Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓÆµ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Model Center   Code  
»áÔ±   
   
 
     
   
 ¶©ÔÄ
  ¾èÖú
Shiro°²È«¿ò¼Ü¡¾¿ìËÙÈëÃÅ¡¿
 
×÷ÕߣºÎÒûÓÐÈý¿ÅÐÄÔà
  1690  次浏览      30
 2019-12-31
 
±à¼­ÍƼö:
±¾ÎÄ×ÛÊöÁËApache Shiro Features ÌØÐÔ£¬High-Level Overview ¸ß¼¶¸ÅÊö¡¢Shiro ÈÏÖ¤¹ý³Ì,Ï£Íû¶ÔÄúÓÐËù°ïÖú
±¾ÎÄÀ´×ÔÓÚ¼òÊ飬ÓÉ»ðÁú¹ûÈí¼þDelores±à¼­¡¢ÍƼö¡£

Shiro ¼ò½é

ÕÕÀýÓÖÈ¥¹ÙÍø°ÇÁ˰ǽéÉÜ£º

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro¡¯s easy-to-understand API, you can quickly and easily secure any application ¨C from the smallest mobile applications to the largest web and enterprise applications. Apache ShiroÊÇÒ»¸öÇ¿´óÇÒÒ×ÓõÄJava°²È«¿ò¼Ü,Äܹ»ÓÃÓÚÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢¼ÓÃܺͻỰ¹ÜÀí¡£ShiroÓµÓÐÒ×ÓÚÀí½âµÄAPI,Äú¿ÉÒÔ¿ìËÙ¡¢ÇáËɵػñµÃÈκÎÓ¦ÓóÌÐò¡ª¡ª´Ó×îСµÄÒÆ¶¯Ó¦ÓóÌÐòµ½×î´óµÄÍøÂçºÍÆóÒµÓ¦ÓóÌÐò¡£

¼ò¶øÑÔÖ®£¬Apache Shiro ÊÇÒ»¸öÇ¿´óÁé»îµÄ¿ªÔ´°²È«¿ò¼Ü£¬¿ÉÒÔÍêÈ«´¦ÀíÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢¼ÓÃܺͻỰ¹ÜÀí¡£

ShiroÄܵ½µ×ÄÜ×öÐ©Ê²Ã´ÄØ£¿

ÑéÖ¤Óû§Éí·Ý

Óû§·ÃÎÊȨÏÞ¿ØÖÆ£¬±ÈÈ磺1¡¢ÅжÏÓû§ÊÇ·ñ·ÖÅäÁËÒ»¶¨µÄ°²È«½ÇÉ«¡£2¡¢ÅжÏÓû§ÊÇ·ñ±»ÊÚÓèÍê³Éij¸ö²Ù×÷µÄȨÏÞ

ÔÚ·Ç Web »ò EJB ÈÝÆ÷µÄ»·¾³Ï¿ÉÒÔÈÎÒâʹÓÃSession API

¿ÉÒÔÏìÓ¦ÈÏÖ¤¡¢·ÃÎÊ¿ØÖÆ£¬»òÕß Session ÉúÃüÖÜÆÚÖз¢ÉúµÄʼþ

¿É½«Ò»¸ö»òÒÔÉÏÓû§°²È«Êý¾ÝÔ´Êý¾Ý×éºÏ³ÉÒ»¸ö¸´ºÏµÄÓû§ ¡°view¡±(ÊÓͼ)

Ö§³Öµ¥µãµÇ¼(SSO)¹¦ÄÜ

Ö§³ÖÌṩ¡°Remember Me¡±·þÎñ£¬»ñÈ¡Óû§¹ØÁªÐÅÏ¢¶øÎÞÐèµÇ¼

ΪʲôÊÇ Shiro£¿

ʹÓà Shiro ¹Ù·½¸øÁËÐí¶àÁîÈËÐÅ·þµÄÔ­Òò£¬ÒòΪ Shiro ¾ßÓÐÒÔϼ¸¸öÌØµã£º

Ò×ÓÚʹÓ᪡ªÒ×ÓÃÐÔÊÇÏîÄ¿µÄ×îÖÕÄ¿±ê¡£Ó¦ÓóÌÐò°²È«·Ç³£ÁîÈËÀ§»óºÍ¾ÚÉ¥,±»ÈÏΪÊÇ¡°²»¿É±ÜÃâµÄÔÖÄÑ¡±¡£Èç¹ûÄãÈÃËü¼ò»¯µ½ÐÂÊÖ¶¼¿ÉÒÔʹÓÃËü,Ëü¾Í½«²»ÔÙÊÇÒ»ÖÖÍ´¿àÁË¡£

È«Ãæ¡ª¡ªÃ»ÓÐÆäËû°²È«¿ò¼ÜµÄ¿í¶È·¶Î§¿ÉÒÔͬApache ShiroÒ»Ñù,Ëü¿ÉÒÔ³ÉΪÄãµÄ¡°Ò»Õ¾Ê½¡±ÎªÄúµÄ°²È«ÐèÇóÌṩ±£ÕÏ¡£

Áé»î¡ª¡ªApache Shiro¿ÉÒÔÔÚÈκÎÓ¦ÓóÌÐò»·¾³Öй¤×÷¡£ËäÈ»ÔÚÍøÂ繤×÷¡¢EJBºÍIoC»·¾³ÖпÉÄܲ¢²»ÐèÒªËü¡£µ«ShiroµÄÊÚȨҲûÓÐÈκι淶,ÉõÖÁûÓÐÐí¶àÒÀÀµ¹ØÏµ¡£

WebÖ§³Ö¡ª¡ªApache ShiroÓµÓÐÁîÈËÐ˷ܵÄwebÓ¦ÓóÌÐòÖ§³Ö,ÔÊÐíÄú»ùÓÚÓ¦ÓóÌÐòµÄurl´´½¨Áé»îµÄ°²È«²ßÂÔºÍÍøÂçЭÒé(ÀýÈçREST),ͬʱ»¹Ìṩһ×éJSP¿â¿ØÖÆÒ³ÃæÊä³ö¡£

µÍñîºÏ¡ª¡ªShiro¸É¾»µÄAPIºÍÉè¼ÆÄ£Ê½Ê¹ËüÈÝÒ×ÓëÐí¶àÆäËû¿ò¼ÜºÍÓ¦ÓóÌÐò¼¯³É¡£Äã»á¿´µ½ShiroÎÞ·ìµØ¼¯³ÉSpringÕâÑùµÄ¿ò¼Ü, ÒÔ¼°Grails, Wicket, Tapestry, Mule, Apache Camel, Vaadin...µÈ¡£

±»¹ã·ºÖ§³Ö¡ª¡ªApache ShiroÊÇApacheÈí¼þ»ù½ð»áµÄÒ»²¿·Ö¡£ÏîÄ¿¿ª·¢ºÍÓû§×é¶¼ÓÐÓѺõÄÍøÃñÔ¸Òâ°ïÖú¡£ÕâÑùµÄÉÌÒµ¹«Ë¾Èç¹ûÐèÒªKatasoft»¹ÌṩרҵµÄÖ§³ÖºÍ·þÎñ¡£

Apache Shiro Features ÌØÐÔ

Apache ShiroÊÇÒ»¸öÈ«ÃæµÄ¡¢Ô̺¬·á¸»¹¦Äܵݲȫ¿ò¼Ü¡£ÏÂͼΪÃèÊöShiro¹¦ÄܵĿò¼Üͼ£º

Authentication£¨ÈÏÖ¤£©, Authorization£¨ÊÚȨ£©, Session Management£¨»á»°¹ÜÀí£©, Cryptography£¨¼ÓÃÜ£©±» Shiro ¿ò¼ÜµÄ¿ª·¢ÍŶӳÆÖ®ÎªÓ¦Óð²È«µÄËÄ´ó»ùʯ¡£ÄÇô¾ÍÈÃÎÒÃÇÀ´¿´¿´ËüÃǰɣº

