SpringBoot配置shiro安全框架的實(shí)現(xiàn)
首先引入pom
<!--SpringBoot 2.1.0--> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.0.RELEASE</version> </parent> <!--shiro--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <!-- shiro-redis --> <dependency> <groupId>org.crazycake</groupId> <artifactId>shiro-redis</artifactId> <version>3.1.0</version> </dependency> <!-- shiro-freemarker-tag --> <dependency> <groupId>net.mingsoft</groupId> <artifactId>shiro-freemarker-tags</artifactId> <version>1.0.0</version> </dependency> <!-- freemarker --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-freemarker</artifactId> </dependency>
ShiroConfig.java
package com.jx.cert.web.framework.config.shiro; import java.util.LinkedHashMap; import java.util.Map; import javax.servlet.Filter; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.cache.MemoryConstrainedCacheManager; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.crazycake.shiro.RedisCacheManager; import org.crazycake.shiro.RedisManager; import org.crazycake.shiro.RedisSessionDAO; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn; import com.jx.cert.web.framework.config.shiro.filter.KickoutSessionControlFilter; import com.jx.cert.web.framework.config.shiro.filter.ShiroPermissionsFilter; import com.jx.cert.web.framework.config.shiro.filter.SystemLogoutFilter; import com.jx.common.utils.CacheConstants; /** * @ClassName: gyu * @Description: TODO(shrio配置) * @author gangyu * @date 2018年12月4日 下午2:28:07 */ @Configuration public class ShiroConfig { Logger log=LoggerFactory.getLogger(ShiroConfig.class); @Value("${spring.redis.host}") private String host; @Value("${spring.redis.prot}") private int port; @Value("${spring.redis.timeout}") private int timeout; @Value("${spring.redis.password}") private String password; @Value("${spring.redis.database}") private int database; //注意這里需要設(shè)置成 static 否則 @Value 注入不了數(shù)據(jù) @Bean(name = "lifecycleBeanPostProcessor") public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); log.debug("-----------------Shiro攔截器工廠類注入開始"); Map<String,Filter> filterMap=shiroFilterFactoryBean.getFilters(); //權(quán)限過濾器 filterMap.put("perms", new ShiroPermissionsFilter()); shiroFilterFactoryBean.setFilters(filterMap); // 配置shiro安全管理器 SecurityManager shiroFilterFactoryBean.setSecurityManager(securityManager); // 指定要求登錄時(shí)的鏈接 shiroFilterFactoryBean.setLoginUrl("/login"); // 登錄成功后要跳轉(zhuǎn)的鏈接 shiroFilterFactoryBean.setSuccessUrl("/index"); // filterChainDefinitions攔截器=map必須用:LinkedHashMap,因?yàn)樗仨毐WC有序 Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); //對(duì)外應(yīng)用開發(fā)接口不驗(yàn)證 filterChainDefinitionMap.put("/app/**", "anon"); filterChainDefinitionMap.put("/ajaxLogin", "anon"); // 放開驗(yàn)證碼 filterChainDefinitionMap.put("/public/getGifCode", "anon"); // 退出 filterChainDefinitionMap.put("/logout", "logout"); //TODO 全部放行 // filterChainDefinitionMap.put("/manage/**", "anon[*]"); //公共資源 filterChainDefinitionMap.put("/static/**", "anon"); filterChainDefinitionMap.put("/css/**", "anon"); filterChainDefinitionMap.put("/img/**", "anon"); filterChainDefinitionMap.put("/js/**", "anon"); // authc:所有url都必須認(rèn)證通過才可以訪問; filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); log.debug("-----------------Shiro攔截器工廠類注入成功"); return shiroFilterFactoryBean; } @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5");//散列算法:這里使用MD5算法; hashedCredentialsMatcher.setHashIterations(1);//散列的次數(shù),比如散列兩次,相當(dāng)于 md5(md5("")); return hashedCredentialsMatcher; } //權(quán)限緩存到內(nèi)存 @Bean(name = "shiroRealm") @DependsOn("lifecycleBeanPostProcessor") public MyShiroRealm myShiroRealm() { MyShiroRealm myShiroRealm = new MyShiroRealm(); myShiroRealm.setCacheManager(new MemoryConstrainedCacheManager()); myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return myShiroRealm; } @Bean(name = "securityManager") public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); // 自定義session管理 使用redis securityManager.setSessionManager(sessionManager()); // 自定義緩存實(shí)現(xiàn) 使用redis securityManager.setCacheManager(cacheManager()); return securityManager; } /** * 配置shiro redisManager * @return */ public RedisManager redisManager() { RedisManager redisManager = new RedisManager(); redisManager.setHost(host); redisManager.setPort(port); redisManager.setTimeout(timeout); // redisManager.setPassword(password); redisManager.setDatabase(database); return redisManager; } //自定義sessionManager @Bean public SessionManager sessionManager() { MySessionManager mySessionManager = new MySessionManager(); mySessionManager.setSessionDAO(redisSessionDAO()); //默認(rèn)1個(gè)小時(shí)session過期 mySessionManager.setGlobalSessionTimeout(CacheConstants.SHIRO_SESSION_MS); return mySessionManager; } /** * RedisSessionDAO shiro sessionDao層的實(shí)現(xiàn) 通過redis */ @Bean public RedisSessionDAO redisSessionDAO() { RedisSessionDAO redisSessionDAO = new RedisSessionDAO(); redisSessionDAO.setRedisManager(redisManager()); return redisSessionDAO; } /** * cacheManager 緩存 redis實(shí)現(xiàn) * @return */ @Bean public RedisCacheManager cacheManager() { RedisCacheManager redisCacheManager = new RedisCacheManager(); redisCacheManager.setRedisManager(redisManager()); redisCacheManager.setExpire(CacheConstants.USER_DATA_TTL); return redisCacheManager; } }
MyShiroRealm.java
package com.jx.cert.web.framework.config.shiro; import java.util.ArrayList; import java.util.List; import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import com.jx.cert.web.framework.config.shiro.exception.SysUsreNotLoginAPPException; import com.jx.cert.web.framework.config.shiro.exception.SystemNotExistException; import com.jx.common.utils.SysCode; import com.jx.core.api.model.vo.cert.SysPermission; import com.jx.core.api.model.vo.cert.SysRole; import com.jx.core.api.model.vo.cert.SysSystem; import com.jx.core.api.model.vo.cert.SysUser; import com.jx.core.api.service.business.cert.SysPermissionService; import com.jx.core.api.service.business.cert.SysRoleService; import com.jx.core.api.service.business.cert.SysSystemService; import com.jx.core.api.service.business.cert.SysUserService; public class MyShiroRealm extends AuthorizingRealm { private Logger logger = LoggerFactory.getLogger(MyShiroRealm.class); @Autowired private SysUserService sysUserService; @Autowired private SysRoleService sysRoleService; @Autowired private SysPermissionService sysPermissionService; @Autowired private SysSystemService systemService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { logger.info("####################開始配置權(quán)限####################"); SysUser user = (SysUser) principals.getPrimaryPrincipal(); if (user != null) { //權(quán)限信息對(duì)象info,用來存放查出的用戶的所有的角色(role)及權(quán)限(permission) SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); List<String> roleStrlist = new ArrayList<String>();//用戶的角色集合 List<String> perminsStrlist = new ArrayList<String>();//用戶的菜單權(quán)限集合 for (SysRole role : user.getRoleList()) { roleStrlist.add(role.getRoleName()); } for (SysPermission permission : user.getPermissList()) { perminsStrlist.add(permission.getUrl()); } //用戶的角色集合 authorizationInfo.addRoles(roleStrlist); //用戶的菜單按鈕權(quán)限集合 authorizationInfo.addStringPermissions(perminsStrlist); return authorizationInfo; } return null; } /*主要是用來進(jìn)行身份認(rèn)證的,也就是說驗(yàn)證用戶輸入的賬號(hào)和密碼是否正確。