在spring boot项目中配置权限框架shiro
2017-01-05 14:20
597 查看
spring boot技术在国内慢慢流行起来,其版本迭代速度也是相当快,截止当前时间,官方版本稳定版是1.4.3,开发版已经是2.0了,2017的脚步已经启程,2.0还会远吗?
spring自家也有安全框架,也就是security,而在spring boot中使用security似乎也是理所当然。今天我所说的是另一个--shiro。由于对shiro的理解还不是很深,但基本的权限控制是不成问题的,写博客还是想锻炼一下自己的思路,巩固所学的知识,如果有错误还请提出,谢谢。对于spring boot和shiro的知识这里不做讲解,特别是对于spring boot默认大家已经比较熟悉了,那么下面开始:
1.数据库表的设计,共5张表
admin 管理员
字段:id name password
role 角色
字段:id name description
permission 权限
字段:id name description
role_permission 角色权限
字段:id role_id permission_id
admin_role 管理员角色
字段:id admin_id role_id
简单说明各表之间的关系,admin,role,permission三张表作为独立表,role_permission 记录某个角色所拥有的权限,admin_role记录某个管理员拥有的角色。这种设计也就是RBAC模型,建表之后请自行添加测试数据,并创建对应的Model类。
2.在pom.xml中添加shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.3</version>
</dependency>
3.开始各种配置类的创建
①.创建AdminShiro类,代码如下:
@Service
public class AdminShiro {
@Autowired
private AdminRepository adminRepository;
@Autowired
private AdminRoleRepository adminRoleRepository;
@Autowired
private RolePermissionRepository rolePermissionRepository;
@Autowired
private PermissionRepository permissionRepository;
public Admin getAdminByAdminName(String adminName){
Admin admin = adminRepository.findByAdminName(adminName);
return admin;
}
/**
* 根据用户名获取权限授权
*/
public List<String> getPermissionsByAdminName(String adminName){
Admin admin = getAdminByAdminName(adminName);
if (admin == null){
return null;
}
List<String> list = new ArrayList<>();
List<AdminRole> adminRoleList = adminRoleRepository.findAllByAdminId(admin.getId());
for(AdminRole adminRole : adminRoleList){
List<RolePermission> rolePermissionList = rolePermissionRepository.findAllByRoleId(adminRole.getRoleId());
for (RolePermission role : rolePermissionList){
Permission p = permissionRepository.findOne(role.getPermissionId());
list.add(p.getUrl());
}
}
return list;
}
}②.创建MyShiroRealm,并继承AuthorizingRealm,即自定义Realm,代码如下:
public class MyShiroRealm extends AuthorizingRealm {
@Autowired
private AdminShiro adminShiro;
/**
* 读取当前用户所有权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String adminName = (String) principals.fromRealm(getName()).iterator().next();
if (MyUtils.checkNull(new Object[]{adminName})){
List<String> permissions = adminShiro.getPermissionsByAdminName(adminName);
SimpleAuthorizationInfo info = null;
if (permissions.size() > 0){
info = new SimpleAuthorizationInfo();
for (String s : permissions){
info.addStringPermission(s);
}
return info;
}
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken _token) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) _token;
String adminName = token.getUsername();
if (adminName!=null && !adminName.equals("")){
Admin admin = adminShiro.getAdminByAdminName(adminName);
if (admin != null){
return new SimpleAuthenticationInfo(admin.getAdminName(),admin.getPassword(),getName());
}
}
return null;
}
}③.创建ShiroConfiguration类,即shiro配置类,设置验证规则等,代码如下:
public class ShiroConfiguration {
/**
* 设置验证规则
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/manage/admin/logout","anon");
filterChainDefinitionMap.put("/manage/admin/login","anon");
filterChainDefinitionMap.put("/manage/admin/unauthorized","anon");
filterChainDefinitionMap.put("/manage/admin/**","perms[/manage/admin]");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/manage/admin/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/manage/admin/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(myShiroRealm());
return defaultWebSecurityManager;
}
@Bean
public MyShiroRealm myShiroRealm(){
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
配置到此结束,博客新手,不喜勿喷,如有问题,欢迎留言给出您的意见!