Authentication£¨ÈÏÖ¤£©£ºÓû§Éí·Ýʶ±ð£¬Í¨³£±»³ÆÎªÓû§¡°µÇ¼¡±

Authorization£¨ÊÚȨ£©£º·ÃÎÊ¿ØÖÆ¡£±ÈÈçij¸öÓû§ÊÇ·ñ¾ßÓÐij¸ö²Ù×÷µÄʹÓÃȨÏÞ¡£

Session Management£¨»á»°¹ÜÀí£©£ºÌض¨ÓÚÓû§µÄ»á»°¹ÜÀí,ÉõÖÁÔÚ·Çweb »ò EJB Ó¦ÓóÌÐò¡£

Cryptography£¨¼ÓÃÜ£©£ºÔÚ¶ÔÊý¾ÝԴʹÓüÓÃÜËã·¨¼ÓÃܵÄͬʱ£¬±£Ö¤Ò×ÓÚʹÓá£

»¹ÓÐÆäËûµÄ¹¦ÄÜÀ´Ö§³ÖºÍ¼ÓÇ¿ÕâЩ²»Í¬Ó¦Óû·¾³Ï°²È«ÁìÓòµÄ¹Ø×¢µã¡£ÌرðÊǶÔÒÔÏµĹ¦ÄÜÖ§³Ö£º

WebÖ§³Ö£ºShiroµÄWebÖ§³ÖAPIÓÐÖúÓÚ±£»¤WebÓ¦ÓóÌÐò¡£

»º´æ£º»º´æÊÇApache Shiro APIÖеĵÚÒ»¼¶£¬ÒÔÈ·±£°²È«²Ù×÷±£³Ö¿ìËٺ͸ßЧ¡£

²¢·¢ÐÔ£ºApache ShiroÖ§³Ö¾ßÓв¢·¢¹¦ÄܵĶàÏß³ÌÓ¦ÓóÌÐò¡£

²âÊÔ£º´æÔÚ²âÊÔÖ§³Ö£¬¿É°ïÖúÄú±àдµ¥Ôª²âÊԺͼ¯³É²âÊÔ£¬²¢È·±£´úÂë°´Ô¤ÆÚµÃµ½±£ÕÏ¡£

¡°ÔËÐз½Ê½¡±£ºÔÊÐíÓû§³Ðµ£ÁíÒ»¸öÓû§µÄÉí·Ý(Èç¹ûÔÊÐí)µÄ¹¦ÄÜ£¬ÓÐʱÔÚ¹ÜÀí·½°¸ÖкÜÓÐÓá£

¡°¼ÇסÎÒ¡±£º¼ÇסÓû§ÔڻỰÖеÄÉí·Ý£¬ËùÒÔÓû§Ö»ÐèÒªÇ¿ÖÆµÇ¼¼´¿É¡£

×¢Ò⣺ Shiro²»»áȥά»¤Óû§¡¢Î¬»¤È¨ÏÞ£¬ÕâЩÐèÒªÎÒÃÇ×Ô¼ºÈ¥Éè¼Æ/Ìṩ£¬È»ºóͨ¹ýÏàÓ¦µÄ½Ó¿Ú×¢Èë¸øShiro

High-Level Overview ¸ß¼¶¸ÅÊö

ÔÚ¸ÅÄî²ã£¬Shiro ¼Ü¹¹°üº¬Èý¸öÖ÷ÒªµÄÀíÄSubject,SecurityManagerºÍ Realm¡£ÏÂÃæµÄͼչʾÁËÕâЩ×é¼þÈçºÎÏ໥×÷Óã¬ÎÒÃǽ«ÔÚÏÂÃæÒÀ´Î¶ÔÆä½øÐÐÃèÊö¡£

Subject£ºµ±Ç°Óû§£¬Subject ¿ÉÒÔÊÇÒ»¸öÈË£¬µ«Ò²¿ÉÒÔÊǵÚÈý·½·þÎñ¡¢ÊØ»¤½ø³ÌÕÊ»§¡¢Ê±ÖÓÊØ»¤ÈÎÎñ»òÕ߯äËü¨Cµ±Ç°ºÍÈí¼þ½»»¥µÄÈκÎʼþ¡£

SecurityManager£º¹ÜÀíËùÓÐSubject£¬SecurityManager ÊÇ Shiro ¼Ü¹¹µÄºËÐÄ£¬ÅäºÏÄÚ²¿°²È«×é¼þ¹²Í¬×é³É°²È«É¡¡£

Realms£ºÓÃÓÚ½øÐÐȨÏÞÐÅÏ¢µÄÑéÖ¤£¬ÎÒÃÇ×Ô¼ºÊµÏÖ¡£Realm ±¾ÖÊÉÏÊÇÒ»¸öÌØ¶¨µÄ°²È« DAO£ºËü·â×°ÓëÊý¾ÝÔ´Á¬½ÓµÄϸ½Ú£¬µÃµ½Shiro ËùÐèµÄÏà¹ØµÄÊý¾Ý¡£ÔÚÅäÖà Shiro µÄʱºò£¬Äã±ØÐëÖ¸¶¨ÖÁÉÙÒ»¸öRealm À´ÊµÏÖÈÏÖ¤£¨authentication£©ºÍ/»òÊÚȨ£¨authorization£©¡£

ÎÒÃÇÐèҪʵÏÖRealmsµÄAuthentication ºÍ Authorization¡£ÆäÖÐ Authentication ÊÇÓÃÀ´ÑéÖ¤Óû§Éí·Ý£¬Authorization ÊÇÊÚȨ·ÃÎÊ¿ØÖÆ£¬ÓÃÓÚ¶ÔÓû§½øÐеIJÙ×÷ÊÚȨ£¬Ö¤Ã÷¸ÃÓû§ÊÇ·ñÔÊÐí½øÐе±Ç°²Ù×÷£¬Èç·ÃÎÊij¸öÁ´½Ó£¬Ä³¸ö×ÊÔ´ÎļþµÈ¡£

Shiro ÈÏÖ¤¹ý³Ì

ÉÏͼչʾÁË Shiro ÈÏÖ¤µÄÒ»¸öÖØÒªµÄ¹ý³Ì£¬ÎªÁ˼ÓÉîÎÒÃǵÄÓ¡Ïó£¬ÎÒÃÇÀ´×Ô¼º¶¯ÊÖÀ´Ð´Ò»¸öÀý×Ó£¬À´Ñé֤һϣ¬Ê×ÏÈÎÒÃÇн¨Ò»¸öMaven¹¤³Ì£¬È»ºóÔÚpom.xmlÖÐÒýÈëÏà¹ØÒÀÀµ£º