*/ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { logger.info("####################身份認(rèn)證####################"); String userStr = (String) token.getPrincipal(); SysUser user = sysUserService.getUserByUserName(userName); //認(rèn)證系統(tǒng)用戶 List<SysRole> roleList = sysRoleService.findRoleByUserId(user.getUserId(),systemId); user.setRoleList(roleList);//獲取用戶角色 List<SysPermission> list=sysPermissionService.getUserPermission(user.getUserId(),systemId); SysPermission permis=new SysPermission(); list.add(permis); user.setPermissList(list);//獲取用戶權(quán)限 return new SimpleAuthenticationInfo(user, DigestUtils.md5Hex(user.getPassword()),getName()); } }
ShiroTagsFreeMarkerCfg.java
package com.jx.cert.web.framework.config.shiro; import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer; import com.jagregory.shiro.freemarker.ShiroTags; import freemarker.template.TemplateModelException; /** * @ClassName: ShiroTagsFreeMarkerCfg * @Description: TODO(ftl shiro 標(biāo)簽) * @author gangyu * @date 2018年12月5日 下午5:16:27 * */ @Component public class ShiroTagsFreeMarkerCfg { @Autowired private FreeMarkerConfigurer freeMarkerConfigurer; @PostConstruct public void setSharedVariable() throws TemplateModelException { freeMarkerConfigurer.getConfiguration().setSharedVariable("shiro", new ShiroTags()); } }
ShiroPermissionsFilter.java
/** * @Title: ShiroPermissionsFilter.java * @Package com.jx.cert.web.config.shiro * @Description: TODO(用一句話描述該文件做什么) * @author gangyu * @date 2018年12月5日 上午11:47:00 * @version V1.0 */ package com.jx.cert.web.framework.config.shiro.filter; import java.io.IOException; import java.io.PrintWriter; import java.util.List; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.gson.Gson; import com.jx.cert.web.framework.config.shiro.ShiroUtil; import com.jx.common.utils.Result; import com.jx.common.utils.enums.CodeEnum; import com.jx.core.api.model.vo.cert.SysPermission; import com.jx.core.api.model.vo.cert.SysUser; /** * @ClassName: ShiroPermissionsFilter * @Description: TODO(權(quán)限驗(yàn)證) * @author gangyu * @date 2018年12月5日 上午11:47:00 */ public class ShiroPermissionsFilter extends PermissionsAuthorizationFilter { private static final Logger logger = LoggerFactory.getLogger(ShiroPermissionsFilter.class); /** * 權(quán)限檢測驗(yàn)證 */ @Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException { logger.info("----------權(quán)限校驗(yàn)-------------"); HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String reqUrl=request.getRequestURI(); List<SysPermission> permsList=ShiroUtil.getUser().getPermissList(); String contextPath=request.getContextPath(); reqUrl=reqUrl.substring(contextPath.length()+1, reqUrl.length()); String header = request.getHeader("X-Requested-With"); boolean isAjax = "XMLHttpRequest".equals(header); SysUser user=ShiroUtil.getUser(); if(!new Gson().toJson(permsList).contains(reqUrl)){ if (isAjax) { logger.info("----------AJAX請(qǐng)求拒絕-------------"); response.setCharacterEncoding("UTF-8"); response.setContentType("application/json"); response.getWriter().write(new Gson().toJson(new Result(CodeEnum.NOT_PERMISSION))); } else { logger.info("----------普通請(qǐng)求拒絕-------------"); response.sendRedirect(request.getContextPath()+"/403"); } return false; }else { return true; } } }
ShiroUtil.java
