Shiro进行认证授权

  • Post author:
  • Post category:其他


AuthenticatingRealm类是用来获取数据的类,是一个抽象类,默认获取配置文件中的数据的子类为SimpleAccountRealm,想要获取数据库中的数据需要自己定义一个实现类extends AuthenticatingRealm,该类中只有认证方式。想要即有认证方法,也存在授权方法,需要去继承 AuthorizingRealm 类,该类实现了 AuthenticatingRealm,也是一个抽象类,所以存在两个抽象方法(认证、授权)需要去实现。

AuthonticatingRealm抽象类中存在一个抽象方法doGetAuthenticationInfo用该方法获取数据

实现方式:

  • 默认实现SimpleAccountRealm,获取配置文件中的用户数据
  • 自定义实现:获取数据库中的数据

SimpleAccountRealm:本身不做数据比对,只获取数据

AuthonticatingRealm存在一个进行数据比对的属性:CredentialsMatcher是一个接口,该接口的实现类SimpleCredentialsMatch通过equals方法进行数据比对,由于用户输入的密码,和数据库中通过加盐加密散列的密码一定不会相同,所以不能用equals方法进行比对,需要将默认的比对器转换为HashedCredentialsMatcher比对器

Shiro默认执行SimpleAccountRealm获取配置文件数据,想要获取数据库中的数据步骤:

  • 开发自定义realm extends AuthonticatingRealm
  • 告知shiro使用自定义Realm
  • Shiro集成数据库时需要导入commons-logging包

注意:添加缓存时,需要导入encache自身的依赖

<dependency>
            <groupId>org.ehcache</groupId>
            <artifactId>ehcache</artifactId>
            <version>3.6.3</version>
        </dependency>


Shiro过滤器

@Configuration
public class ShiroFilterConf {
    @Bean//Shiro过滤器  判断请求是否认证成功                  该方法由工厂调用,该形参存在在工厂中,所以可直接注入类型即可
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //过滤器拦截请求  默认不拦截,所以需要进行相关拦截配置
        Map<String, String> map = new HashMap<String, String>();

        map.put("/main/main.jsp", "authc");//添加认证过滤器 拦截所有的请求  没有认证则跳转到登录界面
        map.put("/**", "anon");
        shiroFilterFactoryBean.setSuccessUrl("/main/main.jsp");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);//定义过滤器链(多个过滤器)
        return shiroFilterFactoryBean;
    }

    @Bean
    public SecurityManager getSecurityManager(Realm myRealm, CacheManager cacheManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setCacheManager(cacheManager);
        securityManager.setRealm(myRealm);
        return securityManager;
    }

    @Bean
    public Realm getRealm(CredentialsMatcher hashedCredentialsMatcher) {
        MyRealm myRealm = new MyRealm();
        myRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        return myRealm;
    }

    @Bean
    public CredentialsMatcher getCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(1024);
        return hashedCredentialsMatcher;
    }

    @Bean  
    public CacheManager getCacheManager() {
        EhCacheManager ehCacheManager = new EhCacheManager();
        return ehCacheManager;
    }

}


自定义Realm

public class MyRealm extends AuthorizingRealm {
    @Autowired
    AdminMapper adminMapper;
    @Autowired
    RoleMapper roleMapper;
     @Override //授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();//获得用户名
        //通过该用户名查询该用户的角色
        List<Role> roleList = roleMapper.queryAllRoleByName(primaryPrincipal);

        AuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();//授权信息  添加权限
        //通过角色获取到权限,将权限添加至授权信息中
        if (!roleList.isEmpty()) {
            for (Role role : roleList) {
                List<Authority> authorities = roleMapper.queryAllAuthorityByRole(role.getName());
                ((SimpleAuthorizationInfo) authorizationInfo).addRole(role.getName());
                if (!authorities.isEmpty()) {
                    for (Authority authority : authorities) {
                        //将权限添加到授权信息中
                        ((SimpleAuthorizationInfo) authorizationInfo).addStringPermission(authority.getAuthority());
                    }
                }

            }
        }

        return authorizationInfo;
    }

    @Override //认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username = (String) authenticationToken.getPrincipal();//获取身份信息
        Admin admin = new Admin();
        admin.setName(username);
        Admin admin1 = adminMapper.selectOne(admin);
        AuthenticationInfo authenticationInfo = null;
        if (admin1 != null) {//认证器
            authenticationInfo = new SimpleAuthenticationInfo(admin1.getName(), admin1.getPassword(), ByteSource.Util.bytes(admin1.getSalt()), this.getName());
        }
        return authenticationInfo;
    }
}



版权声明:本文为weixin_44236113原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。