spring自家也有安全框架,也就是security,而在spring boot中使用security似乎也是理所当然。今天我所说的是另一个--shiro。由于对shiro的理解还不是很深,但基本的权限控制是不成问题的,写博客还是想锻炼一下自己的思路,巩固所学的知识,如果有错误还请提出,谢谢。对于spring boot和shiro的知识这里不做讲解,特别是对于spring boot默认大家已经比较熟悉了,那么下面开始:
1.数据库表的设计,共5张表
admin 管理员
字段:id name password
role 角色
字段:id name description
permission 权限
字段:id name description
role_permission 角色权限
字段:id role_id permission_id
admin_role 管理员角色
字段:id admin_id role_id
简单说明各表之间的关系,admin,role,permission三张表作为独立表,role_permission 记录某个角色所拥有的权限,admin_role记录某个管理员拥有的角色。这种设计也就是RBAC模型,建表之后请自行添加测试数据,并创建对应的Model类。
2.在pom.xml中添加shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.3</version>
</dependency>
3.开始各种配置类的创建
①.创建AdminShiro类,代码如下:
@Service
public class AdminShiro {
@Autowired
private AdminRepository adminRepository;
@Autowired
private AdminRoleRepository adminRoleRepository;
@Autowired
private RolePermissionRepository rolePermissionRepository;
@Autowired
private PermissionRepository permissionRepository;
public Admin getAdminByAdminName(String adminName){
Admin admin = adminRepository.findByAdminName(adminName);
return admin;
}
/**
* 根据用户名获取权限授权
*/
public List<String> getPermissionsByAdminName(String adminName){
Admin admin = getAdminByAdminName(adminName);
if (admin == null){
return null;
}
List<String> list = new ArrayList<>();
List<AdminRole> adminRoleList = adminRoleRepository.findAllByAdminId(admin.getId());
for(AdminRole adminRole : adminRoleList){
List<RolePermission> rolePermissionList = rolePermissionRepository.findAllByRoleId(adminRole.getRoleId());
for (RolePermission role : rolePermissionList){
Permission p = permissionRepository.findOne(role.getPermissionId());
list.add(p.getUrl());
}
}
return list;
}
}②.创建MyShiroRealm,并继承AuthorizingRealm,即自定义Realm,代码如下:
public class MyShiroRealm extends AuthorizingRealm {
@Autowired
private AdminShiro adminShiro;
/**
* 读取当前用户所有权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String adminName = (String) principals.fromRealm(getName()).iterator().next();
if (MyUtils.checkNull(new Object[]{adminName})){
List<String> permissions = adminShiro.getPermissionsByAdminName(adminName);
SimpleAuthorizationInfo info = null;
if (permissions.size() > 0){
info = new SimpleAuthorizationInfo();
for (String s : permissions){
info.addStringPermission(s);
}
return info;
}
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken _token) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) _token;
String adminName = token.getUsername();
if (adminName!=null && !adminName.equals("")){
Admin admin = adminShiro.getAdminByAdminName(adminName);
if (admin != null){
return new SimpleAuthenticationInfo(admin.getAdminName(),admin.getPassword(),getName());
}
}
return null;
}
}③.创建ShiroConfiguration类,即shiro配置类,设置验证规则等,代码如下:
public class ShiroConfiguration {
/**
* 设置验证规则
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/manage/admin/logout","anon");
filterChainDefinitionMap.put("/manage/admin/login","anon");
filterChainDefinitionMap.put("/manage/admin/unauthorized","anon");
filterChainDefinitionMap.put("/manage/admin/**","perms[/manage/admin]");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/manage/admin/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/manage/admin/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(myShiroRealm());
return defaultWebSecurityManager;
}
@Bean
public MyShiroRealm myShiroRealm(){
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
配置到此结束,博客新手,不喜勿喷,如有问题,欢迎留言给出您的意见!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 在spring boot项目中配置权限框架shiro
- spring boot配置shiro安全框架及用户登录权限验证实现
- 在前后端分离的SpringBoot项目中集成Shiro权限框架
- 在前后端分离的SpringBoot项目中集成Shiro权限框架
- Spring Boot之旅:Java安全框架Apache Shiro基本配置(一)
- 快速搭建springboot框架以及整合ssm+shiro+安装Rabbitmq和Erlang、Mysql下载与配置
- Springboot集成权限管理框架apache shiro
- Shiro权限控制框架 ---SpringMVC+Spring+My batis+Mysql+Maven集成开发Web项目
- Spring Boot + Spring Cloud 实现权限管理系统 后端篇(十一):集成 Shiro 框架
- Spring boot框架项目,使用maven命令将配置文件打包到jar包外,项目运行读取jar外配置文件
- Maven配置Spring+Hibernate Shiro权限控制项目
- 单点登录CAS与权限管理框架Shiro集成------Spring项目方式
- 在SpringBoot项目中使用SpringSecurity权限认证框架
- Maven配置Spring+Hibernate Shiro权限控制项目
- 单点登录cas与权限管理框架shiro集成-spring项目方式
- 单点登录cas与权限管理框架shiro集成------spring项目方式
- SpringMvc + Shiro[数据库存权限] 配置 ;[附git.oschina的项目地址]
- Shiro权限框架及与Spring集成
- 权限控制框架Shiro简单介绍及配置实例
- Java maven项目的搭建,配置web框架以及Spring