注意:所有文章除特别说明外,转载请注明出处.
1.添加Shiro依赖
<!-- shiro 配置 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
2.自定义Realm
package com.yyzheng.oa.shiro;
public class MyShiroRealm extends AuthorizingRealm {
@Autowired
private RoleService roleService;
@Autowired
private PermissionService permissionService;
@Autowired
private UserService userService;
// 角色权限和对应权限添加
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 获取登录用户名
String userName = (String)principalCollection.getPrimaryPrincipal();
// 查询用户的角色信息
Set<String> roles = getRolesByUsername(userName);
// 查询角色的权限信息
Set<String> permissions = getPermissionsByUserName(userName);
// 设置用户的角色和权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setRoles(roles);
simpleAuthorizationInfo.setStringPermissions(permissions);
return simpleAuthorizationInfo;
}
// 根据用户名字从数据库中获取当前用户的权限数据
private Set<String> getPermissionsByUserName(String userName) {
List<String> list = permissionService.queryPermissionNameByUserName(userName);
if( list != null ){
Set<String> sets = new HashSet<>(list);
return sets;
}else{
return null;
}
}
// 根据用户名字从数据库中获取当前用户的角色数据
private Set<String> getRolesByUsername(String userName) {
List<String> list = roleService.queryRoleNameByUsername(userName);
if( list != null ){
Set<String> sets = new HashSet<>(list);
return sets;
}else{
return null;
}
}
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 1.从主体传过来的信息中获取用户名
String userName = (String)authenticationToken.getPrincipal();
// 2.通过用户名到数据库获取凭证
String password = getPasswordByUserName(userName);
if( password == null ){
return null;
}
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName,password,"myShiroRealm");
return simpleAuthenticationInfo;
}
// 通过用户名从数据库中获取当前用户的密码
private String getPasswordByUserName(String userName) {
User user = userService.queryUserByUserName(userName);
if( user != null ){
return user.getPassword();
}else{
return null;
}
}
}
3.Shiro配置
@Configuration
public class ShiroConfiguration {
// 创建自定义 realm
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
// 创建 SecurityManager 对象
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
// Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
// 登出
map.put("/logout", "logout");
// 对所有用户认证
map.put("/**", "authc");
// 对登录跳转接口进行释放
map.put("/subLogin", "anon");
map.put("/err", "anon");
// 登录
// 注意:这里配置的 /login 是指到 @RequestMapping(value="/login")中的 /login
shiroFilterFactoryBean.setLoginUrl("/login");
// 首页
shiroFilterFactoryBean.setSuccessUrl("/index");
// 错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/err");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
// 加入注解的使用,不加这个,注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
// 跟上面的注解配置搭配使用,有时候加了上面的配置后注解不生效,需要加入下面的配置
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator app = new DefaultAdvisorAutoProxyCreator();
app.setProxyTargetClass(true);
return app;
}
}