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>

н¨Ò»¸ö¡¾AuthenticationTest¡¿²âÊÔÀࣺ

import org.apache.shiro.
SecurityUtils;
import org.apache.shiro.
authc.UsernamePasswordToken;
import org.apache.shiro.
mgt.DefaultSecurityManager;
import org.apache.shiro.
realm.SimpleAccountRealm;
import org.apache.shiro.
subject.Subject;
import org.junit.Before;
import org.junit.Test;
public class AuthenticationTest{
SimpleAccountRealm simple
AccountRealm = new
SimpleAccountRealm();
@Before // ÔÚ·½·¨¿ªÊ¼Ç°Ìí¼ÓÒ»¸öÓû§
public void addUser() {
simpleAccountRealm.addAccount
("wmyskxz", "123456");
}
@Test
public void testAuthentication(){
// 1.¹¹½¨SecurityManager»·¾³
DefaultSecurityManager
defaultSecurityManager
= new DefaultSecurityManager();
defaultSecurityManager.setRealm
(simpleAccountRealm);
// 2.Ö÷ÌåÌá½»ÈÏÖ¤ÇëÇó
SecurityUtils.setSecurityManager
(defaultSecurityManager);
// ÉèÖÃSecurityManager»·¾³
Subject subject = SecurityUtils.
getSubject(); // »ñÈ¡µ±Ç°Ö÷Ìå
UsernamePasswordToken token = new
UsernamePasswordToken
("wmyskxz", "123456");
subject.login(token); // 怬
// subject.isAuthenticated()·½·¨
·µ»ØÒ»¸öbooleanÖµ,ÓÃÓÚÅжÏÓû§
ÊÇ·ñÈÏÖ¤³É¹¦
System.out.println("isAuthenticated:" + subject.isAuthenticated()); // Êä³ötrue
subject.logout(); // µÇ³ö
System.out.println("isAuthenticated:" + subject.isAuthenticated());//Êä³öfalse
}
}

ÔËÐÐÖ®ºó¿ÉÒÔ¿´µ½Ô¤ÏëÖеÄЧ¹û£¬ÏÈÊä³öisAuthenticated:true±íʾµÇ¼ÈÏÖ¤³É¹¦£¬
È»ºóÔÙÊä³öisAuthenticated:false±íʾÈÏ֤ʧ°ÜÍ˳öµÇ¼£¬ÔÙÀ´Ò»ÕÅͼ¼ÓÉîÒ»ÏÂÓ¡Ïó£º

Á÷³ÌÈçÏ£º

Ê×Ïȵ÷Óà Subject.login(token) ½øÐеǼ£¬Æä»á×Ô¶¯Î¯Íиø Security Manager£¬µ÷ÓÃ֮ǰ±ØÐëͨ¹ý SecurityUtils.setSecurityManager() ÉèÖã»

SecurityManager ¸ºÔðÕæÕýµÄÉí·ÝÑéÖ¤Âß¼­£»Ëü»áίÍиø Authenticator ½øÐÐÉí·ÝÑéÖ¤£»

Authenticator ²ÅÊÇÕæÕýµÄÉí·ÝÑéÖ¤Õߣ¬Shiro API ÖкËÐĵÄÉí·ÝÈÏÖ¤Èë¿Úµã£¬´Ë´¦¿ÉÒÔ×Ô¶¨Òå²åÈë×Ô¼ºµÄʵÏÖ£»

Authenticator ¿ÉÄÜ»áίÍиøÏàÓ¦µÄ AuthenticationStrategy ½øÐжà Realm Éí·ÝÑéÖ¤£¬Ä¬ÈÏ
ModularRealmAuthenticator »áµ÷Óà AuthenticationStrategy ½øÐжà Realm Éí·ÝÑéÖ¤£»

Authenticator »á°ÑÏàÓ¦µÄ token ´«Èë Realm£¬´Ó Realm »ñÈ¡Éí·ÝÑéÖ¤ÐÅÏ¢£¬Èç¹ûûÓзµ»Ø / Å׳öÒì³£±íʾÉí·ÝÑé֤ʧ°ÜÁË¡£´Ë´¦¿ÉÒÔÅäÖöà¸ö Realm£¬½«°´ÕÕÏàÓ¦µÄ˳Ðò¼°²ßÂÔ½øÐзÃÎÊ¡£

Shiro ÊÚȨ¹ý³Ì

¸úÈÏÖ¤¹ý³Ì´óÖÂÏàËÆ£¬ÏÂÃæÎÒÃÇÈÔȻͨ¹ý´úÂëÀ´ÊìϤһϹý³Ì£¨ÒýÈë°üÀàËÆÕâÀï½ÚԼƪ·ù¾Í²»Ìù³öÀ´ÁË£©£º

public class AuthenticationTest{
SimpleAccountRealm simple
AccountRealm = new SimpleAccountRealm();
@Before // ÔÚ·½·¨¿ªÊ¼Ç°Ìí¼ÓÒ»¸öÓû§,
ÈÃËü¾ß±¸adminºÍuserÁ½¸ö½ÇÉ«
public void addUser() {
simpleAccountRealm.addAccount
("wmyskxz", "123456", "admin", "user");
}


@Test
public void testAuthentication(){
// 1.¹¹½¨SecurityManager»·¾³
DefaultSecurityManager
defaultSecurityManager
= new DefaultSecurityManager();
defaultSecurityManager.setRealm
(simpleAccountRealm);
// 2.Ö÷ÌåÌá½»ÈÏÖ¤ÇëÇó
SecurityUtils.setSecurityManager
(defaultSecurityManager);
// ÉèÖÃSecurityManager»·¾³
Subject subject = SecurityUtils.
getSubject(); // »ñÈ¡µ±Ç°Ö÷Ìå
UsernamePasswordToken token = new
UsernamePasswordToken("wmyskxz", "123456");
subject.login(token); // 怬
// subject.isAuthenticated()·½·¨
·µ»ØÒ»¸öbooleanÖµ,ÓÃÓÚÅжÏÓû§ÊÇ·ñÈÏÖ¤³É¹¦
System.out.println("isAuthenticated:" + subject.isAuthenticated()); // Êä³ötrue
// ÅжÏsubjectÊÇ·ñ¾ßÓÐadminºÍuser
Á½¸ö½ÇɫȨÏÞ,ÈçûÓÐÔò»á±¨´í
subject.checkRoles("admin","user");
// subject.checkRole("xxx"); // ±¨´í
}
}

ÔËÐвâÊÔ£¬Äܹ»ÕýÈ·¿´µ½Ð§¹û¡£

×Ô¶¨Òå Realm

´ÓÉÏÃæÎÒÃÇÁ˽⵽ʵ¼Ê½øÐÐȨÏÞÐÅÏ¢ÑéÖ¤µÄÊÇÎÒÃÇµÄ Realm£¬Shiro ¿ò¼ÜÄÚ²¿Ä¬ÈÏÌṩÁËÁ½ÖÖʵÏÖ£¬Ò»ÖÖÊDzéѯ.iniÎļþµÄIniRealm£¬ÁíÒ»ÖÖÊDzéѯÊý¾Ý¿âµÄJdbcRealm£¬ÕâÁ½ÖÖÀ´Ëµ¶¼Ïà¶Ô¼òµ¥£¬¸ÐÐËȤµÄ¿ÉÒÔÈ¥¡¾ÕâÀï¡¿ÃéÁ½ÑÛ£¬ÎÒÃÇ×ÅÖØ¾ÍÀ´½éÉܽéÉÜ×Ô¶¨ÒåʵÏÖµÄ Realm °É¡£

ÓÐÁËÉÏÃæµÄ¶ÔÈÏÖ¤ºÍÊÚȨµÄÀí½â£¬ÎÒÃÇÏÈÔÚºÏÊʵİüÏ´´½¨Ò»¸ö¡¾MyRealm¡¿À࣬¼Ì³Ð Shirot ¿ò¼ÜµÄ AuthorizingRealm À࣬²¢ÊµÏÖĬÈϵÄÁ½¸ö·½·¨£º

package com.wmyskxz.demo.realm;
import org.apache.shiro.authc.*;
import org.apache.shiro.realm.
AuthorizingRealm;
import org.apache.shiro.subject.
PrincipalCollection;
import java.util.*;
public class MyRealm extends
AuthorizingRealm {
/**
* Ä£ÄâÊý¾Ý¿âÊý¾Ý
*/
Map<String, String> userMap
= new HashMap<>(16);
{
userMap.put("wmyskxz", "123456");
super.setName("myRealm");
// ÉèÖÃ×Ô¶¨ÒåRealmµÄÃû³Æ£¬
ȡʲôÎÞËùν..
}
/**
* ÊÚȨ
*
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo
doGetAuthorizationInfo
(PrincipalCollection
principalCollection) {
String userName = (String)
principalCollection.get
PrimaryPrincipal();
// ´ÓÊý¾Ý¿â»ñÈ¡½ÇÉ«ºÍȨÏÞÊý¾Ý
Set<String> roles =
getRolesByUserName(userName);
Set<String> permissions =
getPermissionsByUserName(userName);


