åè¨ï¼å¨springbootä¸æ两ç§æ¹å¼å¯ä»¥å®ç°shiroçææï¼åå«æ¯åºäºé ç½®çææååºäºæ³¨è§£çææã
注ï¼è¯¦ç»è¯·è§çBç«è§é¢ï¼ä¼ æºæ客ï¼https://www.bilibili.com/video/BV18A411L7UX
- subject :Subjectå³ä¸»ä½ï¼å¤é¨åºç¨ä¸subjectè¿è¡äº¤äºï¼subjectè®°å½äºå½åæä½ç¨æ·ï¼å°ç¨æ·çæ¦å¿µç解为å½åæä½ç主ä½ï¼å¯è½æ¯ä¸ä¸ªéè¿æµè§å¨è¯·æ±çç¨æ·ï¼ä¹å¯è½æ¯ä¸ä¸ªè¿è¡çç¨åºã Subjectå¨shiroä¸æ¯ä¸ä¸ªæ¥å£ï¼æ¥å£ä¸å®ä¹äºå¾å¤è®¤è¯æç¸å ³çæ¹æ³ï¼å¤é¨ç¨åºéè¿subjectè¿è¡è®¤è¯æï¼èsubjectæ¯éè¿SecurityManagerå®å ¨ç®¡çå¨è¿è¡è®¤è¯ææ
- SecurityManager :SecurityManagerå³å®å ¨ç®¡çå¨ï¼å¯¹å ¨é¨çsubjectè¿è¡å®å ¨ç®¡çï¼å®æ¯shiroçæ ¸å¿ï¼è´è´£å¯¹ææçsubjectè¿è¡å®å ¨ç®¡çãéè¿SecurityManagerå¯ä»¥å®æsubjectç认è¯ãææçï¼å®SecurityManageræ¯éè¿Authenticatorè¿è¡è®¤è¯ï¼éè¿Authorizerè¿è¡ææï¼éè¿SessionManagerè¿è¡ä¼è¯ç®¡ççãSecurityManageræ¯ä¸ä¸ªæ¥å£ï¼ç»§æ¿äºAuthenticator, Authorizer, SessionManagerè¿ä¸ä¸ªæ¥å£ã
- Authenticatorï¼Authenticatorå³è®¤è¯å¨ï¼å¯¹ç¨æ·èº«ä»½è¿è¡è®¤è¯ï¼Authenticatoræ¯ä¸ä¸ªæ¥å£ï¼shiroæä¾ ModularRealmAuthenticatorå®ç°ç±»ï¼éè¿ModularRealmAuthenticatoråºæ¬ä¸å¯ä»¥æ»¡è¶³å¤§å¤æ°éæ±ï¼ä¹å¯ä»¥èªå®ä¹è®¤è¯å¨ã
- Authorizer ï¼Authorizerå³ææå¨ï¼ç¨æ·éè¿è®¤è¯å¨è®¤è¯éè¿ï¼å¨è®¿é®åè½æ¶éè¦éè¿ææå¨å¤æç¨æ·æ¯å¦ææ¤åè½çæä½æéã
-
realm ï¼ Realmå³é¢åï¼ç¸å½äºdatasourceæ°æ®æºï¼securityManagerè¿è¡å®å ¨è®¤è¯éè¦éè¿Realmè·åç¨æ·æéæ°æ®ï¼æ¯å¦ï¼å¦æç¨æ·èº«ä»½æ°æ®å¨æ°æ®åºé£ä¹realmå°±éè¦ä»æ°æ®åºè·åç¨æ·èº«ä»½ä¿¡æ¯ã
注æï¼ä¸è¦ærealmç解æåªæ¯ä»æ°æ®æºåæ°æ®ï¼å¨realmä¸è¿æ认è¯æææ ¡éªçç¸å ³ç代ç ã
- sessionManager ï¼sessionManagerå³ä¼è¯ç®¡çï¼shiroæ¡æ¶å®ä¹äºä¸å¥ä¼è¯ç®¡çï¼å®ä¸ä¾èµweb容å¨çsessionï¼æ以shiroå¯ä»¥ä½¿ç¨å¨éwebåºç¨ä¸ï¼ä¹å¯ä»¥å°åå¸å¼åºç¨çä¼è¯éä¸å¨ä¸ç¹ç®¡çï¼æ¤ç¹æ§å¯ä½¿å®å®ç°åç¹ç»å½ã
- SessionDAO ï¼SessionDAOå³ä¼è¯daoï¼æ¯å¯¹sessionä¼è¯æä½çä¸å¥æ¥å£ï¼æ¯å¦è¦å°sessionåå¨å°æ°æ®åºï¼å¯ä»¥éè¿jdbcå°ä¼è¯åå¨å°æ°æ®åºã
- CacheManager ï¼CacheManagerå³ç¼å管çï¼å°ç¨æ·æéæ°æ®åå¨å¨ç¼åï¼è¿æ ·å¯ä»¥æé«æ§è½ã
- Cryptography ï¼Cryptographyå³å¯ç 管çï¼shiroæä¾äºä¸å¥å å¯/解å¯çç»ä»¶ï¼æ¹ä¾¿å¼åãæ¯å¦æä¾å¸¸ç¨çæ£åãå /解å¯çåè½ã
ä¸ãç¯å¢æ建
1ãåå¤æ°æ®åºæ°æ®
DROP TABLE IF EXISTS `pe_permission`;
CREATE TABLE `pe_permission` (
`id` varchar(40) NOT NULL COMMENT '主é®',
`name` varchar(255) DEFAULT NULL COMMENT 'æéå称',
`code` varchar(20) DEFAULT NULL,
`description` text COMMENT 'æéæè¿°',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- ----------------------------
-- Records of pe_permission
-- ----------------------------
INSERT INTO `pe_permission` VALUES ('1', 'æ·»å ç¨æ·', 'user-add', null);
INSERT INTO `pe_permission` VALUES ('2', 'æ¥è¯¢ç¨æ·', 'user-find', null);
INSERT INTO `pe_permission` VALUES ('3', 'æ´æ°ç¨æ·', 'user-update', null);
