shiro权限

shiro权限

由于用户的增多,每个人都需要有不同的权限才能够更好的分配任务,所以由此产生了shiro

引入相关包

 <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.1</version>
        </dependency>

        <dependency>
            <groupId>com.github.theborakompanioni</groupId>
            <artifactId>thymeleaf-extras-shiro</artifactId>
            <version>2.0.0</version>
        </dependency>

        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
            <!-- TODO Remove version once available in platform BOM -->
            <version>3.0.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-java8time</artifactId>
            <version>3.0.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf</artifactId>
            <version>3.0.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf-spring4</artifactId>
            <version>3.0.3.RELEASE</version>
        </dependency>

配饰shiro的相关文件
image

从后面往前面写
image

告诉用哪个安全管理

package com.of.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import lombok.Builder;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

@Configuration
public class ShiroConfig {
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {

        //对这些请求进行拦截
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        LinkedHashMap<String, String> filterMap = new LinkedHashMap<String, String>();
        filterMap.put("/auth/login", "anon");
        filterMap.put("/user/add", "perms[perm1]");
        filterMap.put("/user/login", "anon");
        filterMap.put("/jsp/registerFrom.jsp", "anon");
        filterMap.put("/user/*", "authc");
        filterMap.put("/jsp/*", "authc");


        //注意顺序
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        //拦截之后会进入这个页面,除非完成了认证
        shiroFilterFactoryBean.setLoginUrl("/jsp/login.jsp");

        //未授权页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/jsp/exception.jsp");
        return shiroFilterFactoryBean;
    }



    @Bean(name = "securityManager")
    public DefaultWebSecurityManager securityManager(@Qualifier("userRealm") UserRealm userRealm) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        //关联userRealm
        defaultWebSecurityManager.setRealm(userRealm);
        return defaultWebSecurityManager;
//CustomRealm
    }


    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }

    //配置ShiroDialect:方言,用于 thymeleaf 和 shiro 标签配合使用
    @Bean
    public ShiroDialect getShiroDialect() {
        return new ShiroDialect();
    }
}

自定义Realm
继承并且重写方法
image

package com.of.config;

import com.of.bean.Emploee;
import com.of.bean.User;
import com.of.service.EmploeeService;
import com.of.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpSession;

@Component
public class UserRealm extends AuthorizingRealm {

    @Autowired
    UserService userService;

    @Autowired
    EmploeeService emploeeService;

    //作为一个全局变量
    User user;
//授权方法
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了授权");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        info.addStringPermission(user.getPerm());
        Subject subject = SecurityUtils.getSubject();
        return info;
    }

//认证方法
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String username = (String) token.getUsername();
        String identify = token.getHost();

        //进行了两步判断
        //原本只用写一个表就行了,但是我在刚开始写代码,没有考虑到使用shiro
        //所以为了防止,另一张表没用,使用这种方法

        user = userService.selectUser(username);
        if (user == null) {
            return null;
        }
        return new SimpleAuthenticationInfo("", user.getPassword(), "");

    }
}

设置拦截
image
可以用通配符
image

springboot配置模板引擎

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
		

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymelaf.org"
    xmlns:shrio="http://www.thymelaf.org/thymelaf-extras-shiro">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>

</body>
</html>

image

posted @ 2022-07-31 21:36  拿受用  阅读(38)  评论(0编辑  收藏  举报