SimpleAuthorizationInfo simple
AuthorizationInfo = new Simple
AuthorizationInfo();
simpleAuthorizationInfo.setString
Permissions(permissions);
simpleAuthorizationInfo.setRoles(roles);
return simpleAuthorizationInfo;
}
/**
* Ä£Äâ´ÓÊý¾Ý¿âÖлñȡȨÏÞÊý¾Ý
*
* @param userName
* @return
*/
private Set<String> getPermissions
ByUserName(String userName) {
Set<String> permissions
= new HashSet<>();
permissions.add("user:delete");
permissions.add("user:add");
return permissions;
}
/**
* Ä£Äâ´ÓÊý¾Ý¿âÖлñÈ¡½ÇÉ«Êý¾Ý
*
* @param userName
* @return
*/
private Set<String> getRolesBy
UserName(String userName) {
Set<String> roles = new HashSet<>();
roles.add("admin");
roles.add("user");
return roles;
}
/**
* ÈÏÖ¤
*
* @param authenticationToken
Ö÷Ìå´«¹ýÀ´µÄÈÏÖ¤ÐÅÏ¢
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo
doGetAuthenticationInfo
(AuthenticationToken
authenticationToken) throws
AuthenticationException {
// 1.´ÓÖ÷Ìå´«¹ýÀ´µÄÈÏÖ¤ÐÅÏ¢ÖУ¬
»ñµÃÓû§Ãû
String userName = (String)
authenticationToken.getPrincipal();


// 2.ͨ¹ýÓû§Ãûµ½Êý¾Ý¿âÖлñȡƾ֤
String password = getPassword
ByUserName(userName);
if (password == null) {
return null;
}
SimpleAuthenticationInfo
authenticationInfo = new Simple
AuthenticationInfo
("wmyskxz", password, "myRealm");
return authenticationInfo;
}
/**
* Ä£Äâ´ÓÊý¾Ý¿âȡƾ֤µÄ¹ý³Ì
*
* @param userName
* @return
*/
private String getPasswordBy
UserName(String userName) {
return userMap.get(userName);
}
}

È»ºóÎÒÃDZàд²âÊÔÀ࣬À´ÑéÖ¤ÊÇ·ñÕýÈ·£º

import com.wmyskxz.demo.
realm.MyRealm;
import org.apache.shiro.
SecurityUtils;
import org.apache.shiro.
authc.UsernamePasswordToken;
import org.apache.shiro.
mgt.DefaultSecurityManager;
import org.apache.shiro.
subject.Subject;
import org.junit.Test;
public class AuthenticationTest{
@Test
public void testAuthentication(){
MyRealm myRealm = new MyRealm();
// ʵÏÖ×Ô¼ºµÄ Realm ʵÀý
// 1.¹¹½¨SecurityManager»·¾³
DefaultSecurityManager default
SecurityManager = new
DefaultSecurityManager();
defaultSecurityManager.setRealm
(myRealm);
// 2.Ö÷ÌåÌá½»ÈÏÖ¤ÇëÇó
SecurityUtils.setSecurityManager
(defaultSecurityManager);
// ÉèÖÃSecurityManager»·¾³
Subject subject = SecurityUtils.
getSubject(); // »ñÈ¡µ±Ç°Ö÷Ìå
UsernamePasswordToken token = new
UsernamePasswordToken("wmyskxz", "123456");
subject.login(token); // 怬
// subject.isAuthenticated()·½·¨
·µ»ØÒ»¸öbooleanÖµ,ÓÃÓÚÅжÏÓû§ÊÇ·ñÈÏÖ¤³É¹¦
System.out.println("isAuthenticated:" + subject.isAuthenticated()); // Êä³ötrue
// ÅжÏsubjectÊÇ·ñ¾ßÓÐadminºÍuser
Á½¸ö½ÇɫȨÏÞ,ÈçûÓÐÔò»á±¨´í
subject.checkRoles("admin", "user");
// subject.checkRole("xxx"); // ±¨´í
// ÅжÏsubjectÊÇ·ñ¾ßÓÐuser:addȨÏÞ
subject.checkPermission("user:add");
}
}

ÔËÐвâÊÔ£¬ÍêÃÀ¡£

Shiro ¼ÓÃÜ

ÔÚ֮ǰµÄѧϰÖУ¬ÎÒÃÇÔÚÊý¾Ý¿âÖб£´æµÄÃÜÂë¶¼ÊÇÃ÷Îĵģ¬Ò»µ©Êý¾Ý¿âÊý¾Ýй¶£¬ÄǾͻáÔì³É²»¿É¹ÀËãµÄËðʧ£¬ËùÒÔÎÒÃÇͨ³£¶¼»áʹÓ÷ǶԳƼÓÃÜ£¬¼òµ¥Àí½âÒ²¾ÍÊDz»¿ÉÄæµÄ¼ÓÃÜ£¬¶ø md5 ¼ÓÃÜËã·¨¾ÍÊÇ·ûºÏÕâÑùµÄÒ»ÖÖËã·¨¡£

ÈçÉÏÃæµÄ 123456 Óà Md5 ¼ÓÃܺ󣬵õ½µÄ×Ö·û´®£º
e10adc3949ba59abbe56e057f20f883e£¬¾ÍÎÞ·¨Í¨¹ý¼ÆË㻹ԭ»Ø 123456£¬ÎÒÃǰÑÕâ¸ö¼ÓÃܵÄ×Ö·û´®±£´æÔÚÊý¾Ý¿âÖУ¬µÈÏ´ÎÓû§µÇ¼ʱÎÒÃǰÑÃÜÂëͨ¹ýͬÑùµÄËã·¨¼ÓÃܺóÔÙ´ÓÊý¾Ý¿âÖÐÈ¡³öÕâ¸ö×Ö·û´®½øÐбȽϣ¬¾ÍÄܹ»ÖªµÀÃÜÂëÊÇ·ñÕýÈ·ÁË£¬ÕâÑù¼È±£ÁôÁËÃÜÂëÑéÖ¤µÄ¹¦ÄÜÓÖ´ó´óÔö¼ÓÁ˰²È«ÐÔ£¬µ«ÊÇÎÊÌâÊÇ£ºËäÈ»ÎÞ·¨Ö±½Óͨ¹ý¼ÆËã·´ÍÆ»ØÃÜÂ룬µ«ÊÇÎÒÃÇÈÔÈ»¿ÉÒÔͨ¹ý¼ÆËãһЩ¼òµ¥µÄÃÜÂë¼ÓÃܺóµÄ Md5 Öµ½øÐбȽϣ¬ÍÆËã³öÔ­À´µÄÃÜÂë

