HAC-John  
spring boot 集成shiro

引入jar包 <spring -shiro >

创建主配置类

package com.aaa.pettyloan.config;

import com.aaa.pettyloan.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Map;

/**
 * @author fei
 * @description shiro的主配置文件
 * @company AAA软件
 * @className QY95
 */
@Configuration
public class ShiroConfig {

    /**
     * 在spring 的工厂中创建ShiroFilterFactoryBean 的对象
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String, String> filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap();
        //没有登录跳转到的界面
         shiroFilterFactoryBean.setLoginUrl("/login");
        // 没有授权跳转到的界面
         shiroFilterFactoryBean.setUnauthorizedUrl("/toError");
        // 配置不能拦截的请求
        filterChainDefinitionMap.put("/logout","logout");
        filterChainDefinitionMap.put("/plugins/element-ui/fonts/**","anon");
        filterChainDefinitionMap.put("/plugins/element-ui/**","anon");
        filterChainDefinitionMap.put("/login","anon");
        filterChainDefinitionMap.put("/checkEmp","anon");
        filterChainDefinitionMap.put("/toError","anon");
        //配置员工必须有相对应的权限才能访问
        filterChainDefinitionMap.put("/sys/*","perms[sys]");
        filterChainDefinitionMap.put("/fan/*","perms[fan]");
        filterChainDefinitionMap.put("/cle/*","perms[cle]");
        filterChainDefinitionMap.put("/loan/*","perms[loan]");
        filterChainDefinitionMap.put("/check/*","perms[check]");
        filterChainDefinitionMap.put("/show/*","perms[show]");
        filterChainDefinitionMap.put("/other/*","perms[other]");
        // 所有其他请求都要经过登录校验
            filterChainDefinitionMap.put("/**","authc");
          return shiroFilterFactoryBean;
    }
          /**
            * 在spring工厂中创建SecurityManager 对象
            * @return
            */
        @Bean
        public SecurityManager getSecurityManager(){
            DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
            securityManager.setRealm(getRealm());
            return securityManager;
        }
        /**
         * 创建realm的实现类对象
         * @return
         */
        @Bean
        public MyRealm getRealm(){
            MyRealm realm = new MyRealm();
            realm.setCredentialsMatcher(getMatcher());
            return realm;
        }
        /**
         * 创建凭证匹配器对象
         * @return
         */
        @Bean
        public HashedCredentialsMatcher getMatcher(){
            HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
            credentialsMatcher.setHashAlgorithmName("MD5");
            credentialsMatcher.setHashIterations(10);
            return credentialsMatcher;
        }
    }
创建realm
package com.aaa.pettyloan.realm;

import com.aaa.pettyloan.entity.Employee;
import com.aaa.pettyloan.entity.Users;
import com.aaa.pettyloan.service.LoginService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * @author fei
 * @description 自定义的realm域
 * @company AAA软件
 * @className QY95
 * 2019/7/17 19:26
 */

public class MyRealm extends AuthorizingRealm {
    @Autowired
    private LoginService loginService;
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //获取用户对象
        Employee emp = (Employee) principalCollection.getPrimaryPrincipal();
        //根据用户id查询用户能操作的命名空间
        List<String> namespaces = loginService.queryPermitByshiro(emp);
        //吧命名空间放到shiro中
        SimpleAuthorizationInfo saf = new SimpleAuthorizationInfo();
        saf.addStringPermissions(namespaces);
        return saf;
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //获取用户前台传来的用户名密码
        String empno = authenticationToken.getPrincipal().toString();
        //根据用户名查询用户对象
        Employee emp = loginService.findByUsername(empno);
        if(emp==null){
            throw new UnknownAccountException("用户名输入错误");
        }
        //传递密码时设置盐值
        ByteSource salt = ByteSource.Util.bytes(emp.getSalt());
        SimpleAuthenticationInfo slf = new SimpleAuthenticationInfo(emp,emp.getPassword(),salt,"MyRealm");
        return slf;
    }
}
之后再登录controller配置

完成!







	

		posted on 
2019-07-18 11:20 
初衷丶 
阅读(119) 
评论(0编辑 
收藏 
举报

	



	
	






    
    

    
    

    

        

    

        

            
                
                
            
        

    

    

    

    







                    
 

                

            		
        

    

    



	




Copyright © 2024 初衷丶

Powered by .NET 8.0 on Kubernetes



博客园