INSERT INTO `pe_permission` VALUES ('4', 'å é¤ç¨æ·', 'user-delete', null);
-- ----------------------------
-- Table structure for pe_role
-- ----------------------------
DROP TABLE IF EXISTS `pe_role`;
CREATE TABLE `pe_role` (
`id` varchar(40) NOT NULL COMMENT '主é®ID',
`name` varchar(40) DEFAULT NULL COMMENT 'æéå称',
`description` varchar(255) DEFAULT NULL COMMENT '说æ',
PRIMARY KEY (`id`),
UNIQUE KEY `UK_k3beff7qglfn58qsf2yvbg41i` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- ----------------------------
-- Records of pe_role
-- ----------------------------
INSERT INTO `pe_role` VALUES ('1', 'ç³»ç»ç®¡çå', 'ç³»ç»æ¥å¸¸ç»´æ¤');
INSERT INTO `pe_role` VALUES ('2', 'æ®éåå·¥', 'æ®éæä½æé');
-- ----------------------------
-- Table structure for pe_role_permission
-- ----------------------------
DROP TABLE IF EXISTS `pe_role_permission`;
CREATE TABLE `pe_role_permission` (
`role_id` varchar(40) NOT NULL COMMENT 'è§è²ID',
`permission_id` varchar(40) NOT NULL COMMENT 'æéID',
PRIMARY KEY (`role_id`,`permission_id`),
KEY `FK74qx7rkbtq2wqms78gljv87a0` (`permission_id`),
KEY `FKee9dk0vg99shvsytflym6egxd` (`role_id`),
CONSTRAINT `fk-p-rid` FOREIGN KEY (`role_id`) REFERENCES `pe_role` (`id`),
CONSTRAINT `fk-pid` FOREIGN KEY (`permission_id`) REFERENCES `pe_permission` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- ----------------------------
-- Records of pe_role_permission
-- ----------------------------
INSERT INTO `pe_role_permission` VALUES ('1', '1');
INSERT INTO `pe_role_permission` VALUES ('1', '2');
INSERT INTO `pe_role_permission` VALUES ('2', '2');
INSERT INTO `pe_role_permission` VALUES ('1', '3');
INSERT INTO `pe_role_permission` VALUES ('1', '4');
-- ----------------------------
-- Table structure for pe_user
-- ----------------------------
DROP TABLE IF EXISTS `pe_user`;
CREATE TABLE `pe_user` (
`id` varchar(40) NOT NULL COMMENT 'ID',
`username` varchar(255) NOT NULL COMMENT 'ç¨æ·å称',
`password` varchar(255) DEFAULT NULL COMMENT 'å¯ç ',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- ----------------------------
-- Records of pe_user
-- ----------------------------
INSERT INTO `pe_user` VALUES ('1', 'zhangsan', '123456');
INSERT INTO `pe_user` VALUES ('2', 'lisi', '123456');
INSERT INTO `pe_user` VALUES ('3', 'wangwu', '123456');
-- ----------------------------
-- Table structure for pe_user_role
-- ----------------------------
DROP TABLE IF EXISTS `pe_user_role`;
CREATE TABLE `pe_user_role` (
`role_id` varchar(40) NOT NULL COMMENT 'è§è²ID',
`user_id` varchar(40) NOT NULL COMMENT 'æéID',