±ÈÈçÎÒµÄÃÜÂëÊÇ 123456£¬ÄãµÄÃÜÂëÒ²ÊÇ£¬Í¨¹ý md5 ¼ÓÃÜÖ®ºóµÄ×Ö·û´®Ò»Ö£¬ËùÒÔÄãÒ²¾ÍÄÜÖªµÀÎÒµÄÃÜÂëÁË£¬Èç¹ûÎÒÃǰѳ£ÓõÄһЩÃÜÂë¶¼×ö md5 ¼ÓÃܵõ½Ò»±¾×ֵ䣬ÄÇô¾Í¿ÉÒԵõ½Ï൱һ²¿·ÖµÄÈËÃÜÂ룬ÕâÒ²¾ÍÏ൱ÓÚ¡°ÆÆ½â¡±ÁËÒ»Ñù£¬ËùÒÔÆäʵҲûÓÐÎÒÃÇÏëÏóÖеÄÄÇô¡°°²È«¡±¡£

¼ÓÑÎ + ¶à´Î¼ÓÃÜ

¼ÈÈ»ÏàͬµÄÃÜÂë md5 Ò»Ñù£¬ÄÇôÎÒÃǾÍÈÃÎÒÃǵÄԭʼÃÜÂëÔÙ¼ÓÒ»¸öËæ»úÊý£¬È»ºóÔÙ½øÐÐ md5 ¼ÓÃÜ£¬Õâ¸öËæ»úÊý¾ÍÊÇÎÒÃÇ˵µÄÑÎ(salt)£¬ÕâÑù´¦ÀíÏÂÀ´¾ÍÄܵõ½²»Í¬µÄ Md5 Öµ£¬µ±È»ÎÒÃÇÐèÒª°ÑÕâ¸öËæ»úÊýÑÎÒ²±£´æ½øÊý¾Ý¿âÖУ¬ÒÔ±ãÎÒÃǽøÐÐÑéÖ¤¡£

ÁíÍâÎÒÃÇ¿ÉÒÔͨ¹ý¶à´Î¼ÓÃܵķ½·¨£¬¼´Ê¹ºÚ¿Íͨ¹ýÒ»¶¨µÄ¼¼ÊõÊÖ¶ÎÄõ½ÁËÎÒÃǵÄÃÜÂë md5 Öµ£¬µ«Ëü²¢²»ÖªµÀÎÒÃǵ½µ×¼ÓÃÜÁ˶àÉٴΣ¬ËùÒÔÕâҲʹµÃÆÆ½â¹¤×÷±äµÃ¼èÄÑ¡£

ÔÚ Shiro ¿ò¼ÜÖУ¬¶ÔÓÚÕâÑùµÄ²Ù×÷ÌṩÁ˼òµ¥µÄ´úÂëʵÏÖ£º

String password = "123456";
String salt = new
SecureRandomNumberGenerator().
nextBytes().toString();
int times = 2; // ¼ÓÃÜ´ÎÊý£º2
String alogrithmName = "md5";
// ¼ÓÃÜËã·¨
String encodePassword = new
SimpleHash(alogrithmName,
password, salt, times).toString();
System.out.printf("ԭʼÃÜÂëÊÇ %s ,
ÑÎÊÇ£º %s, ÔËËã´ÎÊýÊÇ£º
%d, ÔËËã³öÀ´µÄÃÜÎÄÊÇ£º%s
",password,salt,times,encodePassword);

Êä³ö£º

ԭʼÃÜÂëÊÇ 123456 , ÑÎÊÇ£º
f5GQZsuWjnL9z585JjLrbQ==,
ÔËËã´ÎÊýÊÇ£º 2, ÔËËã³öÀ´µÄÃÜÎÄÊÇ£º
55fee80f73537cefd6b3c9a920993c25

SpringBoot ¼òµ¥ÊµÀý

ͨ¹ýÉÏÃæµÄѧϰ£¬ÎÒÃÇÏÖÔÚÀ´×ÅÊִһ¸ö¼òµ¥µÄʹÓà Shiro ½øÐÐȨÏÞÑéÖ¤ÊÚȨµÄÒ»¸ö¼òµ¥ÏµÍ³

µÚÒ»²½£ºÐ½¨SpringBootÏîÄ¿£¬´î½¨»ù´¡»·¾³

pom°ü£º

<dependency>
<groupId>org.springframework.
boot</groupId>
<artifactId>spring-boot-
starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.
boot</groupId>
<artifactId>spring-boot-starter
-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.
boot</groupId>
<artifactId>spring-boot-starter
-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-
java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.
boot</groupId>
<artifactId>spring-boot-starter
-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro
</groupId>
<artifactId>shiro-spring
</artifactId>
<version>1.4.0</version>
</dependency>

application.propertiesÎļþ£º

#thymeleaf ÅäÖÃ
spring.thymeleaf.mode=HTML5
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.servlet.content
-type=text/html
#»º´æÉèÖÃΪfalse,
ÕâÑùÐÞ¸ÄÖ®ºóÂíÉÏÉúЧ£¬±ãÓÚµ÷ÊÔ
spring.thymeleaf.cache=false
#Êý¾Ý¿â
spring.datasource.url=jdbc:mysql:
//127.0.0.1:3306
/testdb?useUnicode
=true&characterEncoding
=utf-8&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.driver-class-name
=com.mysql.jdbc.Driver
spring.jpa.properties.hibernate.
hbm2ddl.auto=update
#ÏÔʾSQLÓï¾ä
spring.jpa.show-sql=true
#²»¼ÓÏÂÃæÕâ¾äÔò²»»áĬÈÏ´´½¨
MyISAMÒýÇæµÄÊý¾Ý¿â
spring.jpa.database-platform=org.
hibernate.dialect.MySQL5InnoDBDialect
#×Ô¼ºÖØÐ´µÄÅäÖÃÀ࣬ĬÈÏʹÓÃutf8±àÂë
spring.jpa.properties.hibernate.dialect
=com.wmyskxz.demo.shiro.config.MySQLConfig

µÚ¶þ²½£ºÐ½¨ÊµÌåÀà

н¨Ò»¸ö¡¾entity¡¿°ü£¬ÔÚÏÂÃæ´´½¨ÒÔÏÂʵÌ壺

Óû§ÐÅÏ¢£º

@Entity
public class UserInfo {
@Id
@GeneratedValue
private Long id; // Ö÷¼ü.
@Column(unique = true)
private String username;
// µÇ¼ÕË»§,Ψһ.
private String name;
// Ãû³Æ(ÄäÃû»òÕæÊµÐÕÃû),ÓÃÓÚUIÏÔʾ
private String password; // ÃÜÂë.
private String salt; // ¼ÓÃÜÃÜÂëµÄÑÎ
@JsonIgnoreProperties
(value = {"userInfos"})
@ManyToMany(fetch = FetchType.EAGER)
// Á¢¼´´ÓÊý¾Ý¿âÖнøÐмÓÔØÊý¾Ý
@JoinTable(name = "SysUserRole",
joinColumns = @JoinColumn
(name = "uid"),
inverseJoinColumns = @JoinColumn
(name = "roleId"))
private List<SysRole> roles;
// Ò»¸öÓû§¾ßÓжà¸ö½ÇÉ«
/** getter and setter */
}

½ÇÉ«ÐÅÏ¢£º

@Entity
public class SysRole {
@Id
@GeneratedValue
private Long id; // Ö÷¼ü.
private String name;
// ½ÇÉ«Ãû³Æ,Èç admin/user
private String description;
// ½ÇÉ«ÃèÊö,ÓÃÓÚUIÏÔʾ
// ½ÇÉ« -- ȨÏÞ¹ØÏµ£º¶à¶Ô¶à
@JsonIgnoreProperties
(value = {"roles"})
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = "SysRolePermission",
joinColumns = {@JoinColumn
(name = "roleId")}, inverseJoinColumns
= {@JoinColumn
(name = "permissionId")})
private List<SysPermission> permissions;
// Óû§ -- ½ÇÉ«¹ØÏµ£º¶à¶Ô¶à
@JsonIgnoreProperties(value = {"roles"})
@ManyToMany
@JoinTable(name = "SysUserRole",
joinColumns =
{@JoinColumn(name = "roleId")},
inverseJoinColumns =
{@JoinColumn(name = "uid")})
private List<UserInfo> userInfos;
// Ò»¸ö½ÇÉ«¶ÔÓ¦¶à¸öÓû§


