热门标签
热门文章
- 1IOS面试题object-c 11-20
- 2uni-app onLaunch和onLoad异步的问题_uni-app app.vue的onlaunch和页面的onload异步变同不
- 3这个用JAVA开发的全开源商城系统可免费商用_crmeb 开源商城免费开源多语言商城系统
- 4CVPR2022 目标检测方向文章(附摘要)_目标检测论文cvpr2022
- 5鸿蒙系统真的比安卓快?任正非答案来了_鸿蒙比安卓快吗
- 6【鸿蒙软件开发】Stage模型开发概述应用/组件级配置_abilitystage
- 7Ubuntu16安装OpenStack_ubuntu16一键安装openstack
- 8sudo apt update和sudo apt upgrade命令的作用和使用方法_sudo apt-updata
- 9uniapp通过websocket实现手机APP通知栏消息显示功能(前端部分)
- 10在laravel中合并路由_一些实用的 Laravel 小技巧
当前位置: article > 正文
idea实现SpringBoot+Shiro+MyBatis+Thymeleaf实现权限控制,身份查询与验证,角色配置和权限配置_idea authentication realm
作者:IT小白 | 2024-03-19 18:43:24
赞
踩
idea authentication realm
Shiro三个核心:
Subject:用户主体(把操作交给SecurityManager)
SecurityManager:安全管理器(关联Realm)
Realm:Shiro连接数据的桥梁
1.引入shiro相关maven依赖
<!-- shiro与spring整合依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<!-- thymeleaf对shiro的标签扩展 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
2. 创建Realm身份验证器
创建类后 继承 AuthorizingRealm,重写doGetAuthorizationInfo(授权逻辑)和doGetAuthenticationInfo(认证逻辑)方法。
package cn.czl.shiro; import cn.czl.domain.User; import cn.czl.domain.UserPower; import cn.czl.service.PowerService; import cn.czl.service.UserService; import cn.czl.service.impl.PowerServiceImpl; import cn.czl.service.impl.UserServiceImpl; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import java.util.List; /** * 自定义Realm * @author RedRush * */ public class UserRealm extends AuthorizingRealm { //注入业务 @Autowired private UserService userService = new UserServiceImpl(); @Autowired private PowerService powerService = new PowerServiceImpl(); /** * 执行授权逻辑 * */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("执行授权逻辑"); //对资源进行授权 SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); //获取当前用户的id Subject subject = SecurityUtils.getSubject(); User user = (User)subject.getPrincipal(); //到数据库查询当前用户的授权字符串 User dbUser = userService.findBasicById(user.getUid()); //添加资源的授权字符串(关联授权过滤器后面的字符串) // authorizationInfo.addStringPermission("user:add"); // authorizationInfo.addStringPermission(dbUser.getPerms()); //添加角色的授权字符串 authorizationInfo.addRole(dbUser.getRole()); //将权限列表批量导入 List <UserPower> userPowers= powerService.getUpower(dbUser.getPid()); for (UserPower userPower:userPowers){ System.out.println(userPower); authorizationInfo.addStringPermission(userPower.getPerm()); } // List<Perm> perms = permDao.getPermById(user.getUid()); // for (Perm perm : perms){ // authorizationInfo.addStringPermission(perm.getPermName()); // } return authorizationInfo; } /** * 执行认证逻辑 * */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //编写shiro判断逻辑,判断用户名和密码 //1.判断用户名 UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken; System.out.println(token.getUsername()); User user = userService.findByName(token.getUsername()); if(user == null){ //用户名不存在 return null;//shiro底层会抛出UnknownAccountException } //2.判断密码("返回给login方法的数据(授权方法可获取)","数据库密码","realm名字") return new SimpleAuthenticationInfo(user, user.getUpwd(), ""); } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
3. 创建ShiroConfig(Shiro配置)
package cn.czl.shiro; import at.pollux.thymeleaf.shiro.dialect.ShiroDialect; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; /** * shiro的配置类 * @author RedRush * */ @Configuration public class ShiroConfig { /** * 创建ShiroFilterFactoryBean * 创建shiro过滤器工厂 * */ @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); //1.设置安全管理器 shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); //2.添加Shiro内置过滤器 /** * Shiro内置过滤器,可以实现权限相关的拦截 * 常用的过滤器: * anon:无需认证(登陆)即可访问 * authc:必须认证才可以访问 * user:如果使用rememeberMe的功能可以直接访问 * perms:该资源必须得到资源权限才可以访问 * roles:该资源必须得到角色权限才可以访问 * */ Map<String, String> filterMap = new LinkedHashMap<String, String>(); //设置白名单(无需认证访问页面) filterMap.put("/testThymeleaf", "anon"); //放行login请求 filterMap.put("/login", "anon"); //授权过滤器 //注意:当前授权拦截后,shiro会自动跳转到未授权页面 filterMap.put("/manage", "roles[manage]"); filterMap.put("/add", "perms[user:add]"); filterMap.put("/update", "perms[user:update]"); //设置拦截url filterMap.put("/*", "authc"); // filterMap.put("/add", "authc"); // filterMap.put("/update", "authc"); //修改调整的登陆页面 shiroFilterFactoryBean.setLoginUrl("/toLogin"); //设置未授权提示页面 shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); return shiroFilterFactoryBean; } /** * 创建DefaultWebSecurityManager * 创建默认网络安全管理员 * */ @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //关联Realm securityManager.setRealm(userRealm); return securityManager; } /** * 创建Realm * 身份验证器Realm(开发者自行编写设置认证、授权业务) * */ @Bean(name = "userRealm") public UserRealm gerRealm(){ return new UserRealm(); } /** * 配置ShiroDialect,用于thymeleaf和shiro标签配合使用 * shiro方言(shiro权限判断标签) * */ @Bean public ShiroDialect getShiroDialect(){ System.out.println("创建ShiroDialect"); return new ShiroDialect(); } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
4. Controller层使用shiro进行认证
@RequestMapping("/login") public String login(String name, String password, Model model){ System.out.println("name" + name + ";password" + password); /** * 使用shiro编写认证操作 * */ //1.获取Subject Subject subject = SecurityUtils.getSubject(); //2.获取用户数据 UsernamePasswordToken token = new UsernamePasswordToken(name, password); //3.执行登陆方法 try { subject.login(token); //登陆成功 //执行"/testThymeleaf"请求,重定向,跳转到test.html return "redirect:/testThymeleaf"; }catch (UnknownAccountException e){ //e.printStackTrace(); //登陆失败:用户名不存在 model.addAttribute("msg", "用户名不存在"); return "login"; }catch (IncorrectCredentialsException e){ //登陆失败:密码错误 model.addAttribute("msg","密码错误"); return "login"; } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
5. 页面中使用Thymeleaf配合shiro进行模块权限控制
<div shiro:hasPermission="user:update">
<a href="update">用户更新</a>
</div>
<div shiro:hasRole="manager">管理员您好</div>
- 1
- 2
- 3
- 4
- 5
项目目录结构:
我的github源码,数据库表结构和数据也放进去了,欢迎学习交流。
有用的话,给个小星星吧。阿里嘎多https://github.com/Iron-Rush/springboot-shiro.git
声明:本文内容由网友自发贡献,转载请注明出处:【wpsshop】
推荐阅读
相关标签