KEY `FK74qx7rkbtq2wqms78gljv87a1` (`role_id`),
KEY `FKee9dk0vg99shvsytflym6egx1` (`user_id`),
CONSTRAINT `fk-rid` FOREIGN KEY (`role_id`) REFERENCES `pe_role` (`id`),
CONSTRAINT `fk-uid` FOREIGN KEY (`user_id`) REFERENCES `pe_user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- ----------------------------
-- Records of pe_user_role
-- ----------------------------
INSERT INTO `pe_user_role` VALUES ('1', '1');
2ãæ°å»ºä¸ä¸ªmaven项ç®å¹¶å¼å ¥ä¾èµå
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
3ãå建application.ymlæ件
server:
port: 8081
spring:
application:
name: ihrm-company #æå®æå¡å
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/shiro_db?useUnicode=true&characterEncoding=utf8
username: root
password: 123456
jpa:
database: MySQL
show-sql: true
open-in-view: true
redis:
host: 127.0.0.1
port: 6379
äºãèªå®ä¹realmï¼å®å ¨æ°æ®æºï¼
/**
* èªå®ä¹çrealm
*/
public class CustomRealm extends AuthorizingRealm {
public void setName(String name) {
super.setName("customRealm");
}
@Autowired
private UserService userService;
/**
* æææ¹æ³
* æä½çæ¶åï¼å¤æç¨æ·æ¯å¦å
·æååºçæé
* å
è®¤è¯ -- å®å
¨æ°æ®
* åææ -- æ ¹æ®å®å
¨æ°æ®è·åç¨æ·å
·æçæææä½æé
*
*
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//1.è·å已认è¯çç¨æ·æ°æ®
User user = (User) principalCollection.getPrimaryPrincipal();//å¾å°å¯ä¸çå®å
¨æ°æ®
//2.æ ¹æ®ç¨æ·æ°æ®è·åç¨æ·çæéä¿¡æ¯ï¼ææè§è²ï¼æææéï¼
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<String> roles = new HashSet<>();//ææè§è²
Set<String> perms = new HashSet<>();//æææé
for (Role role : user.getRoles()) {
roles.add(role.getName());
for (Permission perm : role.getPermissions()) {
perms.add(perm.getCode());
}
}
info.setStringPermissions(perms);
info.setRoles(roles);
return info;
}
/**
* 认è¯æ¹æ³
* åæ°ï¼ä¼ éçç¨æ·åå¯ç
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1.è·åç»å½çç¨æ·åå¯ç ï¼tokenï¼
UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
String username = upToken.getUsername();
String password = new String( upToken.getPassword());
//2.æ ¹æ®ç¨æ·åæ¥è¯¢æ°æ®åº
User user = userService.findByName(username);
//3.å¤æç¨æ·æ¯å¦åå¨æè
å¯ç æ¯å¦ä¸è´
if(user != null && user.getPassword().equals(password)) {
//4.å¦æä¸è´è¿åå®å
¨æ°æ®
//æé æ¹æ³ï¼å®å
¨æ°æ®ï¼å¯ç ï¼realmåå
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),this.getName());
return info;
}
//5.ä¸ä¸è´ï¼è¿ånullï¼æåºå¼å¸¸ï¼
return null;
}
public static void main(String[] args) {
System.out.println(new Md5Hash("123456","wangwu",3).toString());
}
}
ä¸ãShiroçé ç½®
è¿æ»¤å¨ï¼
@Configuration
public class ShiroConfiguration {
//1.å建realm
@Bean
public CustomRealm getRealm() {
