博客

这里简单完成一个shiro的单点登陆(用redis)启动两个节点

  • Post author:
  • Post category:其他


首先最开始就是springboot整合shiro

这个网上蛮多的,这里我先不弄

看到网上蛮多资料都是shiro单点登陆整合redis

说白了就是shiro登陆后将登陆信息给session了 可是另外一个节点的shiro没有这个session的信息 于是干脆把第一个登陆的信息保存到session中然后再交给一个公共的redis。另外一个节点的shiro也整合这个redis,所以他们的session里面的登陆信息是共享的.于是登陆另一个节点,就可以直接登陆了

大致就是这个情况

有空再写个shiro源码的分析

这里做一个简单的所以很多东西做一个最简化的操作,密码会加密一下

这里用的springboot

我项目中用的分布式整合dobbox这里不做介绍 先把消费端展示

在这里插入图片描述

这里ckwesm-controller-c4和ckwesm-controller-c6是一样的代码 ,这里就是做了一个集群操作完成单点登陆

分布式方面暂时不考虑 ,以后抽空再写一个

在这里插入图片描述

pom.xml这是maven导包

application.properties 这是配置 我这里主要配置下redis的端口

ShiroConfiguration 这里是一个shiro的配置类

LoginRealm是做的一个ream这个可以看成realm的dao层数据源

UserContoroller这里是登陆页的后端接口

先说pom.xml,这里是spring整合redis redis整合shiro spring整合shiro的包 ,其他包暂时没有测过,不过这个是可以的 

	<dependency>
		<groupId>org.springframework.data</groupId>
		<artifactId>spring-data-redis</artifactId>
	</dependency> 
	<dependency>
        <groupId>org.crazycake</groupId>
        <artifactId>shiro-redis</artifactId>
        <version>2.4.2.1-RELEASE</version>
    </dependency>
    <!--shiro  -->
	<dependency>
	    <groupId>org.apache.shiro</groupId>
	    <artifactId>shiro-spring</artifactId>
	    <version>1.3.2</version>
	</dependency>

这里我暂时在window上面操作测试的

redis服务端用的这个版本

在这里插入图片描述

启动redis服务端和redis客户端,只启动服务端就行。这里启动客户端是为了便于观测

在这里插入图片描述

再来说application.properties,下面是redis的端口和ip配置,这里由于是本机操作所以ip是127.0.0.1

spring.redis.database=0

spring.redis.host=127.0.0.1

spring.redis.port=6379

#spring.redis.password=gzsendi1!

#spring.redis.pool.max-active=10

#spring.redis.pool.max-wait=-1

#spring.redis.pool.max-idle=8

#spring.redis.pool.min-idle=0

spring.redis.timeout=0

然后再说shiro的filter核心配置ShiroConfiguration

package com.management.config;

import java.util.LinkedHashMap;

import java.util.Map;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authc.credential.CredentialsMatcher;

import org.apache.shiro.mgt.SecurityManager;

import org.apache.shiro.realm.Realm;

import org.apache.shiro.session.mgt.SessionManager;

import org.apache.shiro.session.mgt.eis.SessionDAO;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;

import org.crazycake.shiro.RedisManager;

import org.crazycake.shiro.RedisSessionDAO;

import org.mindrot.jbcrypt.BCrypt;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import com.management.reaml.LoginRealm;

@Configuration

public class ShiroConfiguration {

@Value("${spring.redis.host}")
private String host;

@Value("${spring.redis.port}")
private int port;

@Bean
public Realm securityRealm() {
	LoginRealm loginRealm = new LoginRealm();
	loginRealm.setCredentialsMatcher(new CredentialsMatcher() {
		//@Override
		public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
			// TODO Auto-generated method stub
			UsernamePasswordToken userToken=(UsernamePasswordToken)token;
			//要验证的明文密码
			String plaintext = new String(userToken.getPassword());
			//数据库中加密后的密文
			String hashed=info.getCredentials().toString();
			return BCrypt.checkpw(plaintext, hashed);
		}
	});
	
	loginRealm.setCachingEnabled(false);
	return loginRealm;
}

@Bean(name="securityManager")
public SecurityManager securityManager() {
	DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
	securityManager.setRealm(securityRealm());
	securityManager.setSessionManager(sessionManager());
	return securityManager;
}

@Bean
public SessionManager sessionManager() {
	DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
	sessionManager.setSessionDAO(sessionDao());
	return sessionManager;
}

@Bean
SessionDAO sessionDao() {
	 RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
	 redisSessionDAO.setRedisManager(redisManager());
	 System.out.println("是否使用redis缓存");
      return redisSessionDAO;		
}

