Springboot統合shiro構成

6388 ワード

1、LifecycleBeanPostProcessor管理ライフサイクルの構成2、ShiroFilterFactoryBeanの構成認証が必要なパスを設定3、shiro Aop注釈をオンにするAuthorizationAttributeSourceAdvisor 4、SecurityManagerの構成カスタムRealm、session、キャッシュRealmのログイン認証の実現、セッション設定のタイムアウト時間の許可、sessionDAOの設定(sessionキャッシュの場所はshiroが持参してもradisを使用してもよい)、sessionモニタキャッシュの設定はshiroがカスタマイズしたものを設定してもよいし、radis shiro Config/***Created by lenovo on 2019/4/2を設定してもよい.*/@Configuration public class shiroConfig {//1、構成LifecycleBeanPostProcessor管理ライフサイクル//2、構成ShiroFilterFactoryBean設定どのパスが認証を必要とするか、どれが//3を必要としないか、shiro Aop注釈をオンにしてAuthorizationAttributeSourceAdvisor//4をサポートするか、構成SecurityManager管理カスタムRealm、session、キャッシュ//Realm実装ログイン認証、許可//session設定タイムアウト時間、設定sessionDAOをセットする(sessionキャッシュの場所はshiroが持参してもradisを使用してもよい)、sessionモニタを設定する//キャッシュはshiroがカスタマイズしたものを設定してもよいし、radisを設定してもよい
    //session    
    @Value("${server.session-timeout}")
    private int tomcatTimeout;

    //  shiro bean         
    @Bean
    public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean("shiroFilter")
    ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/login");
        shiroFilterFactoryBean.setSuccessUrl("/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        LinkedHashMap filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/login","anon");
        filterChainDefinitionMap.put("/css/**", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/fonts/**", "anon");
        filterChainDefinitionMap.put("/img/**", "anon");
        filterChainDefinitionMap.put("/docs/**", "anon");
        filterChainDefinitionMap.put("/druid/**", "anon");
        filterChainDefinitionMap.put("/upload/**", "anon");
        filterChainDefinitionMap.put("/files/**", "anon");/*
        filterChainDefinitionMap.put("/logout", "logout");*/
        filterChainDefinitionMap.put("/", "anon");
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/blog/open/**", "anon");
        filterChainDefinitionMap.put("/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    /**
     *   shiro aop    .
     *       ;          ;
     *
     * @param securityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }


    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //  realm.
        securityManager.setRealm(userRealm());
        //           redis
        securityManager.setCacheManager(ehCacheManager());
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }
    //     Realm
    @Bean
    UserRealm userRealm() {
        UserRealm userRealm = new UserRealm();
        return userRealm;
    }
    //  shiro      
    @Bean
    public SessionDAO sessionDAO() {
        return new MemorySessionDAO();
    }

    /**
     * shiro session   
     */
    @Bean
    public DefaultWebSessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        //session    
        sessionManager.setGlobalSessionTimeout(tomcatTimeout * 1000);
        sessionManager.setSessionDAO(sessionDAO());
        Collection listeners = new ArrayList();
        sessionManager.setSessionListeners(listeners);
        return sessionManager;
    }
    //ehCahe         
    @Bean
    public EhCacheManager ehCacheManager() {
        EhCacheManager em = new EhCacheManager();
        em.setCacheManager(cacheManager());
        return em;
    }

    @Bean("cacheManager2")
    CacheManager cacheManager(){
        return CacheManager.create();
    }


}

UserRealm
public class UserRealm extends AuthorizingRealm {
/*	@Autowired
	UserDao userMapper;
	@Autowired
	MenuService menuService;*/

	@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
	 UserDO usrDo = (UserDO)SecurityUtils.getSubject().getPrincipal();
	MenuService menuService = ApplicationContextRegister.getBean(MenuService.class);
	Set perms = menuService.listPerms(usrDo.getUserId());
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	info.setStringPermissions(perms);
	return info;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	String username = (String) token.getPrincipal();
	Map map = new HashMap<>(16);
	map.put("username", username);
	String password = new String((char[]) token.getCredentials());

	UserDao userMapper = ApplicationContextRegister.getBean(UserDao.class);
	//       
	UserDO user = userMapper.list(map).get(0);

	//      
	if (user == null) {
		throw new UnknownAccountException("        ");
	}

	//     
	if (!password.equals(user.getPassword())) {
		throw new IncorrectCredentialsException("        ");
	}

	//     
	if (user.getStatus() == 0) {
		throw new LockedAccountException("      ,      ");
	}
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
	return info;
}

統合springboot+spring+mybaits+shrioソースコード:https://github.com/ww520lyx1314/shiro