package com.jx.cert.web.framework.config.shiro; import org.apache.shiro.SecurityUtils; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import com.jx.core.api.model.vo.cert.SysUser; public class ShiroUtil { /** * 獲取當(dāng)前 Subject * * @return */ public static Subject getSubject() { return SecurityUtils.getSubject(); } /** * 獲取shiro指定的sessionKey * * @param key * @param <T> * @return */ public static <T> T getSessionAttr(String key) { Session session = getSession(); return session != null ? (T) session.getAttribute(key) : null; } /** * 設(shè)置shiro指定的sessionKey * * @param key * @param value */ public static void setSessionAttr(String key, Object value) { Session session = getSession(); session.setAttribute(key, value); } /** * 獲取當(dāng)前用戶對(duì)象 * * @return */ public static SysUser getUser() { if(getSubject().isAuthenticated()){ return (SysUser) getSubject().getPrincipals().getPrimaryPrincipal(); } return null; } /** * 獲取當(dāng)前用戶對(duì)象UserID * * @return */ public static String getUserId() { return getUser().getUserId(); } /** * 移除shiro指定的sessionKey * * @param key */ public static void removeSessionAttr(String key) { Session session = getSession(); if (session != null) session.removeAttribute(key); } /** * 驗(yàn)證當(dāng)前用戶是否屬于該角色 * * @param roleName 角色名稱 * @return 屬于該角色:true,否則false */ public static boolean hasRole(String roleName) { return getSubject() != null && roleName != null && roleName.length() > 0 && getSubject().hasRole(roleName); } /** * shiro 中獲取session * * @return session */ public static Session getSession() { return getSubject().getSession(); } /** * 驗(yàn)證當(dāng)前用戶是否屬于以下所有角色 * 多權(quán)限“,”分割 * * @param roleNames 權(quán)限名稱 * @return 屬于:true,否則false */ public static boolean hasAllRoles(String roleNames) { boolean hasAllRole = true; Subject subject = getSubject(); if (subject != null && roleNames != null && roleNames.length() > 0) { for (String role : roleNames.split(",")) { if (!subject.hasRole(role.trim())) { hasAllRole = false; break; } } } return hasAllRole; } /** * 驗(yàn)證當(dāng)前用戶是否屬于以下任意一個(gè)角色 * 多權(quán)限“,”分割 * @param roleNames * @return */ public static boolean hasAnyRoles(String roleNames) { boolean hasAnyRole = false; Subject subject = getSubject(); if (subject != null && roleNames != null && roleNames.length() > 0) { for (String role : roleNames.split(",")) { if (subject.hasRole(role.trim())) { hasAnyRole = true; break; } } } return hasAnyRole; } }
到此這篇關(guān)于SpringBoot配置shiro安全框架的實(shí)現(xiàn)的文章就介紹到這了,更多相關(guān)SpringBoot配置shiro內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!
相關(guān)文章
Mybatis SQL日志如何轉(zhuǎn)換為可執(zhí)行sql
這篇文章主要介紹了Mybatis SQL日志如何轉(zhuǎn)換為可執(zhí)行sql問題,具有很好的參考價(jià)值,希望對(duì)大家有所幫助,如有錯(cuò)誤或未考慮完全的地方,望不吝賜教2023-09-09SpringBoot全局異常與數(shù)據(jù)校驗(yàn)的方法
這篇文章主要介紹了SpringBoot全局異常與數(shù)據(jù)校驗(yàn)的方法,小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,也給大家做個(gè)參考。一起跟隨小編過來看看吧2018-11-11IntelliJ IDEA基于Scala實(shí)現(xiàn)Git檢查工具
這篇文章主要介紹了如何使用Scala實(shí)現(xiàn)自定義的Git檢查工具,大家可以基于本文的示例進(jìn)行擴(kuò)展與實(shí)現(xiàn),也可以進(jìn)行其他應(yīng)用方向的嘗試,感興趣的可以了解下2023-08-08Spring MVC 404 Not Found無錯(cuò)誤日志的解決方法
這篇文章主要為大家詳細(xì)介紹了Spring MVC 404 Not Found無錯(cuò)誤日志的解決方法,具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下2017-12-12JavaScript中new運(yùn)算符的實(shí)現(xiàn)過程解析
這篇文章主要介紹了JavaScript中new運(yùn)算符的實(shí)現(xiàn)過程解析,文中通過示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友可以參考下2019-10-10java 查找list中重復(fù)數(shù)據(jù)實(shí)例詳解
這篇文章主要介紹了java 查找list中重復(fù)數(shù)據(jù)實(shí)例詳解的相關(guān)資料,需要的朋友可以參考下2017-01-01