/** getter and setter */
}

ȨÏÞÐÅÏ¢£º

@Entity
public class SysPermission {
@Id
@GeneratedValue
private Long id; // Ö÷¼ü.
private String name;
// ȨÏÞÃû³Æ,Èç user:select
private String description;
// ȨÏÞÃèÊö,ÓÃÓÚUIÏÔʾ
private String url; // ȨÏÞµØÖ·.
@JsonIgnoreProperties
(value = {"permissions"})
@ManyToMany
@JoinTable(name =
"SysRolePermission",
joinColumns = {@JoinColumn
(name = "permissionId")},
inverseJoinColumns = {@JoinColumn
(name = "roleId")})
private List<SysRole> roles;
// Ò»¸öȨÏÞ¿ÉÒÔ±»¶à¸ö½ÇɫʹÓÃ
/** getter and setter */
}

×¢Ò⣺ÕâÀïÓÐÒ»¸ö¿Ó£¬»¹²øÁËÎÒÂù¾Ã¸Ð¾õ£¬¾ÍÊǵ±ÎÒÃÇÏëҪʹÓÃRESTful·ç¸ñ·µ»Ø¸øÇ°Ì¨JSONÊý¾ÝµÄʱºò£¬ÕâÀïÓÐÒ»¸ö¹ØÓÚ¶à¶Ô¶àÎÞÏÞÑ­»·µÄ¿Ó£¬±ÈÈçµ±ÎÒÃÇÏëÒª·µ»Ø¸øÇ°Ì¨Ò»¸öÓû§ÐÅϢʱ£¬ÓÉÓÚÒ»¸öÓû§ÓµÓжà¸ö½ÇÉ«£¬Ò»¸ö½ÇÉ«ÓÖÓµÓжà¸öȨÏÞ£¬¶øÈ¨ÏÞ¸ú½ÇɫҲÊǶà¶Ô¶àµÄ¹ØÏµ£¬Ò²¾ÍÊÇÔì³ÉÁË ²éÓû§¡ú²é½ÇÉ«¡ú²éȨÏÞ¡ú²é½ÇÉ«¡ú²éÓû§... ÕâÑùµÄÎÞÏÞÑ­»·£¬µ¼Ö´«Êä´íÎó£¬ËùÒÔÎÒÃǸù¾ÝÕâÑùµÄÂß¼­ÔÚÿһ¸öʵÌåÀà·µ»ØJSONʱʹÓÃÁËÒ»¸ö@JsonIgnoreProperties×¢½â£¬À´Åųý×Ô¼º¶Ô×Ô¼ºÎÞÏßÒýÓõĹý³Ì£¬Ò²¾ÍÊÇ´ò¶ÏÕâÑùµÄÎÞÏÞÑ­»·¡£

¸ù¾ÝÒÔÉϵĴúÂë»á×Ô¶¯Éú³Éuser_info£¨Óû§ÐÅÏ¢±í£©¡¢sys_role£¨½ÇÉ«±í£©¡¢sys_permission£¨È¨ÏÞ±í£©¡¢sys_user_role£¨Óû§½ÇÉ«±í£©¡¢sys_role_permission£¨½ÇɫȨÏÞ±í£©ÕâÎåÕÅ±í£¬ÎªÁË·½±ã²âÊÔÎÒÃǸøÕâÎåÕűí²åÈëһЩ³õʼ»¯Êý¾Ý£º

INSERT INTO `user_info`
(`id`,`name`,`password`,
`salt`,`username`) VALUES
(1, '¹ÜÀíÔ±','
951cd60dec2104024949d2e0b2af45ae', 'xbNIxrQfn6COSYn1/GdloA==',
'wmyskxz');
INSERT INTO `sys_permission` (`id`,`description`,`name`,`url`)
VALUES (1,'²éѯÓû§','userInfo:
view','/userList');
INSERT INTO `sys_permission` (`id`,`description`,`name`,`url`)
VALUES (2,'Ôö¼ÓÓû§','userInfo:
add','/userAdd');
INSERT INTO `sys_permission` (`id`,`description`,`name`,`url`)
VALUES (3,'ɾ³ýÓû§','userInfo:
delete','/userDelete');
INSERT INTO `sys_role`
(`id`,`description`,`name`)
VALUES (1,'¹ÜÀíÔ±','admin');
INSERT INTO `sys_role_permission` (`permission_id`,`role_id`)
VALUES (1,1);
INSERT INTO `sys_role_permission` (`permission_id`,`role_id`)
VALUES (2,1);
INSERT INTO `sys_user_role`
(`role_id`,`uid`) VALUES (1,1);

µÚÈý²½£ºÅäÖà Shiro

н¨Ò»¸ö¡¾config¡¿°ü£¬ÔÚÏÂÃæ´´½¨ÒÔÏÂÎļþ£º

MySQLConfig£º

public class MySQLConfig
extends MySQL5InnoDBDialect{
@Override
public String getTable
TypeString(){
return "ENGINE=InnoDB
DEFAULT CHARSET=utf8";
}
}

Õâ¸öÎļþ¹ØÁªµÄÊÇÅäÖÃÎļþÖÐ×îºóÒ»¸öÅäÖã¬ÊÇÈà Hibernate ĬÈÏ´´½¨ InnoDB ÒýÇæ²¢Ä¬ÈÏʹÓà utf-8 ±àÂë

MyShiroRealm£º

public class MyShiroRealm
extends AuthorizingRealm {
@Resource
private UserInfoService userInfoService;
@Override
protected AuthorizationInfo doGet
AuthorizationInfo(Principal
Collection principalCollection) {
// ÄܽøÈëÕâÀï˵Ã÷Óû§ÒѾ­Í¨¹ýÑéÖ¤ÁË
UserInfo userInfo = (UserInfo) principalCollection.getPrimaryPrincipal();
SimpleAuthorizationInfo simple
AuthorizationInfo = new Simple
AuthorizationInfo();
for (SysRole role : user
Info.getRoles()) {
simpleAuthorizationInfo.addRole
(role.getName());
for (SysPermission permission :
role.getPermissions()) {
simpleAuthorizationInfo.addString
Permission(permission.getName());
}
}
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(Authentication
Token authenticationToken) throws
AuthenticationException {
// »ñÈ¡Óû§ÊäÈëµÄÕË»§
String username = (String)
authenticationToken.getPrincipal();
System.out.println(authenticationToken.
getPrincipal());
// ͨ¹ýusername´ÓÊý¾Ý¿âÖвéÕÒ UserInfo ¶ÔÏó
// ʵ¼ÊÏîÄ¿ÖУ¬ÕâÀï¿ÉÒÔ¸ù¾Ýʵ¼ÊÇé¿ö×ö»º´æ£¬
Èç¹û²»×ö£¬Shiro×Ô¼ºÒ²ÊÇÓÐʱ¼ä¼ä¸ô»úÖÆ£¬
2·ÖÖÓÄÚ²»»áÖØ¸´Ö´Ðи÷½·¨
UserInfo userInfo = userInfoService.
findByUsername(username);
if (null == userInfo) {
return null;
}
SimpleAuthenticationInfo
simpleAuthenticationInfo = new
SimpleAuthenticationInfo(
userInfo, // Óû§Ãû
userInfo.getPassword(), // ÃÜÂë
ByteSource.Util.bytes(userInfo.getSalt()),
// salt=username+salt
getName() // realm name
);
return simpleAuthenticationInfo;
}
}