@Bean
public RedisManager redisManager() {
	System.out.println("交给redis");
	RedisManager redisManager = new RedisManager();
	redisManager.setHost(host);
	redisManager.setPort(port);
	redisManager.setExpire(1800);
	return redisManager;
}

@Bean(name="shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	shiroFilterFactoryBean.setSecurityManager(securityManager);
	shiroFilterFactoryBean.setLoginUrl("/oo");
	shiroFilterFactoryBean.setSuccessUrl("suceess.html");
	shiroFilterFactoryBean.setUnauthorizedUrl("/403.html");
	Map<String,String>filterChainDefinitionMap=new LinkedHashMap<String,String>();
	filterChainDefinitionMap.put("/favicon.ico","anon");
	filterChainDefinitionMap.put("/getcode","anon");
	filterChainDefinitionMap.put("/getExcel","anon");
	filterChainDefinitionMap.put("/js","anon");
	filterChainDefinitionMap.put("/css","anon");
	filterChainDefinitionMap.put("/jpg","anon");
	filterChainDefinitionMap.put("/gif","anon");
	filterChainDefinitionMap.put("/map","anon");
	filterChainDefinitionMap.put("/fonts/*","anon");
	filterChainDefinitionMap.put("/png","anon");
	filterChainDefinitionMap.put("/shutdown","anon");
	filterChainDefinitionMap.put("/getMan","anon");
	filterChainDefinitionMap.put("/addDoument","anon");
	filterChainDefinitionMap.put("/shenll","anon");
	filterChainDefinitionMap.put("/delDoument","anon");
	filterChainDefinitionMap.put("/sendMsg","anon");
	filterChainDefinitionMap.put("/delDoument","anon");
	filterChainDefinitionMap.put("/updateDoument","anon");
	filterChainDefinitionMap.put("/InputTest.html","anon");
	filterChainDefinitionMap.put("/jquery-2.2.4/jquery.js","anon");
	filterChainDefinitionMap.put("/getKeyWord","anon");
	filterChainDefinitionMap.put("/getFullMatch","anon");
	filterChainDefinitionMap.put("/getBlankExcel","anon");
	filterChainDefinitionMap.put("/druid/login.html","anon");
	filterChainDefinitionMap.put("/tologin*","anon");
    filterChainDefinitionMap.put("/**", "authc");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
	return shiroFilterFactoryBean;
}

}

下面一个个来做说明

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

这样我们的shiroconfig的配置就完成了

下面我们来看登陆接口

package com.management.controller.user;

import java.awt.image.BufferedImage;

import java.io.IOException;

import java.io.OutputStream;

import java.util.UUID;

import java.util.concurrent.TimeUnit;

import javax.imageio.ImageIO;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.subject.Subject;

import org.mindrot.jbcrypt.BCrypt;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.data.redis.core.RedisTemplate;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.GetMapping;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestParam;

import org.springframework.web.bind.annotation.ResponseBody;

import com.management.base.ApiResponse;

import com.management.base.Status;

import com.management.domain.user.User;

import com.management.utils.CodeUtil;

import io.swagger.annotations.ApiParam;

@Controller

public class UserController {

private static final String GET_CODE="/getcode";//验证码
private static final String TO_LOGIN="/tologin";//登陆
private static final String LOG_OUT="/logOut";//退出
private static final String LOG="login1.html";//登陆页
public static final String COOKIE_KEY="LOGIN_COOKIE";//cookie键
public static final String REQUEST_USER="REQUEST_USER";

@Autowired
private RedisTemplate<String, String> redisTemplate;

//生成BCrypt盐
public String encodeByBCrypt(String password) {
	String gensalt = BCrypt.gensalt();
    return BCrypt.hashpw(password, BCrypt.gensalt());
}

@RequestMapping("ii")
@ResponseBody
public String getII() {
	return "Hello World";
}

//生成验证码
@GetMapping(value=GET_CODE)
public void getCode(HttpServletRequest request,HttpServletResponse response,HttpSession session,Exception e) throws IOException {
	
	String uuid = UUID.randomUUID().toString();
	Cookie cookie = new Cookie(COOKIE_KEY, uuid);
	cookie.setHttpOnly(true);
	response.addCookie(cookie);
	try {
	} catch (Exception e1) {
		// TODO Auto-generated catch block
	  e1.printStackTrace();
	}
	
	System.out.println("第六个验证码======================================");
	System.out.println("六 sesssionID"+session.getId());
	
	Object[] objs = CodeUtil.createImage();
	String mm = (String) objs[0];
	System.out.println("code"+mm);
	redisTemplate.opsForValue().set(uuid, (String) objs[0], 1,TimeUnit.MINUTES);
	BufferedImage image = (BufferedImage)objs[1];
	response.setContentType("image/png");
	OutputStream outputStream = response.getOutputStream();
	ImageIO.write(image, "png", outputStream);
}