return new CustomRealm();
}
//2.å建å®å
¨ç®¡çå¨
@Bean
public SecurityManager getSecurityManager(CustomRealm realm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
//å°èªå®ä¹çä¼è¯ç®¡çå¨æ³¨åå°å®å
¨ç®¡çå¨ä¸
securityManager.setSessionManager(sessionManager());
//å°èªå®ä¹çredisç¼å管çå¨æ³¨åå°å®å
¨ç®¡çå¨ä¸
securityManager.setCacheManager(cacheManager());
return securityManager;
}
//3.é
ç½®shiroçè¿æ»¤å¨å·¥å
/**
* åwebç¨åºä¸ï¼shiroè¿è¡æéæ§å¶å
¨é¨æ¯éè¿ä¸ç»è¿æ»¤å¨éåè¿è¡æ§å¶
*
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
//1.å建è¿æ»¤å¨å·¥å
ShiroFilterFactoryBean filterFactory = new ShiroFilterFactoryBean();
//2.设置å®å
¨ç®¡çå¨
filterFactory.setSecurityManager(securityManager);
//3.éç¨é
ç½®ï¼è·³è½¬ç»å½é¡µé¢ï¼ä¸ºææ跳转ç页é¢ï¼
filterFactory.setLoginUrl("/autherror?code=1");//跳转urlå°å
filterFactory.setUnauthorizedUrl("/autherror?code=2");//æªææçurl
//4.设置è¿æ»¤å¨éå
/**
* 设置ææçè¿æ»¤å¨ï¼æ顺åºmap
* key = æ¦æªçurlå°å
* value = è¿æ»¤å¨ç±»å
*
*/
Map<String,String> filterMap = new LinkedHashMap<>();
//filterMap.put("/user/home","anon");//å½å请æ±å°åå¯ä»¥å¿å访é®
//å
·ææä¸æéæè½è®¿é®
//使ç¨è¿æ»¤å¨çå½¢å¼é
置请æ±å°åçä¾èµæé
//filterMap.put("/user/home","perms[user-home]"); //ä¸å
·å¤æå®çæéï¼è·³è½¬å°setUnauthorizedUrlå°å
//使ç¨è¿æ»¤å¨çå½¢å¼é
置请æ±å°åçä¾èµè§è²
//filterMap.put("/user/home","roles[ç³»ç»ç®¡çå]");
filterMap.put("/user/**","authc");//å½å请æ±å°åå¿
须认è¯ä¹åå¯ä»¥è®¿é®
filterFactory.setFilterChainDefinitionMap(filterMap);
return filterFactory;
}
//å¼å¯å¯¹shior注解çæ¯æ
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
注æï¼anon, authc, authcBasic, user æ¯ç¬¬ä¸ç»è®¤è¯è¿æ»¤å¨ï¼perms, port, rest, roles, ssl æ¯ç¬¬äºç»ææè¿æ»¤
å¨ï¼è¦éè¿ææè¿æ»¤å¨ï¼å°±å è¦å®æç»é认è¯æä½ï¼å³å è¦å®æ认è¯æè½åå»å¯»æ¾ææ) æè½èµ°ç¬¬äºç»ææå¨
ï¼ä¾å¦è®¿é®éè¦ roles æéç urlï¼å¦æè¿æ²¡æç»éçè¯ï¼ä¼ç´æ¥è·³è½¬å°
shiroFilterFactoryBean.setLoginUrl(); 设置ç url ï¼
åãåºäºé ç½®ææ
å¨shiroé 置类(第3æ¥)ä¸çé ç½®shiroçè¿æ»¤å¨å·¥åçæ¹æ³ä¸è®¾ç½®
//é
置请æ±è¿æ¥è¿æ»¤å¨é
ç½®
//å¿å访é®ï¼ææ人åå¯ä»¥ä½¿ç¨ï¼
filterMap.put("/user/home", "anon");
//å
·ææå®æé访é®
filterMap.put("/user/find", "perms[user-find]");
//认è¯ä¹å访é®ï¼ç»å½ä¹åå¯ä»¥è®¿é®ï¼
filterMap.put("/user/**", "authc");
//å
·ææå®è§è²å¯ä»¥è®¿é®
filterMap.put("/user/**", "roles[ç³»ç»ç®¡çå]");
äºãåºäºæ³¨è§£ææ
//使ç¨shiro注解é´æ
//@RequiresPermissions() -- 访é®æ¤æ¹æ³å¿
é¡»å
·å¤çæé
//@RequiresRoles() -- 访é®æ¤æ¹æ³å¿
é¡»å
·å¤çè§è²
/**
* 1.è¿æ»¤å¨ï¼å¦ææéä¿¡æ¯ä¸å¹é
setUnauthorizedUrlå°å
* 2.注解ï¼å¦ææéä¿¡æ¯ä¸å¹é
ï¼æåºå¼å¸¸
*/
@RequiresPermissions("user-home")
@RequestMapping(value = "/user/home")
public String home() {
return "访é®ä¸ªäººä¸»é¡µæå";
}
å®æï¼ï¼ï¼