×Ô¶¨ÒåµÄ Realm £¬·½·¨¸úÉÏÃæµÄÈÏÖ¤ÊÚȨ¹ý³ÌÒ»ÖÂ

ShiroConfig£º

@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean
shirFilter(SecurityManager
securityManager) {
System.out.println
("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilter
FactoryBean = new Shiro
FilterFactoryBean();
shiroFilterFactoryBean.
setSecurityManager
(securityManager);
// À¹½ØÆ÷.
Map<String, String>
filterChainDefinitionMap
= new LinkedHashMap<String, String>();
// ÅäÖò»»á±»À¹½ØµÄÁ´½Ó ˳ÐòÅжÏ
filterChainDefinitionMap.put
("/static/**", "anon");
// ÅäÖÃÍ˳ö ¹ýÂËÆ÷,ÆäÖеľßÌåµÄ
Í˳ö´úÂëShiroÒѾ­ÌæÎÒÃÇʵÏÖÁË
filterChainDefinitionMap.put
("/logout", "logout");
// <!-- ¹ýÂËÁ´¶¨Ò壬´ÓÉÏÏòÏÂ˳ÐòÖ´ÐУ¬
Ò»°ã½«/**·ÅÔÚ×îΪÏ屧 -->:ÕâÊÇÒ»¸ö¿ÓÄØ£¬
Ò»²»Ð¡ÐÄ´úÂë¾Í²»ºÃʹÁË;
// <!-- authc:ËùÓÐurl¶¼±ØÐë
ÈÏ֤ͨ¹ý²Å¿ÉÒÔ·ÃÎÊ;
anon:ËùÓÐurl¶¼¶¼¿ÉÒÔÄäÃû·ÃÎÊ-->
filterChainDefinitionMap.put
("/**", "authc");
// Èç¹û²»ÉèÖÃĬÈÏ»á×Ô¶¯Ñ°ÕÒWeb
¹¤³Ì¸ùĿ¼ÏµÄ"/login.jsp"Ò³Ãæ
shiroFilterFactoryBean.setLoginUrl
("/login");
// µÇ¼³É¹¦ºóÒªÌø×ªµÄÁ´½Ó
shiroFilterFactoryBean.setSuccessUrl
("/index");
//δÊÚȨ½çÃæ;
shiroFilterFactoryBean.
setUnauthorizedUrl("/403");
shiroFilterFactoryBean.set
FilterChainDefinitionMap
(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* ƾ֤ƥÅäÆ÷
* £¨ÓÉÓÚÎÒÃǵÄÃÜÂëУÑé½»¸øShiroµÄ
SimpleAuthenticationInfo½øÐд¦ÀíÁË£©
*
* @return
*/
@Bean
public HashedCredentialsMatcher
hashedCredentialsMatcher() {
HashedCredentialsMatcher
hashedCredentialsMatcher
= new HashedCredentialsMatcher();
hashedCredentialsMatcher.
setHashAlgorithmName("md5");
// É¢ÁÐËã·¨:ÕâÀïʹÓÃMD5Ëã·¨;
hashedCredentialsMatcher.
setHashIterations(2);
// É¢ÁеĴÎÊý£¬±ÈÈçÉ¢ÁÐÁ½´Î£¬
Ï൱ÓÚ md5(md5(""));
return hashedCredentialsMatcher;
}
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm
= new MyShiroRealm();
myShiroRealm.setCredentialsMatcher
(hashedCredentialsMatcher());
return myShiroRealm;
}
@Bean
public SecurityManager
securityManager() {
DefaultWebSecurityManager
securityManager
= new DefaultWebSecurityManager();
securityManager.setRealm
(myShiroRealm());
return securityManager;
}
/**
* ¿ªÆôshiro aop×¢½âÖ§³Ö.
* ʹÓôúÀí·½Ê½;ËùÒÔÐèÒª¿ªÆô´úÂëÖ§³Ö;
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttribute
SourceAdvisor authorization
AttributeSourceAdvisor
(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor
authorizationAttributeSourceAdvisor
= new AuthorizationAttribute
SourceAdvisor();
authorizationAttributeSourceAdvisor.
setSecurityManager(securityManager);
return authorizationAttribute
SourceAdvisor;
}
@Bean(name =
"simpleMappingExceptionResolver")
public SimpleMappingExceptionResolver
createSimpleMappingExceptionResolver(){
SimpleMappingExceptionResolver r = new
SimpleMappingExceptionResolver();
Properties mappings = new Properties();
mappings.setProperty("DatabaseException",
"databaseError"); // Êý¾Ý¿âÒì³£´¦Àí
mappings.setProperty
("UnauthorizedException", "403");
r.setExceptionMappings(mappings);
// None by default
r.setDefaultErrorView("error");
// No default
r.setExceptionAttribute("ex");
// Default is "exception"
//r.setWarnLogCategory("example.MvcLogger");
// No default
return r;
}
}

Apache Shiro µÄºËÐÄͨ¹ý Filter À´ÊµÏÖ£¬¾ÍºÃÏñ SpringMvc ͨ¹ý DispachServlet À´Ö÷¿ØÖÆÒ»Ñù¡£ ¼ÈÈ»ÊÇʹÓà Filter Ò»°ãÒ²¾ÍÄܲµ½£¬ÊÇͨ¹ýURL¹æÔòÀ´½øÐйýÂ˺ÍȨÏÞУÑ飬ËùÒÔÎÒÃÇÐèÒª¶¨ÒåһϵÁйØÓÚURLµÄ¹æÔòºÍ·ÃÎÊȨÏÞ¡£

Filter Chain¶¨Òå˵Ã÷£º

1¡¢Ò»¸öURL¿ÉÒÔÅäÖöà¸öFilter£¬Ê¹ÓöººÅ·Ö¸ô

2¡¢µ±ÉèÖöà¸ö¹ýÂËÆ÷ʱ£¬È«²¿Ñé֤ͨ¹ý£¬²ÅÊÓΪͨ¹ý

3¡¢²¿·Ö¹ýÂËÆ÷¿ÉÖ¸¶¨²ÎÊý£¬Èçperms£¬roles

ShiroÄÚÖõÄFilterChain

anon:ËùÓÐurl¶¼¶¼¿ÉÒÔÄäÃû·ÃÎÊ

authc: ÐèÒªÈÏÖ¤²ÅÄܽøÐзÃÎÊ

user:ÅäÖüÇסÎÒ»òÈÏ֤ͨ¹ý¿ÉÒÔ·ÃÎÊ

µÚËIJ½£º×¼±¸ DAO ²ãºÍ Service ²ã

н¨¡¾dao¡¿°ü£¬ÔÚÏÂÃæ´´½¨¡¾UserInfoDao¡¿½Ó¿Ú£º

public interface UserInfoDao extends JpaRepository<UserInfo, Long> {
/** ͨ¹ýusername²éÕÒÓû§ÐÅÏ¢*/
public UserInfo findByUsername
(String username);
}

н¨¡¾service¡¿°ü£¬´´½¨¡¾UserInfoService¡¿½Ó¿Ú£º

public interface UserInfoService {
/** ͨ¹ýusername²éÕÒÓû§ÐÅÏ¢£»*/
public UserInfo findByUsername
(String username);
}

²¢ÔڸðüÏÂÔÙн¨Ò»¸ö¡¾impl¡¿°ü£¬Ð½¨¡¾UserInfoServiceImpl¡¿ÊµÏÖÀࣺ

@Service
public class UserInfoService
Impl implements UserInfoService{
@Resource
UserInfoDao userInfoDao;
@Override
public UserInfo findByUsername
(String username) {
return userInfoDao.findByUsername
(username);
}
}

