¬ÒòΪÔÚController²ãÖÐÅäÖÃÁË·½·¨£¬´ó¼ÒÒ²¿ÉÒÔ²»ÓÃREST·ç¸ñÀ´²âÊÔһϿ´¿´£¡
|