上一篇文章中介绍了Shiro 查看
将Shiro集成到spring boot的步骤:
(1)定义一个ShiroConfig,配置SecurityManager Bean,SecurityManager为Shiro的安全管理器,管理着所有Subject
(2)在ShiroConfig中配置ShiroFilterFactoryBean,其为Shiro过滤器工厂类,依赖于SecurityManager
(3)自定义Realm实现,Realm包含doGetAuthorizationInfo()和doGetAuthenticationInfo()方法
实现下用户认证:
没登录跳转到登录页面;登录后跳转到首页面;注销后,跳转到登录页面
1.引入依赖
引入Shiro和thymeleaf依赖
<!-- thymeleaf --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <!-- shiro-spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency>
2.ShiroConfig
定义一个Shiro配置类,ShiroConfig
package com.sfn.bms.common.shiro; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.*; /** * Shiro 配置类 */ @Configuration public class ShiroConfig { @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); // 设置securityManager shiroFilterFactoryBean.setSecurityManager(securityManager); // 登录的url shiroFilterFactoryBean.setLoginUrl("/login"); // 登录成功后跳转的url shiroFilterFactoryBean.setSuccessUrl("/index"); // 未授权url shiroFilterFactoryBean.setUnauthorizedUrl("/403"); LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); // 定义filterChain,静态资源不拦截 filterChainDefinitionMap.put("/css/**", "anon"); filterChainDefinitionMap.put("/js/**", "anon"); filterChainDefinitionMap.put("/fonts/**", "anon"); filterChainDefinitionMap.put("/img/**", "anon"); // druid数据源监控页面不拦截 filterChainDefinitionMap.put("/druid/**", "anon"); // 配置退出过滤器,其中具体的退出代码Shiro已经替我们实现了 filterChainDefinitionMap.put("/logout", "logout"); filterChainDefinitionMap.put("/", "anon"); // 除上以外所有url都必须认证通过才可以访问,未通过认证自动访问LoginUrl filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } @Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; } @Bean public MyShiroRealm myShiroRealm() { MyShiroRealm shiroRealm = new MyShiroRealm(); return shiroRealm; } }
anon、authc等为Shiro为实现的过滤器
3.Realm
Realm进行实现,然后注入到SecurityManager中
自定义Realm实现只需继承AuthorizingRealm类,然后实现doGetAuthorizationInfo()和doGetAuthenticationInfo()方法即可
用户认证只实现doGetAuthenticationInfo()
package com.sfn.bms.common.shiro; import com.sfn.bms.system.model.User; import com.sfn.bms.system.service.UserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; /** * 自定义实现 ShiroRealm,包含认证和授权两大模块 */ @Component("shiroRealm") public class MyShiroRealm extends AuthorizingRealm { @Autowired private UserService userService; /** * 授权模块,获取用户角色和权限 * * @param principal principal * @return AuthorizationInfo 权限信息 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) { return null; } /** * 用户认证 * * @param token AuthenticationToken 身份认证 token * @return AuthenticationInfo 身份认证信息 * @throws AuthenticationException 认证相关异常 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // 获取用户输入的用户名和密码 String account = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); // 通过用户名到数据库查询用户信息 User user = userService.findByAccount(account); if (user == null) { throw new UnknownAccountException("用户名或密码错误!"); } if (!password.equals(user.getPassword())) { throw new IncorrectCredentialsException("用户名或密码错误!"); } if (user.getStatus().equals("0")) { throw new LockedAccountException("账号已被锁定,请联系管理员!"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName()); return info; } }
4.数据层
数据表User
实体类User
package com.sfn.bms.system.model; import javax.persistence.*; public class User { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) private Short id; /** * 账号 */ private String account; /** * 密码 */ private String password; /** * 邮箱 */ private String email; /** * 状态 1-正常,0-禁用,-1-删除 */ private Boolean status; /** * 添加时间 */ @Column(name = "create_time") private Integer createTime; /** * 上次登陆时间 */ @Column(name = "last_login_time") private Integer lastLoginTime; /** * 上次登录IP */ @Column(name = "last_login_ip") private String lastLoginIp; /** * 登陆次数 */ @Column(name = "login_count") private Integer loginCount; /** * @return id */ public Short getId() { return id; } /** * @param id */ public void setId(Short id) { this.id = id; } /** * 获取账号 * * @return account - 账号 */ public String getAccount() { return account; } /** * 设置账号 * * @param account 账号 */ public void setAccount(String account) { this.account = account == null ? null : account.trim(); } /** * 获取密码 * * @return password - 密码 */ public String getPassword() { return password; } /** * 设置密码 * * @param password 密码 */ public void setPassword(String password) { this.password = password == null ? null : password.trim(); } /** * 获取邮箱 * * @return email - 邮箱 */ public String getEmail() { return email; } /** * 设置邮箱 * * @param email 邮箱 */ public void setEmail(String email) { this.email = email == null ? null : email.trim(); } /** * 获取状态 1-正常,0-禁用,-1-删除 * * @return status - 状态 1-正常,0-禁用,-1-删除 */ public Boolean getStatus() { return status; } /** * 设置状态 1-正常,0-禁用,-1-删除 * * @param status 状态 1-正常,0-禁用,-1-删除 */ public void setStatus(Boolean status) { this.status = status; } /** * 获取添加时间 * * @return create_time - 添加时间 */ public Integer getCreateTime() { return createTime; } /** * 设置添加时间 * * @param createTime 添加时间 */ public void setCreateTime(Integer createTime) { this.createTime = createTime; } /** * 获取上次登陆时间 * * @return last_login_time - 上次登陆时间 */ public Integer getLastLoginTime() { return lastLoginTime; } /** * 设置上次登陆时间 * * @param lastLoginTime 上次登陆时间 */ public void setLastLoginTime(Integer lastLoginTime) { this.lastLoginTime = lastLoginTime; } /** * 获取上次登录IP * * @return last_login_ip - 上次登录IP */ public String getLastLoginIp() { return lastLoginIp; } /** * 设置上次登录IP * * @param lastLoginIp 上次登录IP */ public void setLastLoginIp(String lastLoginIp) { this.lastLoginIp = lastLoginIp == null ? null : lastLoginIp.trim(); } /** * 获取登陆次数 * * @return login_count - 登陆次数 */ public Integer getLoginCount() { return loginCount; } /** * 设置登陆次数 * * @param loginCount 登陆次数 */ public void setLoginCount(Integer loginCount) { this.loginCount = loginCount; } }