本文共 4360 字,大约阅读时间需要 14 分钟。
在项目中引入Shiro组件的依赖项。通过Maven进行配置:
org.apache.shiro shiro-spring 1.4.1
创建一个继承自AuthorizingRealm的自定义Realm类,用于实现认证和授权功能。以下是一个示例代码:
public class CustomRealm extends AuthorizingRealm { private final Map userInfoMap; private final Map > permissionMap; private final Map > roleMap; { userInfoMap = new HashMap<>(); userInfoMap.put("jack", "123"); userInfoMap.put("baixun", "123"); permissionMap = new HashMap<>(); Set set1 = new HashSet<>(); Set set2 = new HashSet<>(); set1.add("video:find"); set1.add("video:buy"); set2.add("video:add"); set2.add("video:delete"); permissionMap.put("jack", set1); permissionMap.put("baixun", set2); roleMap = new HashMap<>(); Set set1 = new HashSet<>(); Set set2 = new HashSet<>(); set1.add("role1"); set1.add("role2"); set2.add("root"); roleMap.put("jack", set1); roleMap.put("baixun", set2); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String name = (String) principals.getPrimaryPrincipal(); Set permissions = getPermissionsByNameFromDB(name); Set roles = getRolesByNameFromDB(name); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.setRoles(roles); simpleAuthorizationInfo.setStringPermissions(permissions); return simpleAuthorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String name = (String) token.getPrincipal(); String pwd = getPwdByUsernameFromDB(name); if (pwd == null || "".equals(pwd)) { return null; } return new SimpleAuthenticationInfo(name, pwd, this.getName()); } private String getPwdByUsernameFromDB(String name) { return userInfoMap.get(name); } private Set getRolesByNameFromDB(String name) { return roleMap.get(name); } private Set getPermissionsByNameFromDB(String name) { return permissionMap.get(name); }} 创建一个Shiro配置类,用于整合各种安全配置:
@Configurationpublic class ShiroConfig { @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map filterMap = new LinkedHashMap<>(); filterMap.put("/*", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); shiroFilterFactoryBean.setLoginUrl("/toLogin"); shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth"); return shiroFilterFactoryBean; } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } @Bean(name = "userRealm") public UserRealm getRealm() { return new UserRealm(); } @Bean public ShiroDialect getShiroDialect() { return new ShiroDialect(); }} 创建一个RestController,用于测试Shiro相关的认证和授权功能:
@RestControllerpublic class UserController { @Autowired private IUserService userService; @RequestMapping(value = "test/login", method = RequestMethod.POST) public String login(String username, String password) { try { Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username, password); subject.login(token); return "登录成功"; } catch (UnknownAccountException e) { return "用户名错误"; } catch (IncorrectCredentialsException e) { return "密码错误"; } } @GetMapping("/toLogin") public String toLogin() { return "登录页面"; } @GetMapping("/noAuth") public String noAuth() { return "无权限访问"; }} 该项目采用了Shiro框架进行用户认证和权限管理,主要包括以下几个部分:
项目中通过注入式配置和依赖管理,使得代码更加简洁易懂。
转载地址:http://pbrqz.baihongyu.com/