shiro框架
认证模块
AuthenticationInfo
同时还得配置controller层,应用subject
//1.须要从token中取得用户名级明码怎么办?
UsernamePasswordToken Utoken = (UsernamePasswordToken)token; //token强转成子类对象可取得String username = Utoken.getUsername();token(将token类型强转为他的子类usernamepasswordToken类型),以便获取账户和明码
//2.从数据库查问?
通过以后用户的登录的username查询数据库是否有对应的用户信息SysUsersinsert sysusers = sysuserdao.selectById(username);
//3.对查问构造进行判断?
if(sysusers==null) throw new UnknownAccountException();//没有找到异样
//3.1判断是否被锁定?
if(sysusers.getvalid()==0) throw new LockedAccountException();//用户名被锁定异样
/4.封装用户信息并返回.?不晓得返回的是什么,看办法的返回值
//因为盐值传递的必须是要转换一下ByteSource credentialsSalt = ByteSource.Util.bytes(sysusers.getSalt());SimpleAuthenticationInfo info = new SimpleAuthenticationInfo( sysusers, // 用户身份 sysusers.getPassword(), //数据库的明码(已被加密) credentialsSalt, //盐值 getName());//认证对象返回 return info;
受权模块
AuthorizationInfo
获取以后对象
SysUsersinsert user =( //获取以后类对强转一下像转换 SysUsersinsert)principals.getPrimaryPrincipal();
基于菜单id查问受权标识并校验
留神须要受权的业务在业务办法上退出注解@RequiresPermissions("sys:user:update")
List<String> menusSTRING = sysmenudao.findMenusStringprop(menuids); if(menusSTRING==null||menusSTRING.size()==0) throw new AuthorizationException();
封装查问后果并返回
SimpleAuthorizationInfo sim = new SimpleAuthorizationInfo(); sim.setStringPermissions(stringPermissions); return sim;//因为 sim.setStringPermissions(stringPermissions) 须要传入一个List类型所以创立一个汇合Set<String> stringPermissions=new HashSet<>(); for (String pre : menusSTRING) { if(pre!=null&&!"".equals(pre)) { stringPermissions.add(pre); } }
还须要配置凭证匹配器
//设置凭证匹配器:还有一种形式为get @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { //构建匹配器对象 HashedCredentialsMatcher credent = new HashedCredentialsMatcher(); //设置加密算法 credent.setHashAlgorithmName("MD5"); //设计几次加密与增加用户时雷同次数 credent.setHashIterations(1); super.setCredentialsMatcher(credent); }
shiro框架的手动配置
超级管理员SecurityManager
//Realm 是认证和受权的两个实现类的一个大接口益处是实现了多态缩小代码的编写@Beanpublic SecurityManager SecurityManager(Realm realm){ DefaultWebSecurityManager securityManager= new DefaultWebSecurityManager(); securityManager.setRealm(realm); return securityManager; }//如果须要配置缓存将缓存对象也得注入给securityManager对象 CacheManager 缓存对象RememberMeManager 记住我对象 //将两个同时注入到SecurityManager之中 ji'ke //增加shiro框架的cache缓存 @Bean public CacheManager newcacheMange() { return new MemoryConstrainedCacheManager(); }
受权治理配置
/** 受权治理操作时 * 首先在springboot我的项目中只须要配置Advison,其余两个配置由spring底层主动配置 * 配置shiro中的Advison对象,此对象在spring框架启动时用于告知spring框架要为那些切入点形容对象创立代理对象 */@Beanpublic AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();advisor.setSecurityManager(securityManager);return advisor; }
手动增加认证跳转信息(模板)
//设置通过此对象设置资源匿名拜访、认证拜访。要害代码如下:@Beanpublic ShiroFilterFactoryBean shiroFilterFactory (SecurityManager securityManager) { ShiroFilterFactoryBean sfBean = new ShiroFilterFactoryBean(); sfBean.setSecurityManager(securityManager);//定义map指定申请过滤规定(哪些资源容许匿名拜访,哪些必须认证拜访) sfBean.setLoginUrl("/doLoginUI"); //设置认证页LinkedHashMap<String,String> map= new LinkedHashMap<>(); //动态资源容许匿名拜访:"anon" map.put("/bower_components/**","anon"); map.put("/build/**","anon"); map.put("/dist/**","anon"); map.put("/plugins/**","anon"); map.put("/user/doLogin","anon"); map.put("/doLogout","anon");//除了匿名拜访的资源,其它都要认证("authc")后拜访 map.put("/**","user"); sfBean.setFilterChainDefinitionMap(map); //间接退出map也能够一个的加 return sfBean; }
应用增加依赖包的形式配置shiro
@Configuration//此注解形容的类为spring的配置类,不必把那边的业务交给spring治理了
@Configurationpublic class SpringShiroConfig{@Bean public Realm realm() { return new shiroAuthenSerivce(); }//配置认证转换器@Beanpublic ShiroFilterChainDefinition shiroFilterChainDefinition() { DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition(); //同上能够是Map汇合也一个一个的增加,最好用map chainDefinition.setaddPathDefinitions(map);}//如果想要配置cache缓存、话间接配置一下代码即可@Beanprotected CacheManager shirocacheManager() { return new MemoryConstrainedCacheManager(); }