千家信息网

请输入关键字词

热门搜索排行

最新搜索排行

导航: 首页 > 互联网科技 >

shiro的配置和使用方法

发表于:2025-01-30 作者:千家信息网编辑
千家信息网最后更新 2025年01月30日,本篇内容介绍了"shiro的配置和使用方法"的有关知识,在实际案例的操作过程中,不少人都会遇到这样的困境,接下来就让小编带领大家学习一下如何处理这些情况吧!希望大家仔细阅读,能够学有所成!jar:1.
千家信息网最后更新 2025年01月30日shiro的配置和使用方法

本篇内容介绍了"shiro的配置和使用方法"的有关知识,在实际案例的操作过程中,不少人都会遇到这样的困境,接下来就让小编带领大家学习一下如何处理这些情况吧!希望大家仔细阅读,能够学有所成!

jar:

1.2.3
   org.apache.shiro   shiro-core   ${shiro.version}   org.apache.shiro   shiro-ehcache   ${shiro.version}   org.apache.shiro   shiro-web   ${shiro.version}   org.apache.shiro   shiro-spring   ${shiro.version}

自定义自定义Realm:

import com.xmdishi.fmp.model.po.business.BusinessMenuPo;import com.xmdishi.fmp.model.po.business.BusinessUserPo;import com.xmdishi.fmp.model.qo.business.BusinessUserQo;import com.xmdishi.fmp.service.business.BusinessMenuService;import com.xmdishi.fmp.service.business.BusinessUserService;import org.apache.shiro.authc.*;import org.apache.shiro.authc.credential.CredentialsMatcher;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.context.annotation.Bean;import org.springframework.stereotype.Component;import java.util.HashSet;import java.util.List;import java.util.Set;/** * 自定义Realm * @author cjianquan * @date 2020/4/6 * @param * @return */@Componentpublic class CustomRealm extends AuthorizingRealm {   @Autowired   private BusinessUserService businessUserService;   @Autowired   private BusinessMenuService businessMenuService;   private static Logger logger=LoggerFactory.getLogger(CustomRealm.class);   public CustomRealm() {      logger.info("CustomRealm====================");   }   @Override   public String getName() {      return "CustomRealm";   }   @Bean(name = "credentialsMatcher")   public HashedCredentialsMatcher credentialsMatcher(){      HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();      credentialsMatcher.setHashAlgorithmName("md5");      credentialsMatcher.setHashIterations(1);      return credentialsMatcher;   }   @Override   public void setCredentialsMatcher(@Qualifier("credentialsMatcher")CredentialsMatcher credentialsMatcher){      super.setCredentialsMatcher(credentialsMatcher);   }   /**    * realm授权方法 从输入参数principalCollection得到身份信息 根据身份信息到数据库查找权限信息 将权限信息添加给授权信息对象    * 返回 授权信息对象(判断用户访问url是否在权限信息中没有体现)    */   @Override   protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {      BusinessUserPo user = (BusinessUserPo) principalCollection.getPrimaryPrincipal();      String roleIds = user.getRoleIds();      List btnList = null;      try{         btnList = businessMenuService.queryBtnsByRoles(roleIds);      }catch (Exception e){         e.printStackTrace();      }      // 用户权限列表      Set permsSet = new HashSet();      if(btnList!=null && btnList.size()>0){         permsSet.addAll(btnList);      }      SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();      info.setStringPermissions(permsSet);      return info;   }   /**    * 表单认证过滤器认证时会调用自定义Realm的认证方法进行认证,成功回到index.do,再跳转到index.jsp页面    *    * 前提:表单认证过滤器收集和组织用户名和密码信息封装为token对象传递给此方法    *    * token:封装了身份信息和凭证信息 2步骤:比对身份 信息;比对凭证    */   @Override   protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {      String username = (String) token.getPrincipal();      String password = new String((char[]) token.getCredentials());      // 查询用户信息      BusinessUserQo userQo = new BusinessUserQo();      userQo.setUserName(username);      List userList = null;      BusinessUserPo businessUserPo = null;      try{         userList = this.businessUserService.query(userQo);         if(userList!=null && userList.size()>0){            businessUserPo = userList.get(0);         }      }catch (Exception e){         e.printStackTrace();      }      // 账号不存在      if (businessUserPo == null ) {         throw new UnknownAccountException("账号不存在!");      }      // 密码错误      if (!password.equals(businessUserPo.getPassword())) {         throw new IncorrectCredentialsException("账号或密码不正确!");      }      // 账号未分配角色      if (businessUserPo.getRoleIds() == null ) {         throw new UnknownAccountException("账号未分配角色!");      }      //cjianquan 2020/2/8 登录成功,查询菜单      try{         List menuList = this.businessMenuService.queryByRoles(businessUserPo.getRoleIds());         businessUserPo.setMenuList(menuList);      }catch (Exception e){         e.printStackTrace();      }      SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(businessUserPo, password, getName());      return info;   }}

web.xml 添加 :

   shiroFilter   org.springframework.web.filter.DelegatingFilterProxy         targetFilterLifecycle      true               targetBeanName      shiroFilter      shiroFilter      /*

