Spring Boot集成Shiro权限验证框架,可参考:

https://shiro.apache.org/spring-boot.html

引入依赖


    org.apache.shiro
    shiro-spring-boot-web-starter
    1.4.0

配置Shiro

ShiroConfig

@ConfigurationProperties(prefix = "shiro")
@Configuration
public class ShiroConfig {

    @Autowired
    private ApplicationConfig applicationConfig;

    private List<String> pathDefinitions;

    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
        DefaultShiroFilterChainDefinition chainDefinition = new
                DefaultShiroFilterChainDefinition();

        applicationConfig.getStaticDirs()
                .forEach(s -> chainDefinition.addPathDefinition(s, "anon"));
        this.getPathDefinitions().forEach(d -> {
            String[] defArr = d.split("=");
            chainDefinition
                    .addPathDefinition(StringUtils.trim(defArr[0]), StringUtils.trim(defArr[1]));
        });

        return chainDefinition;
    }

    @Bean
    public Realm systemRealm() {
        SystemRealm systemRealm = new SystemRealm();
        return systemRealm;
    }

    public List<String> getPathDefinitions() {
        return pathDefinitions;
    }

    public void setPathDefinitions(List<String> pathDefinitions) {
        this.pathDefinitions = pathDefinitions;
    }

}

ApplicationConfig:注入的是application.yml中的配置,略。

SystemRealm:

public class SystemRealm extends AuthorizingRealm {

    @Autowired
    private SysAdminMapper sysAdminMapper;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        token.setPassword(EcryptUtils.encode(String.valueOf(token.getPassword())).toCharArray
                ());

        SysAdminDO sysAdminParams = new SysAdminDO();
        sysAdminParams.setAdminLoginName(token.getUsername());
        SysAdminDO sysAdminDO = sysAdminMapper.selectByParams(sysAdminParams);

        AuthenticationInfo authInfo = null;
        if (sysAdminDO != null) {
            authInfo = new SimpleAuthenticationInfo(sysAdminDO, sysAdminDO.getAdminLoginPass(),
                    getName());
        }
        return authInfo;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        /**
         * 下面为静态示例,根据用户对应权限进行修改
         * 根据用户查询对应的角色、权限
         */
        SysAdminDO sysAdminDO = (SysAdminDO) super.getAvailablePrincipal(principalCollection);
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

        Set<String> roles = new HashSet<>();
        roles.addAll(Arrays.asList("product", "operation"));
        authorizationInfo.setRoles(roles);

        Set<String> permissions = new HashSet<>();
        permissions.addAll(Arrays.asList("product:create", "product:del", "operation:update"));
        authorizationInfo.addStringPermissions(permissions);

        return authorizationInfo;
    }

}

应用配置

application.yml中加入Shiro配置。

shiro:
  loginUrl: /login
  successUrl: /
  unauthorizedUrl: /error
  pathDefinitions:
    - /login/submit = anon
    - /logout = logout
    - /test = authc, roles[product], perms[operation:update]
    - /** = authc

loginUrl:没有认证的将会跳到登录页面。

successUrl:认证成功跳转的页面。

unauthorizedUrl:认证失败跳转的页面。

pathDefinitions:用来定义路径授权规则。

更多参数参考官网定义:

https://shiro.apache.org/spring-boot.html#configuration-properties

登录服务类

@Override
public SysAdminDO login(LoginForm form) {
    UsernamePasswordToken token = new UsernamePasswordToken(form.getLoginName(),
            form.getLoginPassword());
    token.setRememberMe(true);
    Subject currentUser = getSubject();
    try {
        currentUser.login(token);
    } catch (Exception e) {
        logger.error("登录验证失败:", e);
    }
    return (SysAdminDO) currentUser.getPrincipal();
}

自带的过滤器

anno, authc等更多定义参考类:

org.apache.shiro.web.filter.mgt.DefaultFilter

官网定义:

http://shiro.apache.org/web.html#default-filters

声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注