µÚÎå²½£ºcontroller²ã

н¨¡¾controller¡¿°ü£¬È»ºóÔÚÏÂÃæ´´½¨ÒÔÏÂÎļþ£º

HomeController£º

@Controller
public class HomeController {
@RequestMapping({"/","/index"})
public String index(){
return"/index";
}
@RequestMapping("/login")
public String login(HttpServlet
Request request, Map<String,
Object> map) throws Exception{
System.out.println
("HomeController.login()");
// µÇ¼ʧ°Ü´ÓrequestÖÐ
»ñÈ¡shiro´¦ÀíµÄÒì³£ÐÅÏ¢¡£
// shiroLoginFailure:
¾ÍÊÇshiroÒì³£ÀàµÄÈ«ÀàÃû.
String exception = (String) request.getAttribute("shiroLoginFailure");
System.out.println
("exception=" + exception);
String msg = "";
if (exception != null) {
if (UnknownAccountException.
class.getName().equals(exception)){
System.out.println("UnknownAccount
Exception -- > Õ˺Ų»´æÔÚ£º");
msg = "UnknownAccountException
-- > Õ˺Ų»´æÔÚ£º";
} else if (IncorrectCredentialsException.
class.getName().equals(exception)) {
System.out.println("Incorrect
CredentialsException -- > ÃÜÂë²»ÕýÈ·£º");
msg = "IncorrectCredentials
Exception -- > ÃÜÂë²»ÕýÈ·£º";
} else if ("kaptchaValidateFailed".
equals(exception)) {
System.out.println
("kaptchaValidateFailed -- > ÑéÖ¤Âë´íÎó");
msg = "kaptchaValidateFailed -->ÑéÖ¤Âë´íÎó";
} else {
msg = "else >> "+exception;
System.out.println("else -- >" + exception);
}
}
map.put("msg", msg);
// ´Ë·½·¨²»´¦ÀíµÇ¼³É¹¦,ÓÉshiro½øÐд¦Àí
return "/login";
}
@RequestMapping("/403")
public String unauthorizedRole(){
System.out.println("------ûÓÐȨÏÞ-------");
return "403";
}
}

ÕâÀï±ßµÄµØÖ·¶ÔÓ¦ÎÒÃÇÔÚÉèÖà Shiro ʱÉèÖõĵØÖ·

UserInfoController£º

@RestController
public class UserInfoController {
@Resource
UserInfoService userInfoService;
/**
* °´usernameÕË»§´ÓÊý¾Ý¿âÖÐÈ¡³öÓû§ÐÅÏ¢
*
* @param username ÕË»§
* @return
*/
@GetMapping("/userList")
@RequiresPermissions("userInfo:view")
// ȨÏÞ¹ÜÀí.
public UserInfo findUserInfoByUsername
(@RequestParam String username) {
return userInfoService.findByUsername
(username);
}
/**
* ¼òµ¥Ä£Äâ´ÓÊý¾Ý¿âÌí¼ÓÓû§ÐÅÏ¢³É¹¦
*
* @return
*/
@PostMapping("/userAdd")
@RequiresPermissions("userInfo:add")
public String addUserInfo() {
return "addUserInfo success!";
}
/**
* ¼òµ¥Ä£Äâ´ÓÊý¾Ý¿âɾ³ýÓû§³É¹¦
*
* @return
*/
@DeleteMapping("/userDelete")
@RequiresPermissions("userInfo:delete")
public String deleteUserInfo() {
return "deleteUserInfo success!";
}
}

µÚÁù²½£º×¼±¸Ò³Ãæ

н¨Èý¸öÒ³ÃæÓÃÀ´²âÊÔ£º

index.html£ºÊ×Ò³

<!DOCTYPE html>
<head>
<meta charset="UTF-8">
<title>Ê×Ò³</title>
</head>
<body>
index - Ê×Ò³
</body>
</html>

login.html£ºµÇ¼ҳ

<!DOCTYPE html>
<html xmlns:th=
"http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8">
<title>µÇ¼ҳ</title>
</head>
<body>
´íÎóÐÅÏ¢£º<h4 th:text="${msg}"></h4>
<form action="" method="post">
<p>Õ˺ţº<input type="text"
name="username" value="wmyskxz"/></p>
<p>ÃÜÂ룺<input type="text"
name="password" value="123456"/></p>
<p><input type="submit" value="怬"/></p>
</form>
</body>
</html>

403.html£ºÃ»ÓÐȨÏÞµÄÒ³Ãæ

<!DOCTYPE html>
<head>
<meta charset="UTF-8">
<title>403´íÎóÒ³</title>
</head>
<body>
´íÎóÒ³Ãæ
</body>
</html>

µÚÆß²½£º²âÊÔ

±àдºÃ³ÌÐòºó¾Í¿ÉÒÔÆô¶¯£¬Ê×ÏÈ·ÃÎÊhttp://localhost:8080/userList?username=wmyskxz
Ò³Ãæ£¬ÓÉÓÚûÓеǼ¾Í»áÌø×ªµ½ÎÒÃÇÅäÖúõÄhttp://localhost:8080/loginÒ³Ãæ¡£µÇ½֮ºó¾Í»á¿´µ½ÕýÈ··µ»ØµÄJSONÊý¾Ý£¬ÉÏÃæÕâЩ²Ù×÷ʱºò´¥·¢MyShiroRealm.doGetAuthenticationInfo()Õâ¸ö·½·¨£¬Ò²¾ÍÊǵǼÈÏÖ¤µÄ·½·¨¡£

µÇ¼֮ºó£¬ÎÒÃÇ»¹ÄÜ·ÃÎÊhttp://localhost:8080/userAddÒ³Ãæ£¬ÒòΪÎÒÃÇÔÚÊý¾Ý¿âÖÐÌáǰÅäÖúÃÁËȨÏÞ£¬Äܹ»¿´µ½ÕýÈ··µ»ØµÄÊý¾Ý£¬µ«ÊÇÎÒÃÇ·ÃÎÊhttp://localhost:8080/userDeleteʱ£¬¾Í»á·µ»Ø´íÎóÒ³Ãæ.

×¢Ò⣺ÒÔÉϲâÊÔÐèÒªÔÚREST¹¤¾ßÖвâÊÔ£¬ÒòΪÔÚController²ãÖÐÅäÖÃÁË·½·¨£¬´ó¼ÒÒ²¿ÉÒÔ²»ÓÃREST·ç¸ñÀ´²âÊÔһϿ´¿´£¡

   
1690 ´Îä¯ÀÀ       30
 
Ïà¹ØÎÄÕÂ

iOSÓ¦Óð²È«¿ª·¢£¬Äã²»ÖªµÀµÄÄÇЩÊÂÊõ
Web°²È«Ö®SQL×¢Èë¹¥»÷
ÒÆ¶¯APP°²È«ÔÚÉøÍ¸²âÊÔÖеÄÓ¦ÓÃ
´ÓGoogle±¸·Ý»¥ÁªÍø¿´¡°Êý¾Ý°²È«¡±
 
Ïà¹ØÎĵµ

web°²È«Éè¼ÆÓë·À»¤
»¥ÁªÍøº£Á¿ÄÚÈݰ²È«´¦Àí¼¼Êõ
ºÚ¿Í¹¥»÷Óë·À·¶¼¼Êõ
WEBºÚºÐ°²È«¼ì²â
 
Ïà¹Ø¿Î³Ì

WEBÍøÕ¾ÓëÓ¦Óð²È«Ô­ÀíÓëʵ¼ù
webÓ¦Óð²È«¼Ü¹¹Éè¼Æ
´´½¨°²È«µÄJ2EE WebÓ¦ÓôúÂë
ÐÅÏ¢°²È«ÎÊÌâÓë·À·¶