SpringShiroConfig:

import com.xmdishi.fmp.business.shiro.CustomRealm;import org.apache.shiro.cache.ehcache.EhCacheManager;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.spring.LifecycleBeanPostProcessor;import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.beans.factory.config.MethodInvokingFactoryBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.context.annotation.DependsOn;import java.util.LinkedHashMap;import java.util.Map;@Configurationpublic class SpringShiroConfig {   @Autowired   private CustomRealm realm;   public SpringShiroConfig() {      System.out.println("SpringShiroConfig init ......");   }   @Bean(name = "lifecycleBeanPostProcessor")   public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {      return new LifecycleBeanPostProcessor();   }   @Bean   @DependsOn("lifecycleBeanPostProcessor")   public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {      DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();      creator.setProxyTargetClass(true);      creator.setUsePrefix(true);      return creator;   }   @Bean   public MethodInvokingFactoryBean getMethodInvokingFactoryBean(@Qualifier("securityManager")SecurityManager securityManager) {      MethodInvokingFactoryBean methodInvokingFactoryBean=new MethodInvokingFactoryBean();      methodInvokingFactoryBean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");      methodInvokingFactoryBean.setArguments(new Object[]{securityManager});      return methodInvokingFactoryBean;   }   //get   @Bean   public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager")SecurityManager securityManager) {      AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();      authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);      return authorizationAttributeSourceAdvisor;   }   //get   @Bean(name = "shiroFilter")   public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager")SecurityManager securityManager){      ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();      shiroFilterFactoryBean.setLoginUrl("/index.jsp");      shiroFilterFactoryBean.setSuccessUrl("/index.jsp");      shiroFilterFactoryBean.setUnauthorizedUrl("/index.jsp");      shiroFilterFactoryBean.setSecurityManager(securityManager);      loadShiroFilterChain(shiroFilterFactoryBean);      return shiroFilterFactoryBean;   }   //get   @Bean(name = "sessionManager")   public DefaultWebSessionManager sessionManager(){      DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();      sessionManager.setGlobalSessionTimeout(86400000);      sessionManager.setDeleteInvalidSessions(true);      return sessionManager;   }   //get   @Bean(name = "shiroCacheManager")   public EhCacheManager shiroCacheManager(){      EhCacheManager shiroCacheManager = new EhCacheManager();      shiroCacheManager.setCacheManagerConfigFile("classpath:shiro-ehcache.xml");      return shiroCacheManager;   }   //get   @Bean(name = "securityManager")   public DefaultWebSecurityManager securityManager(@Qualifier("shiroCacheManager") EhCacheManager shiroCacheManager,                                        @Qualifier("sessionManager") DefaultWebSessionManager sessionManager) {      DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();      securityManager.setRealm(realm);      securityManager.setCacheManager(shiroCacheManager);      securityManager.setSessionManager(sessionManager);      return securityManager;   }   //get   private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {      Map filterChainDefinitionMap = new LinkedHashMap();      filterChainDefinitionMap.put("/index.jsp", "anon");      filterChainDefinitionMap.put("/common/**", "anon");      filterChainDefinitionMap.put("/**/login/**", "anon");      filterChainDefinitionMap.put("/**", "authc");      shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);   }}

登录方法:

@RequestMapping(value = "login")    @ResponseBody    public Object login(@ModelAttribute("user")LoginUser user, HttpServletRequest request) {        BaseResp resp = new BaseResp();        String access_token = ""+ IdUtils.id();        JSONObject jsonObject = new JSONObject();        /**         * 使用Shiro编写认证操作         */        try {            //1.获取Subject            Subject subject = SecurityUtils.getSubject();            //2.封装用户数据            UsernamePasswordToken token = new UsernamePasswordToken(user.getUserName(), CommonUtils.md5(user.getPassword()));//            UsernamePasswordToken token = new UsernamePasswordToken(user.getUserName(),user.getPassword());            //3.执行登录方法            subject.login(token);            jsonObject.put("access_token",access_token);            jsonObject.put("user",rtnUser((BusinessUserPo)subject.getPrincipal()));            resp.setData(jsonObject);        } catch (UnknownAccountException e) {            resp.setSuccess(false);            resp.setMsg(e.getMessage());            e.printStackTrace();        } catch (IncorrectCredentialsException e) {            resp.setSuccess(false);            resp.setMsg(e.getMessage());            e.printStackTrace();        }catch (Exception e){            resp.setSuccess(false);            resp.setMsg("系统异常,请稍后再试");            e.printStackTrace();        }        return resp;    }

前台页面使用: jsp:

<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>

按钮权限:

"shiro的配置和使用方法"的内容就介绍到这里了,感谢大家的阅读。如果想了解更多行业相关的知识可以关注网站,小编将为大家输出更多高质量的实用文章!

很赞哦!
信息 方法 认证 权限 用户 账号 身份 密码 对象 封装 登录 使用方法 配置 成功 内容 凭证 数据 更多 知识 表单 数据库的安全要保护哪些东西 数据库安全各自的含义是什么 生产安全数据库录入 数据库的安全性及管理 数据库安全策略包含哪些 海淀数据库安全审计系统 建立农村房屋安全信息数据库 易用的数据库客户端支持安全管理 连接数据库失败ssl安全错误 数据库的锁怎样保障安全 玖萌互联网科技有限公司 网络安全管理员 面试 简单的网络安全漫画 提高服务器安全管理 支持多国语言的数据库 中国移动网络技术岗位 常用数据库网站 封神召唤师vivo服务器 《网络安全法》明起施行 语言属于软件开发技术吗 文明6连接不上2K服务器 c 数据库循环读取数据库 计算机等级考网络技术真题 现行软件开发关键节点 fgo怎么选择苹果服务器 华为做软件开发么 服务器tps一般多少正常 腾讯云自己服务器ip 反恐网络安全国旗下讲话 服务器卸载安全狗会怎样 天津服务器机柜系列云服务器 网络安全 国家安全 数据库关系运算符号的由来 电力网络安全题库 软件开发职务招聘 广东自主可控软件开发批发价 网络安全法律体系专门立法 聚食汇智慧云数据库在哪里 如何架设cs服务器 商丘政务软件开发公司

相关文章

0