springboot整合shiro怎么实现?有什么优势?

TheDisguiser 2020-04-26 17:31:37 java常见问答 5927

在使用springboot开发项目中,有时会遇到各种涉及安全或者权限的功能,shiro可以高效的帮助我们实现、理解,今天我们就来说说如何在springboot中整合shiro吧。

一、目录结构

springboot整合shiro

二、需要的基础包:pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.troy</groupId>
    <artifactId>springshiro</artifactId>
    <version>1.0-SNAPSHOT</version>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.6.RELEASE</version>
    </parent>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>1.5.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
            <version>1.5.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-autoconfigure</artifactId>
            <version>1.5.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-Java</artifactId>
            <version>5.1.9</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.1.4</version>
        </dependency>
    </dependencies>
</project>

三、基本配置application.yml

server:
    port: 8082
spring:
    datasource:
    driver - class - name: com.mysql.jdbc.Driver
url: jdbc: mysql: //localhost:3306/spring_shiro?useUnicode=true&amp;characterEncoding=UTF-8
    username: root
password: root
type: com.alibaba.druid.pool.DruidDataSource
jpa:
    show - sql: true
hibernate:
    ddl - auto: update
http:
    encoding:
    charset: utf - 8
enabled: true

四、这里我们基本需要3个实体,用户,角色和权限

(1)角色:User.class 

@Entity
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    @Column(unique = true)
    private String name;
    private Integer password;
    @OneToMany(cascade = CascadeType.ALL,mappedBy = "user")
    private List<Role> roles;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public List<Role> getRoles() {
        return roles;
    }
    public void setRoles(List<Role> roles) {
        this.roles = roles;
    }
    public Integer getPassword() {
        return password;
    }
    public void setPassword(Integer password) {
        this.password = password;
    }
}

注:这里只考虑一个用户对多个角色,没有考虑多对多的关系

(2)角色:Role.class

@Entity
public class Role {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    private String roleName;
    @ManyToOne(fetch = FetchType.EAGER)
    private User user;
    @OneToMany(cascade = CascadeType.ALL,mappedBy = "role")
    private List<Permission> permissions;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public String getRoleName() {
        return roleName;
    }
    public void setRoleName(String roleName) {
        this.roleName = roleName;
    }
    public User getUser() {
        return user;
    }
    public void setUser(User user) {
        this.user = user;
    }
    public List<Permission> getPermissions() {
        return permissions;
    }
    public void setPermissions(List<Permission> permissions) {
        this.permissions = permissions;
    }
}

(3)权限:Permission.class

@Entity
public class Permission
{
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    private String permission;
    @ManyToOne(fetch = FetchType.EAGER)
    private Role role;
    public Long getId()
    {
        return id;
    }
    public void setId(Long id)
    {
        this.id = id;
    }
    public String getPermission()
    {
        return permission;
    }
    public void setPermission(String permission)
    {
        this.permission = permission;
    }
    public Role getRole()
    {
        return role;
    }
    public void setRole(Role role)
    {
        this.role = role;
    }
}

五、然后就是配置对应的验证,以及过滤条件

(1)验证,以及权限的添加MyShiroRealm.class

//实现AuthorizingRealm接口用户用户认证
public class MyShiroRealm extends AuthorizingRealm{
    //用于用户查询
    @Autowired
    private ILoginService loginService;
    //角色权限和对应权限添加
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //获取登录用户名
        String name= (String) principalCollection.getPrimaryPrincipal();
        //查询用户名称
        User user = loginService.findByName(name);
        //添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (Role role:user.getRoles()) {
            //添加角色
            simpleAuthorizationInfo.addRole(role.getRoleName());
            for (Permission permission:role.getPermissions()) {
                //添加权限
                simpleAuthorizationInfo.addStringPermission(permission.getPermission());
            }
        }
        return simpleAuthorizationInfo;
    }
    //用户认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //加这一步的目的是在Post请求的时候会先进认证,然后在到请求
        if (authenticationToken.getPrincipal() == null) {
            return null;
        }
        //获取用户信息
        String name = authenticationToken.getPrincipal().toString();
        User user = loginService.findByName(name);
        if (user == null) {
            //这里返回后会报出对应异常
            return null;
        } else {
            //这里验证authenticationToken和simpleAuthenticationInfo的信息
            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, user.getPassword().toString(), getName());
            return simpleAuthenticationInfo;
        }
    }
}