//登陆权限认证
@GetMapping(value=TO_LOGIN)
@ResponseBody
public ApiResponse login(User user,@ApiParam("密码") @RequestParam("code")String code,HttpServletRequest request,HttpServletResponse response) {
	
    String uuid=null;
	for(Cookie cookie:request.getCookies()) {
		String name = cookie.getName();
		if(COOKIE_KEY.equals(name)) {
		uuid=cookie.getValue();
		}
	}
	
	if(user.getUsername()!=null&&user.getUsername().trim()!=""&&user.getPassword()!=null&&user.getPassword().trim()!="") {
        String imgcode = redisTemplate.opsForValue().get(uuid);
		 if(code==null) {
			 return ApiResponse.ofStatus(Status.NO_CODE);
		 }
		 if(imgcode==null) {
			 return ApiResponse.ofStatus(Status.CODE_OVERTIME);
		 }
		 if(!imgcode.equals(code)) {
			 return ApiResponse.ofStatus(Status.ERROR_CONDE);
		 }
		 
		Subject subject = SecurityUtils.getSubject();
		if(subject.isAuthenticated()) {
			return ApiResponse.ofStatus(Status.USER_LOGINED);
		}
		AuthenticationToken token=new UsernamePasswordToken(user.getUsername(), user.getPassword());
		try {
			subject.login(token);
			Cookie cookie = new Cookie(REQUEST_USER, user.getUsername());
			cookie.setHttpOnly(true);
			response.addCookie(cookie);
			System.out.println("sessionid"+subject.getSession().getId());
			return ApiResponse.ofSuccess();
		} catch (AuthenticationException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
			return ApiResponse.ofStatus(Status.ERROR_USERNAMW_PASSWORD);
		}
	}
	else {
		
		return ApiResponse.ofStatus(Status.NO_USERNAME_PASSWORD);
	}
}

//退出登陆
@GetMapping(value=LOG_OUT)
@ResponseBody
public ApiResponse outLogin() {
	
	Subject subject = SecurityUtils.getSubject();
	if(subject.isAuthenticated()) {
		subject.logout();
		return ApiResponse.ofStatus(Status.LOGOUT_SUCCESS);
	}
	return ApiResponse.ofStatus(Status.LOGING_NOW);
}

}

还是一个个讲

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

这就是登陆操作

下面是我们的自定义realm

package com.management.reaml;

import java.util.List;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Component;

import com.alibaba.dubbo.config.annotation.Reference;

import com.management.domain.user.Permission;

import com.management.domain.user.Role;

import com.management.domain.user.User;

import com.management.interfer.user.PermissionServiceinterfer;

import com.management.interfer.user.RoleServiceinterfer;

import com.management.interfer.user.UserServiceInterfer;

@Component(“loginRealm”)

public class LoginRealm extends AuthorizingRealm{

@Autowired
private UserServiceInterfer userService;

@Reference
private RoleServiceinterfer roleService;

@Reference
private PermissionServiceinterfer permissionService;

@Autowired
private LoginRealm loginRealm;

@Override
//授权
public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
	// TODO Auto-generated method stub
	System.out.println("授权");
	SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
	Subject subject = SecurityUtils.getSubject();
	User user = (User)subject.getPrincipal();
	List<Role>roles=roleService.findByUser(user);
	List<Permission> permission = permissionService.findByUser(user);
	return simpleAuthorizationInfo;
}


@Override 
//认证
public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	
	UsernamePasswordToken usernamePasswordToken=(UsernamePasswordToken)token;
	String username = usernamePasswordToken.getUsername();
	User user=userService.findByUsername(username);
	if(user==null)  {
		return null;
		
	}else {
		return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
	}
}

}

下面一个个说

这里先不说授权操作,只说登陆操作

在这里插入图片描述

这里也把service和dao层一并沾上来

这里是service层

在这里插入图片描述

这里是dao层

在这里插入图片描述

我用的是mybatis所以下面是mapper

在这里插入图片描述

下面是数据库储存信息

在这里插入图片描述

在这里插入图片描述

另外一个节点代码一模一样

这里我们开始测试

先启动8089这个节点

获取密码

在这里插入图片描述

用户名密码登陆成功

在这里插入图片描述

这个节点登陆成功

下面我们来我们来反问另外一个节点信息,注意我们另外一个节点并没有做登陆操作哦,我们来访问一个没有登陆就没有访问权限的url

在这里插入图片描述

说明我们单点登陆操作成功,另外一个节点成功登陆


版权声明:本文为qq_43077857原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。