(2)过滤配置:ShiroConfiguration.class

@Configuration
public class ShiroConfiguration {
    //将自己的验证方式加入容器
    @Bean
    public MyShiroRealm myShiroRealm() {
        MyShiroRealm myShiroRealm = new MyShiroRealm();
        return myShiroRealm;
    }
    //权限管理,配置主要是Realm的管理认证
    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }
    //Filter工厂,设置对应的过滤条件和跳转条件
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String,String> map = new HashMap<String, String>();
        //登出
        map.put("/logout","logout");
        //对所有用户认证
        map.put("/**","authc");
        //登录
        shiroFilterFactoryBean.setLoginUrl("/login");
        //首页
        shiroFilterFactoryBean.setSuccessUrl("/index");
        //错误页面,认证不通过跳转
        shiroFilterFactoryBean.setUnauthorizedUrl("/error");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;
    }
    //加入注解的使用,不加入这个注解不生效
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}

六、接下来就是数据访问层、业务层、以及控制层

(1)数据层:BaseRepository.class,UserRepository.class,RoleRepository.class

@NoRepositoryBean
public interface BaseRepository < T, I extends Serializable > extends PagingAndSortingRepository < T, I > , JpaSpecificationExecutor < T >
{}
public interface UserRepository extends BaseRepository < User, Long >
{
    User findByName(String name);
}
public interface RoleRepository extends BaseRepository < Role, Long >
{}

(2)业务层:LoginServiceImpl.class

@Service
@Transactional
public class LoginServiceImpl implements ILoginService
{
    @Autowired
    private UserRepository userRepository;
    @Autowired
    private RoleRepository roleRepository;
    //添加用户
    @Override
    public User addUser(Map < String, Object > map)
    {
        User user = new User();
        user.setName(map.get("username")
            .toString());
        user.setPassword(Integer.valueOf(map.get("password")
            .toString()));
        userRepository.save(user);
        return user;
    }
    //添加角色
    @Override
    public Role addRole(Map < String, Object > map)
    {
        User user = userRepository.findOne(Long.valueOf(map.get("userId")
            .toString()));
        Role role = new Role();
        role.setRoleName(map.get("roleName")
            .toString());
        role.setUser(user);
        Permission permission1 = new Permission();
        permission1.setPermission("create");
        permission1.setRole(role);
        Permission permission2 = new Permission();
        permission2.setPermission("update");
        permission2.setRole(role);
        List < Permission > permissions = new ArrayList < Permission > ();
        permissions.add(permission1);
        permissions.add(permission2);
        role.setPermissions(permissions);
        roleRepository.save(role);
        return role;
    }
    //查询用户通过用户名
    @Override
    public User findByName(String name)
    {
        return userRepository.findByName(name);
    }
}

(3)控制层:LoginResource.class

@RestController
public class LoginResource {
    @Autowired
    private ILoginService loginService;
    //退出的时候是get请求,主要是用于退出
    @RequestMapping(value = "/login",method = RequestMethod.GET)
    public String login(){
        return "login";
    }
    //post登录
    @RequestMapping(value = "/login",method = RequestMethod.POST)
    public String login(@RequestBody Map map){
        //添加用户认证信息
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(
                map.get("username").toString(),
                map.get("password").toString());
        //进行验证,这里可以捕获异常,然后返回对应信息
        subject.login(usernamePasswordToken);
        return "login";
    }
    @RequestMapping(value = "/index")
    public String index(){
        return "index";
    }
    //登出
    @RequestMapping(value = "/logout")
    public String logout(){
        return "logout";
    }
    //错误页面展示
    @RequestMapping(value = "/error",method = RequestMethod.POST)
    public String error(){
        return "error ok!";
    }
    //数据初始化
    @RequestMapping(value = "/addUser")
    public String addUser(@RequestBody Map<String,Object> map){
        User user = loginService.addUser(map);
        return "addUser is ok! 
" + user;
    }
    //角色初始化
    @RequestMapping(value = "/addRole")
    public String addRole(@RequestBody Map<String,Object> map){
        Role role = loginService.addRole(map);
        return "addRole is ok! 
" + role;
    }
    //注解的使用
    @RequiresRoles("admin")
    @RequiresPermissions("create")
    @RequestMapping(value = "/create")
    public String create(){
        return "Create success!";
    }
}

注:这里对于注解的使用,在最后一个很重要!

七、springboot整合shiro的使用基本上就是这样子了,主要是权限的控制,其他的主要是做跳转和切换使用

springboot整合shiro优点:

·功能强大、灵活、优秀

·可以胜任身份验证、授权、企业会话管理和加密等工作。

·易于使用和理解,与Spring Security相比,入门门槛低。

以上就是springboot整合shiro的全部内容了,更多有关Java架构师的内容请持续关注我们了解吧。